CVE-2000-1002
published 2000-12-11CVE-2000-1002: POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.49%
93.7th percentile
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | cometbft_cometbft | >= 0 < 0.38.17 | 0.38.17 |
| github.com | cometbft_cometbft | >= 1.0.0-alpha.1 < 1.0.1 | 1.0.1 |
| stalker | communigate_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CometBFT allows a malicious peer to make node stuck in blocksync
ghsa·2025-02-03
CVE-2025-24371 [MEDIUM] CWE-703 CometBFT allows a malicious peer to make node stuck in blocksync
CometBFT allows a malicious peer to make node stuck in blocksync
Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync
Component: CometBFT
[OUTDATED] Criticality: Medium (Considerable Impact; Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))
**Update of Criticality on 2026-03-06**: We've made a mistake and over-rated the criticality of this bug in our initial triage. We have calibrated our vulnerability rating internally and updated the criticality of this bug to be Informational (Negligible Impact, Possible Likelihood)
Affected versions: Y`. For example:
```
B: {base: 100, latest: 2000}
B: {base: 100, latest: 1001}
B: {base: 100, latest: 1002}
...
```
`A` will be trying to catch up to
GHSA
GHSA-95jw-8pwr-6x64: POP3 daemon in Stalker CommuniGate Pro 3
ghsa_unreviewed·2022-04-30
CVE-2000-1002 [MEDIUM] GHSA-95jw-8pwr-6x64: POP3 daemon in Stalker CommuniGate Pro 3
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
No detection rules found.
Exploit-DB
PragmaSys TelnetServer 2000 - rexec Buffer Overflow
exploitdb·2000-08-24
CVE-2000-1002 PragmaSys TelnetServer 2000 - rexec Buffer Overflow
PragmaSys TelnetServer 2000 - rexec Buffer Overflow
---
source: https://www.securityfocus.com/bid/1605/info
Pragma Systems offers a windows remote access server called TelnetServer 2000. TelnetServer crashes if more than 1000 NULL characters are sent to its rexec port, 512. This can be executed by an anonymous attacker from anywhere on the internet. It is not known whether this apparent overflow can be exploited to gain access on the victim host.
#!/usr/bin/perl
#########################################################
# Exploit by USSRLabs www.ussrback.com
# send 5k of null causes the server to crash.
#########################################################
#
# ./$0.pl -s -p
#
# Null request DoS
#
use Getopt::Std;
use Socket;
getopts('s:p', \%args);
if(!defined($args{s})){&usage;}
Exploit-DB
Sambar Server 4.2 Beta 7 - Batch CGI
exploitdb·2000-02-24
CVE-2000-0213 Sambar Server 4.2 Beta 7 - Batch CGI
Sambar Server 4.2 Beta 7 - Batch CGI
---
source: https://www.securityfocus.com/bid/1002/info
The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'.
http://target/cgi-bin/hello.bat?&dir+c:or
http://target/cgi-bin/echo.bat?&dir+c:\
No writeups or analysis indexed.
2000-12-11
Published