The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
CVE-2000-1138
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
CVE-2000-1137
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
CVE-2000-1136
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
CVE-2000-1135
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
CVE-2000-1133
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
CVE-2000-1131
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
CVE-2000-1130
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.