Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0923 1 Allaire 1 Coldfusion Server 2008-09-05 7.5 HIGH N/A
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
CVE-1999-1057 1 Digital 1 Vms 2008-09-05 4.6 MEDIUM N/A
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
CVE-1999-0817 1 University Of Kansas 1 Lynx 2008-09-05 10.0 HIGH N/A
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
CVE-1999-1103 1 Digital 1 Osf 1 2008-09-05 4.6 MEDIUM N/A
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
CVE-1999-1115 1 Hp 1 Apollo Domain Os 2008-09-05 7.2 HIGH N/A
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
CVE-1999-1196 1 Hummingbird 1 Exceed 2008-09-05 5.0 MEDIUM N/A
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
CVE-1999-1197 1 Sun 1 Sunos 2008-09-05 7.2 HIGH N/A
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
CVE-1999-1198 1 Next 1 Next 2008-09-05 7.2 HIGH N/A
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
CVE-1999-0894 1 Redhat 1 Linux 2008-09-05 10.0 HIGH N/A
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
CVE-1999-0992 1 Hp 1 Vvos 2008-09-05 10.0 HIGH N/A
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
CVE-1999-1012 1 Lotus 1 Domino 2008-09-05 5.0 MEDIUM N/A
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
CVE-1999-1051 1 Matt Wright 1 Formhandler.cgi 2008-09-05 5.0 MEDIUM N/A
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2008-09-05 7.5 HIGH N/A
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-1999-1105 1 Microsoft 1 Windows 95 2008-09-05 5.0 MEDIUM N/A
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
CVE-1999-0579 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
CVE-1999-0581 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
CVE-1999-0560 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
A system-critical Windows NT file or directory has inappropriate permissions.
CVE-1999-0460 1 Linux 1 Linux Kernel 2008-09-05 2.1 LOW N/A
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
CVE-1999-0578 1 Microsoft 1 Windows Nt 2008-09-05 4.6 MEDIUM N/A
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
CVE-1999-0570 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
CVE-1999-0451 1 Linux 1 Linux Kernel 2008-09-05 2.1 LOW N/A
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
CVE-1999-0568 1 Sun 1 Solaris 2008-09-05 10.0 HIGH N/A
rpc.admind in Solaris is not running in a secure mode.
CVE-1999-0744 1 Netscape 2 Enterprise Server, Fasttrack Server 2008-09-05 7.5 HIGH N/A
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
CVE-1999-0577 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
CVE-1999-0400 1 Linux 1 Linux Kernel 2008-09-05 4.6 MEDIUM N/A
Denial of service in Linux 2.2.0 running the ldd command on a core file.
CVE-1999-0730 1 Debian 1 Debian Linux 2008-09-05 10.0 HIGH N/A
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
CVE-1999-0453 1 Cisco 1 Router 2008-09-05 5.0 MEDIUM N/A
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).
CVE-1999-0477 1 Allaire 1 Coldfusion Server 2008-09-05 7.5 HIGH N/A
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
CVE-1999-0784 1 Oracle 1 Database Server 2008-09-05 5.0 MEDIUM N/A
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
CVE-1999-0299 1 Freebsd 1 Freebsd 2008-09-05 9.3 HIGH N/A
Buffer overflow in FreeBSD lpd through long DNS hostnames.
CVE-1999-0248 1 Ssh 1 Ssh 2008-09-05 10.0 HIGH N/A
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
CVE-1999-0119 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
Windows NT 4.0 beta allows users to read and delete shares.
CVE-1999-0231 1 Seattle Lab Software 1 Slmail 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access.
CVE-1999-0053 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
TCP RST denial of service in FreeBSD.
CVE-1999-0285 1 Microsoft 1 Windows Nt 2008-09-05 10.0 HIGH N/A
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
CVE-1999-0123 1 Slackware 1 Slackware Linux 2008-09-05 3.7 LOW N/A
Race condition in Linux mailx command allows local users to read user files.
CVE-1999-0140 1 Microsoft 1 Windows Nt 2008-09-05 5.0 MEDIUM N/A
Denial of service in RAS/PPTP on NT systems.
CVE-1999-0088 1 Ibm 1 Aix 2008-09-05 10.0 HIGH N/A
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
CVE-1999-0089 1 Ibm 1 Aix 2008-09-05 7.2 HIGH N/A
Buffer overflow in AIX libDtSvc library can allow local users to gain root access.
CVE-2008-3939 1 Avtech 1 Pager Enterprise 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
CVE-2008-3937 1 Opendb 1 Opendb 2008-09-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
CVE-2008-3938 1 Opendb 1 Opendb 2008-09-05 5.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2008-3935 1 D-ic 2 Shop V50, Shop V52 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2173 1 Yamaha 1 Router 2008-09-05 7.1 HIGH N/A
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2170 1 Century Software 1 Router 2008-09-05 7.1 HIGH N/A
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2169 2 Avici, Hitachi 4 Router, Gr2000, Gr3000 and 1 more 2008-09-05 7.1 HIGH N/A
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-2004-2182 1 Macromedia 1 Jrun 2008-09-05 7.5 HIGH N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2004-2706 1 Phrozensmoke 1 Gyach Enhanced 2008-09-05 5.0 MEDIUM N/A
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
CVE-2002-2230 1 Ikonboard 1 Ikonboard 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328.