Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2000-06-06 CVE-2000-0552 Incomplete Cleanup vulnerability in ICQ 2000A
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
local
low complexity
icq CWE-459
5.5
2000-04-28 CVE-2000-0342 Link Following vulnerability in Qualcomm Eudora 4.0
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
network
low complexity
qualcomm CWE-59
7.5
2000-04-23 CVE-2000-0338 Improper Locking vulnerability in Concurrent Versions Software Project Concurrent Versions Software
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
5.5
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-04-12 CVE-2000-0258 Improper Input Validation vulnerability in Microsoft products
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
network
low complexity
microsoft CWE-20
7.5
1999-12-31 CVE-1999-1386 Link Following vulnerability in Perl
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
local
low complexity
perl CWE-59
5.5
1999-12-31 CVE-1999-1324 Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
network
low complexity
hp CWE-307
critical
9.8
1999-12-31 CVE-1999-1127 Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
network
low complexity
microsoft CWE-772
7.5
1999-11-16 CVE-1999-1549 Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
local
low complexity
lynx-project CWE-346
7.8
1999-03-01 CVE-1999-0426 Incorrect Default Permissions vulnerability in Suse Linux 6.0
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
network
low complexity
suse CWE-276
critical
9.8