Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1565 | 2 Debian, Earl Hood | 2 Debian Linux, Man2html | 2008-09-05 | 4.6 MEDIUM | N/A |
| Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2008-09-05 | 7.5 HIGH | N/A |
| HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
| CVE-1999-1168 | 1 Iss | 1 Internet Security Scanner | 2008-09-05 | 7.2 HIGH | N/A |
| install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2008-09-05 | 6.4 MEDIUM | N/A |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
| CVE-1999-1167 | 1 Third Voice | 1 Third Voice Web | 2008-09-05 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. | |||||
| CVE-1999-0997 | 3 Millenux Gmbh, Redhat, University Of Washington | 3 Anonftp, Linux, Wu-ftpd | 2008-09-05 | 7.5 HIGH | N/A |
| wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. | |||||
| CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). | |||||
| CVE-1999-1102 | 4 Apple, Bsd, Sgi and 1 more | 4 A Ux, Bsd, Irix and 1 more | 2008-09-05 | 2.1 LOW | N/A |
| lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. | |||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2008-09-05 | 1.2 LOW | N/A |
| Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | |||||
| CVE-1999-0923 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. | |||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | |||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
| CVE-1999-0812 | 1 Samba | 1 Samba | 2008-09-05 | 7.6 HIGH | N/A |
| Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | |||||
| CVE-1999-1196 | 1 Hummingbird | 1 Exceed | 2008-09-05 | 5.0 MEDIUM | N/A |
| Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. | |||||
| CVE-1999-1057 | 1 Digital | 1 Vms | 2008-09-05 | 4.6 MEDIUM | N/A |
| VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | |||||
| CVE-1999-1059 | 1 Att | 1 Svr4 | 2008-09-05 | 10.0 HIGH | N/A |
| Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-0992 | 1 Hp | 1 Vvos | 2008-09-05 | 10.0 HIGH | N/A |
| HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). | |||||
| CVE-1999-1070 | 1 Xylogics | 1 Annex | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. | |||||
| CVE-1999-1197 | 1 Sun | 1 Sunos | 2008-09-05 | 7.2 HIGH | N/A |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. | |||||
| CVE-1999-1078 | 1 Ipswitch | 1 Ws Ftp Pro | 2008-09-05 | 7.5 HIGH | N/A |
| WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. | |||||
| CVE-1999-1166 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.2 HIGH | N/A |
| Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. | |||||
| CVE-1999-1098 | 1 Bsd | 1 Bsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. | |||||
| CVE-1999-1198 | 1 Next | 1 Next | 2008-09-05 | 7.2 HIGH | N/A |
| BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. | |||||
| CVE-1999-1103 | 1 Digital | 1 Osf 1 | 2008-09-05 | 4.6 MEDIUM | N/A |
| dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. | |||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | |||||
| CVE-1999-1012 | 1 Lotus | 1 Domino | 2008-09-05 | 5.0 MEDIUM | N/A |
| SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. | |||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2008-09-05 | 10.0 HIGH | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-1999-0940 | 1 Mutt | 1 Mutt Mail Client | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. | |||||
| CVE-1999-1190 | 1 Admiral Systems | 1 Emailclub | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message. | |||||
| CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2008-09-05 | 10.0 HIGH | N/A |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
| CVE-1999-1181 | 1 Sgi | 1 Irix | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. | |||||
| CVE-1999-1179 | 1 Sysadmin Magazine | 1 Man.sh | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-0810 | 1 Samba | 1 Samba | 2008-09-05 | 10.0 HIGH | N/A |
| Denial of service in Samba NETBIOS name service daemon (nmbd). | |||||
| CVE-1999-1172 | 1 Maximizer | 1 Maximizer Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. | |||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2008-09-05 | 10.0 HIGH | N/A |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. | |||||
| CVE-1999-0847 | 1 Freechess.org | 1 Fics Program | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in free internet chess server (FICS) program, xboard. | |||||
| CVE-1999-0400 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.6 MEDIUM | N/A |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. | |||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | |||||
| CVE-1999-0581 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. | |||||
| CVE-1999-0744 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. | |||||
| CVE-1999-0579 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | |||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A system-critical Windows NT file or directory has inappropriate permissions. | |||||
| CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. | |||||
| CVE-1999-0578 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||||
| CVE-1999-0784 | 1 Oracle | 1 Database Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. | |||||
| CVE-1999-0451 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. | |||||
| CVE-1999-0730 | 1 Debian | 1 Debian Linux | 2008-09-05 | 10.0 HIGH | N/A |
| The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. | |||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2008-09-05 | 10.0 HIGH | N/A |
| rpc.admind in Solaris is not running in a secure mode. | |||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | |||||
| CVE-1999-0460 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. | |||||