search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2000-12-14 2000-09-26 2001-01-17 VU#800893 Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function
2000-12-14 1999-07-29 2001-08-10 VU#3062 Cenroll ActiveX Control allows creation of arbitrary files.
2000-12-12 2000-10-24 2001-01-18 VU#470543 Sun Microsystems Keys exposed and revoked
2000-12-12 2000-12-10 2000-12-12 VU#17566 sysback makes call to hostname without a fully qualified path specification
2000-12-04 2000-09-25 2003-01-27 VU#382365 LPRng can pass user-supplied input as a format string parameter to syslog() calls
2000-11-20 2000-10-10 2001-09-18 VU#111677 Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url
2000-11-16 2000-05-13 2001-01-11 VU#31994 MS ActiveMovieControl Object downloads arbitrary files
2000-11-13 2000-11-13 2001-03-28 VU#626919 Race condition in periodic
2000-11-10 2000-11-07 2001-08-08 VU#715973 ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the "zxfr bug"
2000-11-09 2000-04-26 2004-03-30 VU#24346 Cisco IOS software vulnerable to DoS via HTTP request containing "%%"
2000-11-08 2000-10-25 2004-03-30 VU#683677 Cisco IOS software vulnerable to DoS via HTTP request containing "?/"
2000-11-07 2001-01-18 2001-10-29 VU#684820 SSH-1 allows client authentication to be forwarded by a malicious server to another server
2000-11-07 2000-10-03 2001-03-30 VU#369427 Format string vulnerability in libutil pw_error(3) function
2000-11-03 2001-01-18 2001-10-25 VU#565052 Passwords sent via SSH encrypted with RC4 can be easily cracked
2000-11-02 1999-07-29 2000-11-02 VU#34453 SystemWizard Launch ActiveX Control lacks authentication

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis