Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1530 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2016-10-18 | 3.6 LOW | N/A |
| cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. | |||||
| CVE-1999-1531 | 1 Ibm | 1 Homepageprint | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. | |||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 2.1 LOW | N/A |
| When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | |||||
| CVE-1999-1532 | 1 Netscape | 1 Messaging Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands. | |||||
| CVE-1999-1534 | 1 Knox Software | 1 Arkeia | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable. | |||||
| CVE-1999-1536 | 1 Acushop | 1 Salesbuilder | 2016-10-18 | 7.2 HIGH | N/A |
| .sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file. | |||||
| CVE-1999-1500 | 1 True North | 1 Internet Anywhere Mail Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments. | |||||
| CVE-1999-1501 | 1 Sgi | 1 Irix | 2016-10-18 | 4.6 MEDIUM | N/A |
| (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. | |||||
| CVE-1999-1502 | 1 Id Software | 1 Quake | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command. | |||||
| CVE-1999-1505 | 1 Id Software | 1 Quakeworld | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet. | |||||
| CVE-1999-1508 | 1 Tek | 5 Phaser Network Printer 740, Phaser Network Printer 750, Phaser Network Printer 750dp and 2 more | 2016-10-18 | 10.0 HIGH | N/A |
| Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html. | |||||
| CVE-1999-1509 | 1 Etype | 1 Eserv | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL. | |||||
| CVE-1999-1549 | 1 University Of Kansas | 1 Lynx | 2016-10-18 | 5.0 MEDIUM | N/A |
| Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | |||||
| CVE-1999-1545 | 1 Joes Own Editor | 1 Joe | 2016-10-18 | 2.1 LOW | N/A |
| Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users. | |||||
| CVE-1999-1513 | 1 3com | 1 Superstack Ii Hub | 2016-10-18 | 7.5 HIGH | N/A |
| Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities. | |||||
| CVE-1999-1516 | 1 Tenfour | 1 Tfs Gateway Smtp | 2016-10-18 | 7.5 HIGH | N/A |
| A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string. | |||||
| CVE-1999-1517 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 7.2 HIGH | N/A |
| runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. | |||||
| CVE-1999-1522 | 1 Roxen | 1 Roxen Web Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. | |||||
| CVE-1999-1524 | 1 Flowpoint | 1 Flowpoint Dsl Router | 2016-10-18 | 5.0 MEDIUM | N/A |
| FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port. | |||||
| CVE-1999-1527 | 1 Sun | 2 Forte, Netbeans Developer | 2016-10-18 | 7.5 HIGH | N/A |
| Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server. | |||||
| CVE-1999-1544 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | |||||
| CVE-1999-1528 | 1 Prosoft Engineering | 1 Netware Client | 2016-10-18 | 4.6 MEDIUM | N/A |
| ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session. | |||||
| CVE-1999-1435 | 1 Nec | 1 Socks 5 | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables. | |||||
| CVE-1999-1448 | 1 Qualcomm | 2 Eudora, Eudora Light | 2016-10-18 | 5.0 MEDIUM | N/A |
| Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault. | |||||
| CVE-1999-1440 | 1 Mirabilis | 1 Icq 98a | 2016-10-18 | 5.1 MEDIUM | N/A |
| Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client. | |||||
| CVE-1999-1445 | 1 Slackware | 1 Slackware Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords. | |||||
| CVE-1999-1441 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it. | |||||
| CVE-1999-1443 | 1 Micah Software | 1 Full Armor | 2016-10-18 | 4.6 MEDIUM | N/A |
| Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using <CTRL><ALT><DEL> and kill the process using the task manager, (2) booting the system from a separate disk, or (3) interrupting certain processes that execute while the system is booting. | |||||
| CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2016-10-18 | 7.5 HIGH | N/A |
| Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | |||||
| CVE-1999-1398 | 1 Sgi | 1 Irix | 2016-10-18 | 6.2 MEDIUM | N/A |
| Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. | |||||
| CVE-1999-1399 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. | |||||
| CVE-1999-1400 | 1 The Economist | 1 The Economist 1999 Screen Saver | 2016-10-18 | 2.1 LOW | N/A |
| The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. | |||||
| CVE-1999-1410 | 1 Sgi | 1 Irix | 2016-10-18 | 6.2 MEDIUM | N/A |
| addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. | |||||
| CVE-1999-1405 | 1 Ibm | 1 Aix | 2016-10-18 | 10.0 HIGH | N/A |
| snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a. | |||||
| CVE-1999-1411 | 1 Debian | 1 Debian Linux | 2016-10-18 | 7.5 HIGH | N/A |
| The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp. | |||||
| CVE-1999-1406 | 1 Redhat | 1 Linux | 2016-10-18 | 2.1 LOW | N/A |
| dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. | |||||
| CVE-1999-1407 | 1 Redhat | 1 Linux | 2016-10-18 | 2.1 LOW | N/A |
| ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. | |||||
| CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2016-10-18 | 2.1 LOW | N/A |
| Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. | |||||
| CVE-1999-1409 | 2 Netbsd, Sgi | 2 Netbsd, Irix | 2016-10-18 | 2.1 LOW | N/A |
| The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. | |||||
| CVE-1999-1414 | 1 Ibm | 1 Netfinity Remote Control | 2016-10-18 | 7.2 HIGH | N/A |
| IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. | |||||
| CVE-1999-1436 | 1 Ray Chan | 1 Www Authorization Gateway | 2016-10-18 | 7.5 HIGH | N/A |
| Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. | |||||
| CVE-1999-1420 | 1 N-base | 5 Nh2012, Nh2012r, Nh2015 and 2 more | 2016-10-18 | 10.0 HIGH | N/A |
| NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration. | |||||
| CVE-1999-1421 | 1 N-base | 2 Nh208, Nh215 | 2016-10-18 | 6.4 MEDIUM | N/A |
| NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names. | |||||
| CVE-1999-1422 | 1 Slackware | 1 Slackware Linux | 2016-10-18 | 7.2 HIGH | N/A |
| The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users. | |||||
| CVE-1999-1491 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. | |||||
| CVE-1999-1490 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. | |||||
| CVE-1999-1429 | 1 Dit | 1 Transferpro | 2016-10-18 | 2.1 LOW | N/A |
| DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. | |||||
| CVE-1999-1437 | 1 Ralf S. Engelschall | 1 Eperl | 2016-10-18 | 7.5 HIGH | N/A |
| ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. | |||||
| CVE-1999-1430 | 1 Royal | 1 Davinci | 2016-10-18 | 2.1 LOW | N/A |
| PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. | |||||
| CVE-1999-1469 | 1 Hughes Technologies | 1 W3-auth | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header. | |||||