Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1437 | 1 Ralf S. Engelschall | 1 Eperl | 2016-10-18 | 7.5 HIGH | N/A |
| ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. | |||||
| CVE-1999-1454 | 1 Macromedia | 1 Matrix Screen Saver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. | |||||
| CVE-1999-1490 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. | |||||
| CVE-1999-1491 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. | |||||
| CVE-1999-1469 | 1 Hughes Technologies | 1 W3-auth | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header. | |||||
| CVE-1999-1436 | 1 Ray Chan | 1 Www Authorization Gateway | 2016-10-18 | 7.5 HIGH | N/A |
| Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. | |||||
| CVE-1999-1461 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program. | |||||
| CVE-1999-1429 | 1 Dit | 1 Transferpro | 2016-10-18 | 2.1 LOW | N/A |
| DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. | |||||
| CVE-1999-1430 | 1 Royal | 1 Davinci | 2016-10-18 | 2.1 LOW | N/A |
| PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. | |||||
| CVE-1999-1431 | 1 Microsoft | 1 Zero Administration Kit | 2016-10-18 | 4.6 MEDIUM | N/A |
| ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. | |||||
| CVE-1999-1448 | 1 Qualcomm | 2 Eudora, Eudora Light | 2016-10-18 | 5.0 MEDIUM | N/A |
| Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault. | |||||
| CVE-1999-1433 | 1 Hp | 1 Jetadmin | 2016-10-18 | 7.2 HIGH | N/A |
| HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. | |||||
| CVE-1999-1434 | 1 Slackware | 1 Slackware Linux | 2016-10-18 | 7.2 HIGH | N/A |
| login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server. | |||||
| CVE-1999-1435 | 1 Nec | 1 Socks 5 | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables. | |||||
| CVE-1999-1460 | 1 Bmc | 1 Patrol Agent | 2016-10-18 | 7.2 HIGH | N/A |
| BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. | |||||
| CVE-1999-1439 | 1 Gcc | 1 Gcc | 2016-10-18 | 2.1 LOW | N/A |
| gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. | |||||
| CVE-1999-1440 | 1 Mirabilis | 1 Icq 98a | 2016-10-18 | 5.1 MEDIUM | N/A |
| Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client. | |||||
| CVE-1999-1441 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it. | |||||
| CVE-1999-1445 | 1 Slackware | 1 Slackware Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords. | |||||
| CVE-1999-1400 | 1 The Economist | 1 The Economist 1999 Screen Saver | 2016-10-18 | 2.1 LOW | N/A |
| The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. | |||||
| CVE-1999-1410 | 1 Sgi | 1 Irix | 2016-10-18 | 6.2 MEDIUM | N/A |
| addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. | |||||
| CVE-1999-1405 | 1 Ibm | 1 Aix | 2016-10-18 | 10.0 HIGH | N/A |
| snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a. | |||||
| CVE-1999-1406 | 1 Redhat | 1 Linux | 2016-10-18 | 2.1 LOW | N/A |
| dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. | |||||
| CVE-1999-1361 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. | |||||
| CVE-1999-1356 | 1 Compaq | 1 Smartstart | 2016-10-18 | 4.6 MEDIUM | N/A |
| Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. | |||||
| CVE-1999-1357 | 1 Netscape | 1 Communicator | 2016-10-18 | 7.5 HIGH | N/A |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | |||||
| CVE-1999-1366 | 1 David Harris | 1 Pegasus Mail | 2016-10-18 | 3.6 LOW | N/A |
| Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. | |||||
| CVE-1999-1352 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 4.6 MEDIUM | N/A |
| mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges. | |||||
| CVE-1999-1369 | 1 Realnetworks | 1 Realserver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges. | |||||
| CVE-1999-1351 | 1 Kvirc | 1 Irc Client | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request. | |||||
| CVE-1999-1350 | 1 Arcad Systemhaus | 1 Arcad | 2016-10-18 | 4.6 MEDIUM | N/A |
| ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse. | |||||
| CVE-1999-1349 | 1 Xlink Technology | 1 Omni-nfs X Enterprise | 2016-10-18 | 5.0 MEDIUM | N/A |
| NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111. | |||||
| CVE-1999-1372 | 1 Triactive | 1 Remote Management | 2016-10-18 | 4.6 MEDIUM | N/A |
| Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges. | |||||
| CVE-1999-1373 | 1 Fore | 1 Powerhub Software | 2016-10-18 | 5.0 MEDIUM | N/A |
| FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap. | |||||
| CVE-1999-1374 | 1 Arpanet | 1 Perlshop | 2016-10-18 | 5.0 MEDIUM | N/A |
| perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. | |||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1348 | 1 Redhat | 1 Linux | 2016-10-18 | 2.1 LOW | N/A |
| Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service. | |||||
| CVE-1999-1347 | 1 Redhat | 1 Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. | |||||
| CVE-1999-1378 | 1 Dbmlparser.exe | 1 Dbmlparser.exe | 2016-10-18 | 5.0 MEDIUM | N/A |
| dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. | |||||
| CVE-1999-1379 | 1 Dnstools Software | 1 Dnstools | 2016-10-18 | 5.0 MEDIUM | N/A |
| DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker. | |||||
| CVE-1999-1381 | 1 Dbadmin | 1 Dbadmin | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1382 | 1 Novell | 1 Netware | 2016-10-18 | 7.2 HIGH | N/A |
| NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. | |||||
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. | |||||
| CVE-1999-1385 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-1999-1386 | 1 Larry Wall | 1 Perl | 2016-10-18 | 2.1 LOW | N/A |
| Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | |||||
| CVE-1999-1387 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. | |||||
| CVE-1999-1346 | 1 Redhat | 1 Linux | 2016-10-18 | 7.5 HIGH | N/A |
| PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file. | |||||
| CVE-1999-1389 | 1 3com | 1 Total Control Netserver Card | 2016-10-18 | 7.5 HIGH | N/A |
| US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt. | |||||
| CVE-1999-1345 | 1 Auto Ftp | 1 Auto Ftp | 2016-10-18 | 4.6 MEDIUM | N/A |
| Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred. | |||||