LiveActive security incident?Get immediate response
CVE archive

2000 CVE Archive

Browse CVE records published in 2000 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1236 matching CVEs · Page 2 of 25.

Unknown · CVSS Not scored

CVE-2000-1209: The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server...

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Published Aug 10, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1081: The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not prop...

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1096: crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that th...

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Published Jan 22, 2001 · Updated Aug 8, 2024