Weekly Vulnerabilities Reports > April 3 to 9, 2000
Overview
12 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 10 vendors including Symantec, Microsoft, HP, Apple, and Realnetworks. Vulnerabilities are notably categorized as and "7PK - Security Features".
- 10 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities are exploitable by an anonymous user.
- Symantec has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Symantec has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-04-06 | CVE-2000-0300 | Symantec | Unspecified vulnerability in Symantec Pcanywhere 9.0 The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts. | 10.0 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-04-07 | CVE-2000-0298 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | 7.2 |
| 2000-04-03 | CVE-2000-0277 | Microsoft | 7PK - Security Features vulnerability in Microsoft Excel 2000/97 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. | 7.2 |
8 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-04-03 | CVE-2000-0297 | Allaire | Unspecified vulnerability in Allaire Forums 2.0.5 Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. | 6.4 |
| 2000-04-09 | CVE-2000-0273 | Symantec | Unspecified vulnerability in Symantec Pcanywhere 8.0/9.0 PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. | 5.0 |
| 2000-04-07 | CVE-2000-0279 | BE | Unspecified vulnerability in BE Beos 4.0/4.5/5.0 BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. | 5.0 |
| 2000-04-06 | CVE-2000-0301 | Ipswitch | Unspecified vulnerability in Ipswitch Imail Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. | 5.0 |
| 2000-04-06 | CVE-2000-0251 | HP | Unspecified vulnerability in HP Hp-Ux and Vvos HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. | 5.0 |
| 2000-04-05 | CVE-2000-0255 | Nbase Xyplex | Unspecified vulnerability in Nbase-Xyplex Edgeblaster 1.0 The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. | 5.0 |
| 2000-04-04 | CVE-2000-0299 | Apple | Unspecified vulnerability in Apple Webobjects 4.5 Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. | 5.0 |
| 2000-04-03 | CVE-2000-0634 | Stalker | Unspecified vulnerability in Stalker Communigate PRO 3.2.4 The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-04-03 | CVE-2000-0280 | Realnetworks | Buffer Overflow vulnerability in Real Networks RealPlayer 6/7 Location Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL. | 2.6 |