Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1031 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument. | |||||
| CVE-1999-1038 | 1 Tamu | 1 Tiger | 2016-10-18 | 7.2 HIGH | N/A |
| Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. | |||||
| CVE-1999-1030 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. | |||||
| CVE-1999-1024 | 1 Lbl | 1 Tcpdump | 2016-10-18 | 7.5 HIGH | N/A |
| ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||||
| CVE-1999-1006 | 1 Novell | 1 Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. | |||||
| CVE-1999-1028 | 1 Symantec | 1 Pcanywhere | 2016-10-18 | 5.0 MEDIUM | N/A |
| Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. | |||||
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||||
| CVE-1999-0958 | 1 Todd Miller | 1 Sudo | 2016-10-18 | 7.2 HIGH | N/A |
| sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. | |||||
| CVE-1999-1073 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. | |||||
| CVE-1999-1072 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
| CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2016-10-18 | 6.2 MEDIUM | N/A |
| HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. | |||||
| CVE-1999-1041 | 1 Sco | 2 Openserver, Unix | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. | |||||
| CVE-1999-1068 | 1 Oracle | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2016-10-18 | 5.0 MEDIUM | N/A |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||||
| CVE-1999-1066 | 1 Sgi | 1 Quake 1 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. | |||||
| CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2016-10-18 | 7.5 HIGH | N/A |
| Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. | |||||
| CVE-1999-1047 | 1 Bsdi | 1 Gauntlet | 2016-10-18 | 7.5 HIGH | N/A |
| When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. | |||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2016-10-18 | 7.5 HIGH | N/A |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. | |||||
| CVE-1999-0393 | 1 Eric Allman | 1 Sendmail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. | |||||
| CVE-1999-0808 | 1 Isc | 1 Dhcp Client | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. | |||||
| CVE-1999-0464 | 1 Tripwire | 1 Tripwire | 2016-10-18 | 2.1 LOW | N/A |
| Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. | |||||
| CVE-1999-0250 | 1 Dan Bernstein | 1 Qmail | 2016-10-18 | 10.0 HIGH | N/A |
| Denial of service in Qmail through long SMTP commands. | |||||
| CVE-1999-0283 | 2016-10-18 | 10.0 HIGH | N/A | ||
| The Java Web Server would allow remote users to obtain the source code for CGI programs. | |||||
| CVE-1999-0947 | 1 An | 1 An-httpd | 2016-10-18 | 7.5 HIGH | N/A |
| AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. | |||||
| CVE-1999-0946 | 1 Yamaha | 1 Midiplug | 2016-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. | |||||
| CVE-1999-0941 | 1 Mutt | 1 Mutt | 2016-10-18 | 7.5 HIGH | N/A |
| Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | |||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2016-10-18 | 7.5 HIGH | N/A |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2016-10-18 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-1999-0118 | 1 Ibm | 1 Aix | 2016-10-18 | 7.2 HIGH | N/A |
| AIX infod allows local users to gain root access through an X display. | |||||
| CVE-1999-0925 | 1 Messagemedia | 1 Unitymail | 2016-10-18 | 5.0 MEDIUM | N/A |
| UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-1999-0913 | 1 Network Security Wizards | 1 Dragon-fire Ids | 2016-10-18 | 10.0 HIGH | N/A |
| dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. | |||||
| CVE-1999-0897 | 1 Apple | 1 Ichat Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-1999-0604 | 1 Selena Sol | 1 Selena Sol Webstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. | |||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. | |||||
| CVE-1999-0429 | 1 Ibm | 1 Lotus Notes | 2016-10-18 | 7.5 HIGH | N/A |
| The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. | |||||
| CVE-1999-0609 | 1 Mercantec | 1 Softcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. | |||||
| CVE-1999-0610 | 1 Mountain Network Systems | 1 Webcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Webcart CGI program could disclose private information. | |||||
| CVE-1999-0661 | 2016-10-18 | 10.0 HIGH | N/A | ||
| A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. | |||||
| CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2016-10-18 | 4.6 MEDIUM | N/A |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | |||||
| CVE-1999-0418 | 2016-10-18 | 6.4 MEDIUM | N/A | ||
| Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection. | |||||
| CVE-1999-0866 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in UnixWare xauto program allows local users to gain root privilege. | |||||
| CVE-1999-0865 | 1 Stalker | 1 Communigate Pro | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. | |||||
| CVE-1999-0864 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-1999-0403 | 1 Cyrix | 1 Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. | |||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 7.2 HIGH | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||||
| CVE-1999-0787 | 1 Ssh | 1 Ssh | 2016-10-18 | 2.1 LOW | N/A |
| The SSH authentication agent follows symlinks via a UNIX domain socket. | |||||