Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0136 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2022-08-17 | 7.5 HIGH | N/A |
| The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0137 | 1 Cartit | 1 Cartit | 2022-08-17 | 7.5 HIGH | N/A |
| The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0109 | 1 Comstock | 1 Multicsp | 2022-08-17 | 10.0 HIGH | N/A |
| The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords. | |||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2022-08-17 | 5.0 MEDIUM | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | |||||
| CVE-2000-0093 | 1 Redhat | 1 Linux | 2022-08-17 | 10.0 HIGH | N/A |
| An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. | |||||
| CVE-2000-0065 | 1 Avtronics | 1 Inetserv | 2022-08-17 | 10.0 HIGH | N/A |
| Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. | |||||
| CVE-2000-0066 | 1 Oreilly | 1 Website Professional | 2022-08-17 | 5.0 MEDIUM | N/A |
| WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. | |||||
| CVE-2000-0067 | 1 Cybercash | 1 Merchant Connection Kit | 2022-08-17 | 2.1 LOW | N/A |
| CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. | |||||
| CVE-2000-0074 | 1 Powerscripts | 1 Plusmail | 2022-08-17 | 7.5 HIGH | N/A |
| PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. | |||||
| CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2022-08-17 | 10.0 HIGH | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | |||||
| CVE-2000-0084 | 1 Globalscape | 1 Cuteftp | 2022-08-17 | 5.0 MEDIUM | N/A |
| CuteFTP uses weak encryption to store password information in its tree.dat file. | |||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2022-08-17 | 10.0 HIGH | N/A |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. | |||||
| CVE-2000-0085 | 1 Microsoft | 1 Hotmail | 2022-08-17 | 7.5 HIGH | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | |||||
| CVE-2000-0069 | 1 Sun | 1 Solstice Backup | 2022-08-17 | 2.1 LOW | N/A |
| The recover program in Solstice Backup allows local users to restore sensitive files. | |||||
| CVE-2000-0008 | 1 1st Choice Software | 1 Ftppro | 2022-08-17 | 2.1 LOW | N/A |
| FTPPro allows local users to read sensitive information, which is stored in plain text. | |||||
| CVE-2000-0010 | 1 Tony Greenwood | 1 Webwho\+ | 2022-08-17 | 10.0 HIGH | N/A |
| WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. | |||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2022-08-17 | 2.6 LOW | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||
| CVE-2000-0038 | 1 Glftpd | 1 Glftpd | 2022-08-17 | 7.5 HIGH | N/A |
| glFtpD includes a default glftpd user account with a default password and a UID of 0. | |||||
| CVE-2000-0040 | 1 Glftpd | 1 Glftpd | 2022-08-17 | 10.0 HIGH | N/A |
| glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. | |||||
| CVE-2000-0034 | 1 Netscape | 1 Communicator | 2022-08-17 | 5.0 MEDIUM | N/A |
| Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." | |||||