Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1130 | 1 Netscape | 1 Enterprise Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-1999-1139 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. | |||||
| CVE-1999-1152 | 1 Compaq Microcom | 1 Microcom 6000 Access Integrator | 2016-10-18 | 5.0 MEDIUM | N/A |
| Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | |||||
| CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2016-10-18 | 10.0 HIGH | N/A |
| Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. | |||||
| CVE-1999-1161 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. | |||||
| CVE-1999-1163 | 1 Hp | 1 9000 | 2016-10-18 | 7.5 HIGH | N/A |
| Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. | |||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | |||||
| CVE-1999-1165 | 1 Gnu | 1 Fingerd | 2016-10-18 | 7.2 HIGH | N/A |
| GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. | |||||
| CVE-1999-1173 | 1 Corel | 1 Wordperfect | 2016-10-18 | 2.1 LOW | N/A |
| Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack. | |||||
| CVE-1999-1176 | 2 Aaron Ledbetter, Jidentd | 2 Cidentd, Jidentd | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script. | |||||
| CVE-1999-1182 | 6 Caldera, Debian, Delix and 3 more | 6 Openlinux Lite, Debian Linux, Dld and 3 more | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. | |||||
| CVE-1999-0958 | 1 Todd Miller | 1 Sudo | 2016-10-18 | 7.2 HIGH | N/A |
| sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. | |||||
| CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2016-10-18 | 6.2 MEDIUM | N/A |
| HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. | |||||
| CVE-1999-0979 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. | |||||
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | |||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||||
| CVE-1999-1006 | 1 Novell | 1 Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. | |||||
| CVE-1999-1007 | 1 Vdonet | 1 Vdolive Player | 2016-10-18 | 7.6 HIGH | N/A |
| Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. | |||||
| CVE-1999-1008 | 2 Freebsd, Mandrakesoft | 2 Freebsd, Mandrake Linux | 2016-10-18 | 7.2 HIGH | N/A |
| xsoldier program allows local users to gain root access via a long argument. | |||||
| CVE-1999-1010 | 1 Openbsd | 1 Openssh | 2016-10-18 | 2.1 LOW | N/A |
| An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. | |||||
| CVE-1999-1013 | 1 Ibm | 1 Aix | 2016-10-18 | 7.2 HIGH | N/A |
| named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. | |||||
| CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2016-10-18 | 7.5 HIGH | N/A |
| Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. | |||||
| CVE-1999-1018 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 7.5 HIGH | N/A |
| IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. | |||||
| CVE-1999-1019 | 1 Cabletron | 1 Spectrum Enterprise Manager | 2016-10-18 | 7.2 HIGH | N/A |
| SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. | |||||
| CVE-1999-1024 | 1 Lbl | 1 Tcpdump | 2016-10-18 | 7.5 HIGH | N/A |
| ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||||
| CVE-1999-1026 | 1 Sun | 1 Solaris | 2016-10-18 | 7.2 HIGH | N/A |
| aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file. | |||||
| CVE-1999-1028 | 1 Symantec | 1 Pcanywhere | 2016-10-18 | 5.0 MEDIUM | N/A |
| Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. | |||||
| CVE-1999-1030 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. | |||||
| CVE-1999-1031 | 1 Behold Software | 1 Web Page Counter | 2016-10-18 | 5.0 MEDIUM | N/A |
| counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument. | |||||
| CVE-1999-1033 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||||
| CVE-1999-1036 | 1 Cops | 1 Cops | 2016-10-18 | 7.2 HIGH | N/A |
| COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. | |||||
| CVE-1999-1037 | 1 Coast | 1 Satan | 2016-10-18 | 7.2 HIGH | N/A |
| rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. | |||||
| CVE-1999-1038 | 1 Tamu | 1 Tiger | 2016-10-18 | 7.2 HIGH | N/A |
| Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. | |||||
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||||
| CVE-1999-1041 | 1 Sco | 2 Openserver, Unix | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. | |||||
| CVE-1999-1045 | 1 Realnetworks | 1 Realserver | 2016-10-18 | 7.8 HIGH | N/A |
| pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. | |||||
| CVE-1999-1047 | 1 Bsdi | 1 Gauntlet | 2016-10-18 | 7.5 HIGH | N/A |
| When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. | |||||
| CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | |||||
| CVE-1999-1054 | 1 Globetrotter | 1 Flexlm | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. | |||||
| CVE-1999-1060 | 1 Tetrix | 1 Tetrinet | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname. | |||||
| CVE-1999-1064 | 1 Windowmaker | 1 Windowmaker | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]). | |||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2016-10-18 | 7.5 HIGH | N/A |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. | |||||
| CVE-1999-1066 | 1 Sgi | 1 Quake 1 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. | |||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2016-10-18 | 5.0 MEDIUM | N/A |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||||
| CVE-1999-1068 | 1 Oracle | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-1999-1072 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
| CVE-1999-1073 | 1 Excite | 1 Ews | 2016-10-18 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. | |||||
| CVE-1999-0118 | 1 Ibm | 1 Aix | 2016-10-18 | 7.2 HIGH | N/A |
| AIX infod allows local users to gain root access through an X display. | |||||
| CVE-1999-0250 | 1 Dan Bernstein | 1 Qmail | 2016-10-18 | 10.0 HIGH | N/A |
| Denial of service in Qmail through long SMTP commands. | |||||