CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0370 Exec Code 1999-01-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.
2 CVE-2000-0054 1999-01-03 2008-09-10
5.0
None Remote Low Not required Partial None None
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
3 CVE-2000-0005 +Priv 1999-01-02 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
HP-UX aserver program allows local users to gain privileges via a symlink attack.
4 CVE-1999-1568 DoS 1999-01-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
5 CVE-1999-1546 1999-01-29 2008-09-05
5.0
None Remote Low Not required Partial None None
netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
6 CVE-1999-1544 DoS Overflow 1999-01-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
7 CVE-1999-1538 1999-01-14 2008-09-05
2.1
None Local Low Not required Partial None None
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
8 CVE-1999-1458 Overflow +Priv 1999-01-25 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.
9 CVE-1999-1450 +Priv 1999-01-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
10 CVE-1999-1440 1999-01-01 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.
11 CVE-1999-1430 1999-01-01 2008-09-05
2.1
None Local Low Not required Partial None None
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
12 CVE-1999-1422 1999-01-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
13 CVE-1999-1376 Exec Code Overflow 1999-01-14 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
14 CVE-1999-1268 1999-01-06 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
15 CVE-1999-1264 1999-01-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been expliticly disabled.
16 CVE-1999-1172 1999-01-14 2008-09-05
5.0
None Remote Low Not required None Partial None
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
17 CVE-1999-1170 +Priv 1999-01-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
18 CVE-1999-0952 Overflow 1999-01-28 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
19 CVE-1999-0914 Overflow 1999-01-03 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
20 CVE-1999-0698 DoS 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.
21 CVE-1999-0678 1999-01-17 2008-09-09
5.0
None Remote Low Not required Partial None None
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
22 CVE-1999-0665 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An application-critical Windows NT registry key has an inappropriate value.
23 CVE-1999-0664 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An application-critical Windows NT registry key has inappropriate permissions.
24 CVE-1999-0663 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified.
25 CVE-1999-0662 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.
26 CVE-1999-0661 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
27 CVE-1999-0657 1999-01-01 2007-07-21
0.0
None Remote Low Not required None None None
WinGate is being used.
28 CVE-1999-0656 16 1999-01-01 2008-09-05
5.0
None Remote Low Not required Partial None None
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
29 CVE-1999-0654 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The OS/2 or POSIX subsystem in NT is enabled.
30 CVE-1999-0653 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A component service related to NIS+ is running.
31 CVE-1999-0651 1999-01-01 2005-10-20
7.5
None Remote Low Not required Partial Partial Partial
The rsh/rlogin service is running.
32 CVE-1999-0650 1999-01-01 2006-06-15
5.0
None Remote Low Not required Partial None None
The netstat service is running, which provides sensitive information to remote attackers.
33 CVE-1999-0641 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The UUCP service is running.
34 CVE-1999-0640 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The Gopher service is running.
35 CVE-1999-0639 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The chargen service is running.
36 CVE-1999-0638 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The daytime service is running.
37 CVE-1999-0637 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The systat service is running.
38 CVE-1999-0636 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The discard service is running.
39 CVE-1999-0635 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The echo service is running.
40 CVE-1999-0632 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The RPC portmapper service is running.
41 CVE-1999-0630 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The NT Alerter and Messenger services are running.
42 CVE-1999-0629 1999-01-01 2010-12-01
0.0
None Remote Low Not required None None None
The ident/identd service is running.
43 CVE-1999-0625 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The rpc.rquotad service is running.
44 CVE-1999-0624 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The rstat/rstatd service is running.
45 CVE-1999-0618 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The rexec service is running.
46 CVE-1999-0613 1999-01-01 2007-07-13
0.0
None Remote Low Not required None None None
The rpc.sprayd service is running.
47 CVE-1999-0611 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Windows NT registry key has an inappropriate value.
48 CVE-1999-0603 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.
49 CVE-1999-0602 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A network intrusion detection system (IDS) does not properly reassemble fragmented packets.
50 CVE-1999-0601 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.
Total number of vulnerabilities : 153   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.