CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0031 1997-07-08 2008-09-09
2.6
None Remote High Not required Partial None None
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
2 CVE-1999-0105 1997-03-01 2008-09-09
2.1
None Local Low Not required None None Partial
finger allows recursive searches by using a long string of @ symbols.
3 CVE-1999-0106 1997-03-01 2008-09-09
2.1
None Local Low Not required None None Partial
Finger redirection allows finger bombs.
4 CVE-1999-0132 1996-08-15 2008-09-09
2.1
None Local Low Not required Partial None None
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
5 CVE-1999-0133 1996-08-14 2008-09-09
2.1
None Local Low Not required None Partial None
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.
6 CVE-1999-0144 DoS 1997-06-01 2017-05-03
2.1
None Local Low Not required None None Partial
Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
7 CVE-1999-0171 DoS 1997-01-01 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in syslog by sending it a large number of superfluous messages.
8 CVE-1999-0223 1999-03-01 2008-09-09
2.1
None Local Low Not required None None Partial
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
9 CVE-1999-0322 1997-10-29 2008-09-09
2.1
None Local Low Not required None Partial None
The open() function in FreeBSD allows local attackers to write to arbitrary files.
10 CVE-1999-0327 1997-11-01 2008-09-09
2.1
None Local Low Not required Partial None None
SGI syserr program allows local users to corrupt files.
11 CVE-1999-0367 1999-02-09 2008-09-09
2.1
None Local Low Not required Partial None None
NetBSD netstat command allows local users to access kernel memory.
12 CVE-1999-0372 200 +Info 1999-02-12 2015-08-03
2.1
None Local Low Not required Partial None None
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
13 CVE-1999-0374 1999-02-16 2008-09-09
2.1
None Local Low Not required Partial None None
Debian GNU/Linux cfengine package is susceptible to a symlink attack.
14 CVE-1999-0396 DoS 1999-02-17 2008-09-09
2.6
None Remote High Not required None None Partial
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
15 CVE-1999-0417 DoS 1999-03-09 2008-09-09
2.1
None Local Low Not required None None Partial
64 bit Solaris 7 procfs allows local users to perform a denial of service.
16 CVE-1999-0424 1999-03-18 2008-09-09
2.1
None Local Low Not required Partial None None
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
17 CVE-1999-0442 1999-01-07 2008-09-09
2.1
None Local Low Not required None Partial None
Solaris ff.core allows local users to modify files.
18 CVE-1999-0446 DoS 1999-04-12 2008-09-09
2.1
None Local Low Not required None None Partial
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
19 CVE-1999-0451 DoS 1999-01-19 2008-09-05
2.1
None Local Low Not required None None Partial
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
20 CVE-1999-0458 1999-01-06 2008-09-09
2.1
None Local Low Not required Partial None None
L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.
21 CVE-1999-0460 DoS Overflow 1999-02-19 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
22 CVE-1999-0464 DoS 1999-01-04 2016-10-17
2.1
None Local Low Not required None None Partial
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
23 CVE-1999-0468 1999-04-09 2008-09-09
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
24 CVE-1999-0473 1999-04-07 2008-09-09
2.1
None Local Low Not required None Partial None
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
25 CVE-1999-0480 DoS 1999-04-01 2008-09-09
2.1
None Local Low Not required None None Partial
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.
26 CVE-1999-0483 1999-02-25 2008-09-09
2.1
None Local Low Not required None None Partial
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
27 CVE-1999-0484 Overflow 1999-02-23 2008-09-09
2.1
None Local Low Not required None Partial None
Buffer overflow in OpenBSD ping.
28 CVE-1999-0485 1999-02-19 2008-09-09
2.6
None Remote High Not required None None Partial
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
29 CVE-1999-0487 1999-05-01 2008-09-09
2.6
None Remote High Not required Partial None None
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
30 CVE-1999-0585 2000-07-01 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT administrator account has the default name of Administrator.
31 CVE-1999-0595 2000-01-20 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
32 CVE-1999-0694 DoS 1999-08-11 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in AIX ptrace system call allows local users to crash the system.
33 CVE-1999-0712 1999-04-27 2008-09-09
2.1
None Local Low Not required Partial None None
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
34 CVE-1999-0714 1999-02-15 2008-09-09
2.1
None Local Low Not required Partial None None
Vulnerability in Compaq Tru64 UNIX edauth command.
35 CVE-1999-0717 1999-05-07 2008-09-09
2.6
None Remote High Not required None Partial None
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
36 CVE-1999-0732 1999-08-19 2016-09-16
2.1
None Local Low Not required None Partial None
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
37 CVE-1999-0743 1999-08-20 2008-09-09
2.1
None Local Low Not required None Partial None
Trn allows local users to overwrite other users' files via symlinks.
38 CVE-1999-0747 DoS 1999-08-18 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
39 CVE-1999-0749 Overflow 1999-08-16 2008-09-09
2.6
None Remote High Not required None Partial None
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
40 CVE-1999-0757 2001-03-12 2008-09-05
2.1
None Local Low Not required Partial None None
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
41 CVE-1999-0762 1999-05-24 2008-09-09
2.6
None Remote High Not required Partial None None
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
42 CVE-1999-0770 DoS 1999-07-29 2008-09-09
2.1
None Local Low Not required None None Partial
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
43 CVE-1999-0782 1998-11-18 2016-10-17
2.1
None Local Low Not required None Partial None
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
44 CVE-1999-0787 1999-09-17 2016-10-17
2.1
None Local Low Not required None Partial None
The SSH authentication agent follows symlinks via a UNIX domain socket.
45 CVE-1999-0790 2000-04-01 2008-09-09
2.6
None Remote High Not required Partial None None
A remote attacker can read information from a Netscape user's cache via JavaScript.
46 CVE-1999-0793 1999-11-17 2008-09-09
2.6
None Remote High Not required Partial None None
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
47 CVE-1999-0797 DoS 1998-06-29 2008-09-09
2.6
None Remote High Not required None None Partial
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
48 CVE-1999-0803 1999-05-25 2016-10-17
2.1
None Local Low Not required None Partial None
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
49 CVE-1999-0827 1999-11-01 2008-09-09
2.6
None Remote High Not required Partial None None
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
50 CVE-1999-0851 DoS 1999-11-10 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BIND named via naptr.
Total number of vulnerabilities : 3301   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.