Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1031 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument. | |||||
| CVE-1999-1006 | 1 Novell | 1 Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. | |||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2016-10-18 | 5.0 MEDIUM | N/A |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||||
| CVE-1999-1060 | 1 Tetrix | 1 Tetrinet | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname. | |||||
| CVE-1999-1068 | 1 Oracle | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-1999-1007 | 1 Vdonet | 1 Vdolive Player | 2016-10-18 | 7.6 HIGH | N/A |
| Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. | |||||
| CVE-1999-1030 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. | |||||
| CVE-1999-1072 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
| CVE-1999-1073 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. | |||||
| CVE-1999-1038 | 1 Tamu | 1 Tiger | 2016-10-18 | 7.2 HIGH | N/A |
| Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. | |||||
| CVE-1999-1054 | 1 Globetrotter | 1 Flexlm | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. | |||||
| CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | |||||
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||||
| CVE-1999-1028 | 1 Symantec | 1 Pcanywhere | 2016-10-18 | 5.0 MEDIUM | N/A |
| Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. | |||||
| CVE-1999-1026 | 1 Sun | 1 Solaris | 2016-10-18 | 7.2 HIGH | N/A |
| aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file. | |||||
| CVE-1999-1041 | 1 Sco | 2 Openserver, Unix | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. | |||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||||
| CVE-1999-1064 | 1 Windowmaker | 1 Windowmaker | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]). | |||||
| CVE-1999-1037 | 1 Coast | 1 Satan | 2016-10-18 | 7.2 HIGH | N/A |
| rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. | |||||
| CVE-1999-1008 | 2 Freebsd, Mandrakesoft | 2 Freebsd, Mandrake Linux | 2016-10-18 | 7.2 HIGH | N/A |
| xsoldier program allows local users to gain root access via a long argument. | |||||
| CVE-1999-1036 | 1 Cops | 1 Cops | 2016-10-18 | 7.2 HIGH | N/A |
| COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. | |||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2016-10-18 | 7.5 HIGH | N/A |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. | |||||
| CVE-1999-1010 | 1 Openbsd | 1 Openssh | 2016-10-18 | 2.1 LOW | N/A |
| An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. | |||||
| CVE-1999-0958 | 1 Todd Miller | 1 Sudo | 2016-10-18 | 7.2 HIGH | N/A |
| sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. | |||||
| CVE-1999-1013 | 1 Ibm | 1 Aix | 2016-10-18 | 7.2 HIGH | N/A |
| named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. | |||||
| CVE-1999-1066 | 1 Sgi | 1 Quake 1 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. | |||||
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | |||||
| CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2016-10-18 | 6.2 MEDIUM | N/A |
| HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. | |||||
| CVE-1999-1045 | 1 Realnetworks | 1 Realserver | 2016-10-18 | 7.8 HIGH | N/A |
| pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. | |||||
| CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2016-10-18 | 7.5 HIGH | N/A |
| Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. | |||||
| CVE-1999-1019 | 1 Cabletron | 1 Spectrum Enterprise Manager | 2016-10-18 | 7.2 HIGH | N/A |
| SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. | |||||
| CVE-1999-1047 | 1 Bsdi | 1 Gauntlet | 2016-10-18 | 7.5 HIGH | N/A |
| When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. | |||||
| CVE-1999-0979 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. | |||||
| CVE-1999-1033 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2016-10-18 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 7.2 HIGH | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||||
| CVE-1999-0941 | 1 Mutt | 1 Mutt | 2016-10-18 | 7.5 HIGH | N/A |
| Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | |||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2016-10-18 | 7.5 HIGH | N/A |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-1999-0864 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | |||||
| CVE-1999-0429 | 1 Ibm | 1 Lotus Notes | 2016-10-18 | 7.5 HIGH | N/A |
| The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. | |||||
| CVE-1999-0865 | 1 Stalker | 1 Communigate Pro | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. | |||||
| CVE-1999-0866 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in UnixWare xauto program allows local users to gain root privilege. | |||||
| CVE-1999-0925 | 1 Messagemedia | 1 Unitymail | 2016-10-18 | 5.0 MEDIUM | N/A |
| UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-1999-0418 | 2016-10-18 | 6.4 MEDIUM | N/A | ||
| Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection. | |||||
| CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2016-10-18 | 4.6 MEDIUM | N/A |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | |||||
| CVE-1999-0788 | 1 Knox Software | 1 Arkeia | 2016-10-18 | 5.0 MEDIUM | N/A |
| Arkiea nlservd allows remote attackers to conduct a denial of service. | |||||
| CVE-1999-0787 | 1 Ssh | 1 Ssh | 2016-10-18 | 2.1 LOW | N/A |
| The SSH authentication agent follows symlinks via a UNIX domain socket. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||