Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
CVE-2000-0167
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
CVE-2000-0166
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
CVE-2000-0165
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.
CVE-2000-0164
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
CVE-2000-0163
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
CVE-2000-0162
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
CVE-2000-0161
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
CVE-2000-0160
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
CVE-2000-0159
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.