CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
2 CVE-2000-0361 1999-12-14 2008-09-10
2.1
None Local Low Not required Partial None None
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
3 CVE-2000-0358 1999-12-03 2008-09-10
5.0
None Remote Low Not required None None Partial
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
4 CVE-2000-0357 1999-12-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
5 CVE-2000-0139 DoS 1999-12-03 2008-09-10
2.1
None Local Low Not required None None Partial
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
6 CVE-2000-0119 1999-12-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
7 CVE-2000-0100 +Priv 1999-12-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
8 CVE-2000-0076 1999-12-30 2008-09-10
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
9 CVE-2000-0068 1999-12-14 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
10 CVE-2000-0060 DoS Overflow 1999-12-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
11 CVE-2000-0043 Exec Code Overflow 1999-12-30 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
12 CVE-2000-0042 DoS Exec Code Overflow 1999-12-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
13 CVE-2000-0041 1999-12-28 2008-09-10
5.0
None Remote Low Not required None None Partial
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
14 CVE-2000-0040 +Priv 1999-12-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
15 CVE-2000-0039 1999-12-29 2008-09-10
5.0
None Remote Low Not required Partial None None
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.
16 CVE-2000-0038 1999-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
glFtpD includes a default glftpd user account with a default password and a UID of 0.
17 CVE-2000-0037 +Priv 1999-12-28 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
18 CVE-2000-0036 1999-12-22 2008-09-10
5.0
None Remote Low Not required None Partial None
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
19 CVE-2000-0035 +Priv 1999-12-28 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
resend command in Majordomo allows local users to gain privileges via shell metacharacters.
20 CVE-2000-0034 1999-12-22 2008-09-10
5.0
None Remote Low Not required Partial None None
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
21 CVE-2000-0033 1999-12-27 2008-09-10
5.0
None Remote Low Not required None Partial None
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.
22 CVE-2000-0032 1999-12-22 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
23 CVE-2000-0030 1999-12-22 2008-09-10
5.0
None Remote Low Not required None None Partial
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
24 CVE-2000-0029 +Priv 1999-12-27 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.
25 CVE-2000-0028 Bypass 1999-12-23 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
26 CVE-2000-0027 +Priv 1999-12-27 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
27 CVE-2000-0026 Overflow 1999-12-21 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
28 CVE-2000-0025 1999-12-21 2008-09-10
5.0
None Remote Low Not required Partial None None
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
29 CVE-2000-0024 Bypass 1999-12-21 2008-09-10
6.4
None Remote Low Not required Partial Partial None
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
30 CVE-2000-0023 DoS Overflow 1999-12-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.
31 CVE-2000-0022 1999-12-21 2008-09-10
5.0
None Remote Low Not required Partial None None
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.
32 CVE-2000-0021 1999-12-01 2008-09-10
5.0
None Remote Low Not required Partial None None
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
33 CVE-2000-0020 DoS 1999-12-20 2008-09-10
5.0
None Remote Low Not required None None Partial
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.
34 CVE-2000-0018 +Priv 1999-12-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.
35 CVE-2000-0017 Overflow +Priv 1999-12-21 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
36 CVE-2000-0015 +Priv 1999-12-31 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
37 CVE-2000-0014 DoS 1999-12-28 2008-09-10
5.0
None Remote Low Not required None None Partial
Denial of service in Savant web server via a null character in the requested URL.
38 CVE-2000-0013 +Priv 1999-12-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
39 CVE-2000-0012 Exec Code Overflow 1999-12-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
40 CVE-2000-0011 Exec Code Overflow 1999-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
41 CVE-2000-0010 Exec Code 1999-12-26 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
42 CVE-2000-0009 Exec Code 1999-12-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
43 CVE-2000-0008 1999-12-26 2008-09-10
2.1
None Local Low Not required Partial None None
FTPPro allows local users to read sensitive information, which is stored in plain text.
44 CVE-2000-0007 DoS 1999-12-29 2008-09-10
5.0
None Remote Low Not required None None Partial
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
45 CVE-2000-0006 1999-12-25 2008-09-10
2.6
None Local High Not required Partial Partial None
strace allows local users to read arbitrary files via memory mapped file names.
46 CVE-2000-0004 1999-12-01 2008-09-10
5.0
None Remote Low Not required Partial None None
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.
47 CVE-2000-0003 Overflow +Priv 1999-12-30 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
48 CVE-2000-0002 Exec Code Overflow 1999-12-22 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
49 CVE-2000-0001 DoS 1999-12-23 2008-09-10
5.0
None Remote Low Not required None None Partial
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.
50 CVE-1999-1592 1999-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
Total number of vulnerabilities : 201   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.