Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
CVE-2000-0087
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
CVE-2000-0086
Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.
CVE-2000-0085
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
CVE-2000-0084
CuteFTP uses weak encryption to store password information in its tree.dat file.
CVE-2000-0083
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
CVE-2000-0082
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
CVE-2000-0081
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
CVE-2000-0080
AIX techlibss allows local users to overwrite files via a symlink attack.
CVE-2000-0079
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.