Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1580 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2008-09-05 | 7.2 HIGH | N/A |
| SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. | |||||
| CVE-1999-1584 | 1 Sun | 2 Openwindows, Sunos | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. | |||||
| CVE-1999-1449 | 1 Sun | 1 Sunos | 2008-09-05 | 2.1 LOW | N/A |
| SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. | |||||
| CVE-1999-1588 | 1 Sun | 1 Solaris | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. | |||||
| CVE-1999-1590 | 1 Wwwcount | 1 Wwwcount | 2008-09-05 | 3.5 LOW | N/A |
| Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021. | |||||
| CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||
| CVE-1999-1592 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. | |||||
| CVE-1999-1428 | 1 Sun | 1 Solstice Adminsuite | 2008-09-05 | 6.2 MEDIUM | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||||
| CVE-1999-1321 | 1 Mit | 1 Kerberos | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. | |||||
| CVE-1999-1320 | 1 Novell | 1 Netware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. | |||||
| CVE-1999-1315 | 1 Dec | 1 Dec Openvms | 2008-09-05 | 4.6 MEDIUM | N/A |
| Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service. | |||||
| CVE-1999-1307 | 1 Novell | 1 Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges. | |||||
| CVE-1999-1306 | 1 Cisco | 1 Ios | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. | |||||
| CVE-1999-1487 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system. | |||||
| CVE-1999-1564 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. | |||||
| CVE-1999-1471 | 1 Bsd | 1 Bsd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field. | |||||
| CVE-1999-1301 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.5 HIGH | N/A |
| A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs. | |||||
| CVE-1999-1480 | 1 Ibm | 1 Aix | 2008-09-05 | 1.2 LOW | N/A |
| (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack. | |||||
| CVE-1999-1300 | 1 Cray | 1 Unicos | 2008-09-05 | 3.6 LOW | N/A |
| Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration. | |||||
| CVE-1999-1483 | 1 Svgalib | 1 Svgalib | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-1999-1426 | 1 Sun | 1 Solstice Adminsuite | 2008-09-05 | 6.2 MEDIUM | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. | |||||
| CVE-1999-1499 | 1 Isc | 1 Bind | 2008-09-05 | 2.1 LOW | N/A |
| named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. | |||||
| CVE-1999-1489 | 1 Slackware | 1 Slackware Linux | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument. | |||||
| CVE-1999-1488 | 1 Ibm | 1 System Data Repository | 2008-09-05 | 5.0 MEDIUM | N/A |
| sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication. | |||||
| CVE-1999-1424 | 1 Sun | 1 Solstice Adminsuite | 2008-09-05 | 6.2 MEDIUM | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries. | |||||
| CVE-1999-1438 | 1 Sun | 1 Sunos | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments. | |||||
| CVE-1999-1418 | 1 Mirabilis | 1 Icq Web Front | 2008-09-05 | 5.0 MEDIUM | N/A |
| ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). | |||||
| CVE-1999-1415 | 1 Digital | 1 Ultrix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. | |||||
| CVE-1999-1482 | 1 Svgalib | 1 Zgv | 2008-09-05 | 7.2 HIGH | N/A |
| SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes. | |||||
| CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2008-09-05 | 10.0 HIGH | N/A |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
| CVE-1999-1057 | 1 Digital | 1 Vms | 2008-09-05 | 4.6 MEDIUM | N/A |
| VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | |||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | |||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2008-09-05 | 1.2 LOW | N/A |
| Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | |||||
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2008-09-05 | 6.4 MEDIUM | N/A |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
| CVE-1999-1167 | 1 Third Voice | 1 Third Voice Web | 2008-09-05 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. | |||||
| CVE-1999-1168 | 1 Iss | 1 Internet Security Scanner | 2008-09-05 | 7.2 HIGH | N/A |
| install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-1999-1172 | 1 Maximizer | 1 Maximizer Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. | |||||
| CVE-1999-1179 | 1 Sysadmin Magazine | 1 Man.sh | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1012 | 1 Lotus | 1 Domino | 2008-09-05 | 5.0 MEDIUM | N/A |
| SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. | |||||
| CVE-1999-1181 | 1 Sgi | 1 Irix | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. | |||||
| CVE-1999-0997 | 3 Millenux Gmbh, Redhat, University Of Washington | 3 Anonftp, Linux, Wu-ftpd | 2008-09-05 | 7.5 HIGH | N/A |
| wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. | |||||
| CVE-1999-1190 | 1 Admiral Systems | 1 Emailclub | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message. | |||||
| CVE-1999-0992 | 1 Hp | 1 Vvos | 2008-09-05 | 10.0 HIGH | N/A |
| HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). | |||||
| CVE-1999-1196 | 1 Hummingbird | 1 Exceed | 2008-09-05 | 5.0 MEDIUM | N/A |
| Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. | |||||
| CVE-1999-1197 | 1 Sun | 1 Sunos | 2008-09-05 | 7.2 HIGH | N/A |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. | |||||
| CVE-1999-1198 | 1 Next | 1 Next | 2008-09-05 | 7.2 HIGH | N/A |
| BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. | |||||
| CVE-1999-1166 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.2 HIGH | N/A |
| Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. | |||||
| CVE-1999-1102 | 4 Apple, Bsd, Sgi and 1 more | 4 A Ux, Bsd, Irix and 1 more | 2008-09-05 | 2.1 LOW | N/A |
| lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. | |||||
| CVE-1999-0940 | 1 Mutt | 1 Mutt Mail Client | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. | |||||