Количество 343 004
Количество 343 004
CVE-2000-0085
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
CVE-2000-0084
CuteFTP uses weak encryption to store password information in its tree.dat file.
CVE-2000-0083
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
CVE-2000-0082
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
CVE-2000-0081
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
CVE-2000-0080
AIX techlibss allows local users to overwrite files via a symlink attack.
CVE-2000-0079
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
CVE-2000-0078
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
CVE-2000-0077
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
CVE-2000-0076
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
CVE-2000-0075
Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.
CVE-2000-0074
PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.
CVE-2000-0073
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
CVE-2000-0072
Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.
CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-2000-0070
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
CVE-2000-0069
The recover program in Solstice Backup allows local users to restore sensitive files.
CVE-2000-0068
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
CVE-2000-0067
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
CVE-2000-0066
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2000-0085 Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | CVSS2: 7.5 | 12% Средний | больше 26 лет назад |
| CVE-2000-0084 CuteFTP uses weak encryption to store password information in its tree.dat file. | CVSS2: 5 | 0% Низкий | больше 26 лет назад |
| CVE-2000-0083 HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. | CVSS2: 4.6 | 0% Низкий | почти 26 лет назад |
| CVE-2000-0082 WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. | CVSS2: 5 | 37% Средний | больше 26 лет назад |
| CVE-2000-0081 Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | CVSS2: 10 | 29% Средний | больше 26 лет назад |
| CVE-2000-0080 AIX techlibss allows local users to overwrite files via a symlink attack. | CVSS2: 2.1 | 0% Низкий | больше 26 лет назад |
| CVE-2000-0079 The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. | CVSS2: 7.5 | 1% Низкий | около 26 лет назад |
| CVE-2000-0078 The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. | CVSS2: 7.2 | 0% Низкий | больше 26 лет назад |
| CVE-2000-0077 The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. | CVSS2: 7.2 | 1% Низкий | больше 26 лет назад |
| CVE-2000-0076 nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. | CVSS2: 2.1 | 0% Низкий | больше 26 лет назад |
| CVE-2000-0075 Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. | CVSS2: 5 | 6% Низкий | около 26 лет назад |
| CVE-2000-0074 PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. | CVSS2: 7.5 | 6% Низкий | около 26 лет назад |
| CVE-2000-0073 Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. | CVSS2: 5 | 34% Средний | больше 26 лет назад |
| CVE-2000-0072 Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. | CVSS2: 4.6 | 0% Низкий | около 26 лет назад |
| CVE-2000-0071 IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | CVSS2: 5 | 71% Высокий | около 26 лет назад |
| CVE-2000-0070 NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." | CVSS2: 7.2 | 2% Низкий | около 26 лет назад |
| CVE-2000-0069 The recover program in Solstice Backup allows local users to restore sensitive files. | CVSS2: 2.1 | 0% Низкий | больше 26 лет назад |
| CVE-2000-0068 daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. | CVSS2: 7.5 | 1% Низкий | больше 26 лет назад |
| CVE-2000-0067 CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. | CVSS2: 2.1 | 0% Низкий | около 26 лет назад |
| CVE-2000-0066 WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. | CVSS2: 5 | 1% Низкий | около 26 лет назад |
Уязвимостей на страницу