CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0367 +Priv 1999-02-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
2 CVE-1999-1495 1999-02-18 2008-09-05
2.1
None Local Low Not required None None Partial
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
3 CVE-1999-1482 +Priv 1999-02-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes.
4 CVE-1999-1453 1999-02-02 2008-09-05
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
5 CVE-1999-1405 Exec Code 1999-02-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
6 CVE-1999-1375 1999-02-11 2008-09-05
5.0
None Remote Low Not required Partial None None
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
7 CVE-1999-1372 +Priv 1999-02-19 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges.
8 CVE-1999-1260 +Info 1999-02-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
9 CVE-1999-1255 1999-02-19 2008-09-05
5.0
None Remote Low Not required None Partial None
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter.
10 CVE-1999-1247 1 +Priv 1999-02-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
11 CVE-1999-1203 DoS 1999-02-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
12 CVE-1999-1201 DoS 1999-02-06 2008-09-10
5.0
None Remote Low Not required None None Partial
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
13 CVE-1999-1180 Exec Code 1999-02-16 2008-09-10
5.0
None Remote Low Not required None None Partial
O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.
14 CVE-1999-1171 +Priv 1999-02-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
15 CVE-1999-1169 DoS 1999-02-04 2008-09-10
5.0
None Remote Low Not required None None Partial
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
16 CVE-1999-1168 1999-02-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
17 CVE-1999-1101 +Priv 1999-02-19 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges.
18 CVE-1999-1060 DoS Exec Code Overflow 1999-02-17 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
19 CVE-1999-1049 1999-02-21 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
20 CVE-1999-0714 1999-02-15 2008-09-09
2.1
None Local Low Not required Partial None None
Vulnerability in Compaq Tru64 UNIX edauth command.
21 CVE-1999-0485 1999-02-19 2008-09-09
2.6
None Remote High Not required None None Partial
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
22 CVE-1999-0484 Overflow 1999-02-23 2008-09-09
2.1
None Local Low Not required None Partial None
Buffer overflow in OpenBSD ping.
23 CVE-1999-0483 1999-02-25 2008-09-09
2.1
None Local Low Not required None None Partial
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
24 CVE-1999-0460 DoS Overflow 1999-02-19 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
25 CVE-1999-0459 DoS 1999-02-01 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot.
26 CVE-1999-0441 DoS Overflow 1999-02-22 2008-09-09
5.0
None Remote Low Not required None None Partial
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
27 CVE-1999-0412 1999-02-19 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
28 CVE-1999-0408 1999-02-25 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
29 CVE-1999-0407 1999-02-09 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
30 CVE-1999-0406 Overflow 1999-02-19 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
31 CVE-1999-0405 Overflow 1999-02-18 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
A buffer overflow in lsof allows local users to obtain root privilege.
32 CVE-1999-0404 Exec Code Overflow 1999-02-14 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
33 CVE-1999-0403 DoS 1999-02-01 2008-09-09
5.0
None Remote Low Not required None None Partial
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
34 CVE-1999-0396 DoS 1999-02-17 2008-09-09
2.6
None Remote High Not required None None Partial
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
35 CVE-1999-0383 1999-02-02 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
ACC Tigris allows public access without a login.
36 CVE-1999-0381 Overflow 1999-02-26 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
37 CVE-1999-0380 1999-02-25 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.
38 CVE-1999-0379 Exec Code 1999-02-22 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
39 CVE-1999-0378 1999-02-22 2008-09-09
5.0
None Remote Low Not required Partial None None
InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.
40 CVE-1999-0377 DoS 1999-02-22 2008-09-09
5.0
None Remote Low Not required None None Partial
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
41 CVE-1999-0376 1999-02-20 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
42 CVE-1999-0375 Exec Code Overflow 1999-02-16 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.
43 CVE-1999-0374 1999-02-16 2008-09-09
2.1
None Local Low Not required Partial None None
Debian GNU/Linux cfengine package is susceptible to a symlink attack.
44 CVE-1999-0373 Exec Code Overflow 1999-02-01 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
45 CVE-1999-0372 1999-02-12 2008-09-09
2.1
None Local Low Not required Partial None None
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
46 CVE-1999-0371 1999-02-11 2008-09-09
1.2
None Local High Not required Partial None None
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
47 CVE-1999-0370 1999-02-10 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
48 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
49 CVE-1999-0367 1999-02-09 2008-09-09
2.1
None Local Low Not required Partial None None
NetBSD netstat command allows local users to access kernel memory.
50 CVE-1999-0366 1999-02-08 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
Total number of vulnerabilities : 58   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.