CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0074 1997-07-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
2 CVE-1999-0164 1995-08-29 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
3 CVE-1999-0174 1997-02-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
4 CVE-1999-0181 DoS Exec Code 1994-01-01 2008-09-09
6.8
None Remote Medium Not required Partial Partial Partial
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.
5 CVE-1999-0183 1997-09-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Linux implementations of TFTP would allow access to files outside the restricted directory.
6 CVE-1999-0184 1997-07-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
7 CVE-1999-0191 1997-09-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
IIS newdsn.exe CGI script allows remote users to overwrite files.
8 CVE-1999-0201 1997-01-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
9 CVE-1999-0215 1998-10-26 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Routed allows attackers to append data to files.
10 CVE-1999-0342 1998-12-01 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Linux PAM modules allow local users to gain root access using temporary files.
11 CVE-1999-0350 1999-02-08 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
12 CVE-1999-0351 DoS 1999-02-01 2008-09-05
6.4
None Remote Low Not required Partial None Partial
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
13 CVE-1999-0418 DoS 1999-03-08 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
14 CVE-1999-0425 1999-03-18 2008-09-09
6.4
None Remote Low Not required None Partial Partial
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
15 CVE-1999-0520 1999-01-01 2005-10-20
6.4
None Remote Low Not required Partial Partial None
A system-critical NETBIOS/SMB share has inappropriate access control.
16 CVE-1999-0700 119 Overflow 1999-07-29 2008-09-09
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
17 CVE-1999-0718 +Priv 2001-03-12 2017-10-09
6.2
Admin Local High Not required Complete Complete Complete
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
18 CVE-1999-0740 DoS 1999-08-19 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
19 CVE-1999-0763 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
20 CVE-1999-0764 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD allows ARP packets to overwrite static ARP entries.
21 CVE-1999-0772 DoS 1999-06-01 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
22 CVE-1999-0961 +Priv 1996-09-21 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
23 CVE-1999-0965 1997-09-19 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in xterm allows local users to modify arbitrary files via the logging option.
24 CVE-1999-1022 +Priv 1994-10-02 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
25 CVE-1999-1097 1999-05-04 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
26 CVE-1999-1162 DoS 1993-05-24 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
27 CVE-1999-1167 XSS 1999-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
28 CVE-1999-1274 1997-12-29 2008-09-05
6.4
None Remote Low Not required Partial Partial None
iPass RoamServer 3.1 creates temporary files with world-writable permissions.
29 CVE-1999-1335 1999-12-31 2017-10-09
6.4
None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
30 CVE-1999-1361 DoS 1998-05-09 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
31 CVE-1999-1388 1994-05-13 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
32 CVE-1999-1398 1997-05-07 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
33 CVE-1999-1410 +Priv 1997-05-09 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
34 CVE-1999-1421 DoS 1998-07-20 2016-10-17
6.4
None Remote Low Not required None Partial Partial
NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
35 CVE-1999-1424 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
36 CVE-1999-1425 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
37 CVE-1999-1426 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
38 CVE-1999-1427 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
39 CVE-1999-1428 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
40 CVE-1999-1468 +Priv 1991-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
41 CVE-1999-1485 DoS 1999-05-31 2016-10-17
6.4
None Remote Low Not required Partial None Partial
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
42 CVE-2000-0024 Bypass 1999-12-21 2008-09-10
6.4
None Remote Low Not required Partial Partial None
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
43 CVE-2000-0027 +Priv 1999-12-27 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
44 CVE-2000-0031 +Priv 2000-10-20 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
45 CVE-2000-0045 2000-01-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
46 CVE-2000-0092 2000-01-19 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
47 CVE-2000-0151 Exec Code 2000-02-01 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
48 CVE-2000-0205 2000-03-03 2008-09-10
6.4
None Remote Low Not required None Partial Partial
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
49 CVE-2000-0206 +Priv 2000-03-05 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
50 CVE-2000-0237 2000-03-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.