Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2001-03-26 CVE-2001-0195 Improper Preservation of Permissions vulnerability in Debian Linux 2.2
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
local
low complexity
debian CWE-281
7.8
2001-02-12 CVE-2001-0006 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
local
low complexity
microsoft CWE-732
7.1
2001-01-09 CVE-2000-1178 Link Following vulnerability in Joseph Allen JOE 2.8
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
local
low complexity
joseph-allen CWE-59
5.5
2000-12-19 CVE-2000-0972 Link Following vulnerability in HP Hp-Ux 11.00
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
local
low complexity
hp CWE-59
5.5
2000-12-19 CVE-2000-0944 Insufficiently Protected Credentials vulnerability in CGI Script Center News Update 1.1
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
network
low complexity
cgi CWE-522
critical
9.8
2000-06-08 CVE-2000-0499 Improper Handling of Case Sensitivity vulnerability in BEA Weblogic Server
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
bea CWE-178
7.5
2000-06-08 CVE-2000-0498 Improper Handling of Case Sensitivity vulnerability in Unify Ewave Servletexec
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
unify CWE-178
7.5
2000-06-08 CVE-2000-0497 Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
ibm CWE-178
7.5
2000-06-06 CVE-2000-0552 Incomplete Cleanup vulnerability in ICQ 2000A
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
local
low complexity
icq CWE-459
5.5
2000-04-28 CVE-2000-0342 Link Following vulnerability in Qualcomm Eudora 4.0
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
network
low complexity
qualcomm CWE-59
7.5