Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-12-11 | CVE-2000-1008 | Unspecified vulnerability in Palm OS PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. | 4.6 |
| 2000-12-11 | CVE-2000-1007 | Unspecified vulnerability in Symantec I-Gear 3.5/3.5.7 I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | 5.0 |
| 2000-12-11 | CVE-2000-1006 | Unspecified vulnerability in Microsoft Exchange Server 5.5 Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. | 5.0 |
| 2000-12-11 | CVE-2000-1005 | Unspecified vulnerability in Extropia Webstore 1.0/2.0 Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2000-12-11 | CVE-2000-1004 | Unspecified vulnerability in Openbsd Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | 4.6 |
| 2000-12-11 | CVE-2000-1002 | Unspecified vulnerability in Stalker Communigate PRO 3.3.2 POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. | 5.0 |
| 2000-12-11 | CVE-2000-1000 | Unspecified vulnerability in AOL Instant Messenger 4.1.2010 Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. | 5.0 |
| 2000-11-23 | CVE-2000-1224 | Unspecified vulnerability in Caucho Technology Resin 1.1.5/1.2 Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others. | 5.0 |
| 2000-11-21 | CVE-2000-1217 | Unspecified vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. | 4.6 |
| 2000-11-14 | CVE-2000-0883 | Unspecified vulnerability in Mandrakesoft Mandrake Linux 6.1/7.0/7.1 The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. | 5.0 |