CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-1369 +Priv 1999-04-14 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
2 CVE-1999-1323 1999-04-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
3 CVE-1999-1245 +Info 1999-04-06 2008-09-05
5.0
None Remote Low Not required Partial None None
vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information.
4 CVE-1999-1244 1999-04-15 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file.
5 CVE-1999-1196 DoS 1999-04-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
6 CVE-1999-0921 DoS 1999-04-01 2008-09-09
5.0
None Remote Low Not required None None Partial
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
7 CVE-1999-0801 1999-04-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
8 CVE-1999-0712 1999-04-27 2008-09-09
2.1
None Local Low Not required Partial None None
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
9 CVE-1999-0711 Exec Code 1999-04-29 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
10 CVE-1999-0684 DoS 1999-04-19 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Sendmail 8.8.6 in HPUX.
11 CVE-1999-0610 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the Webcart CGI program could disclose private information.
12 CVE-1999-0609 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.
13 CVE-1999-0608 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
14 CVE-1999-0607 +Priv 1999-04-20 2008-09-09
5.0
None Remote Low Not required Partial None None
quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
15 CVE-1999-0606 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.
16 CVE-1999-0605 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.
17 CVE-1999-0604 1999-04-20 2008-09-09
5.0
None Remote Low Not required Partial None None
An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.
18 CVE-1999-0492 1999-04-23 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
19 CVE-1999-0491 94 Exec Code 1999-04-20 2011-08-08
4.6
User Local Low Not required Partial Partial Partial
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
20 CVE-1999-0490 1999-04-21 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
21 CVE-1999-0488 1999-04-21 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
22 CVE-1999-0480 DoS 1999-04-01 2008-09-09
2.1
None Local Low Not required None None Partial
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.
23 CVE-1999-0475 1999-04-05 2008-09-09
1.2
None Local High Not required Partial None None
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
24 CVE-1999-0474 1999-04-05 2008-09-09
5.0
None Remote Low Not required Partial None None
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
25 CVE-1999-0473 1999-04-07 2008-09-09
2.1
None Local Low Not required None Partial None
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
26 CVE-1999-0472 1999-04-07 2008-09-09
5.0
None Remote Low Not required Partial None None
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.
27 CVE-1999-0471 1999-04-09 2008-09-09
5.0
None Remote Low Not required Partial None None
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.
28 CVE-1999-0470 1999-04-09 2008-09-09
5.0
None Remote Low Not required Partial None None
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
29 CVE-1999-0469 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
30 CVE-1999-0468 1999-04-09 2008-09-09
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
31 CVE-1999-0467 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.
32 CVE-1999-0466 1999-04-21 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
33 CVE-1999-0447 +Priv 1999-04-01 2013-07-23
4.6
User Local Low Not required Partial Partial Partial
Local users can gain privileges using the debug utility in the MPE/iX operating system.
34 CVE-1999-0446 DoS 1999-04-12 2008-09-09
2.1
None Local Low Not required None None Partial
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
35 CVE-1999-0445 1999-04-01 2008-09-09
5.0
None Remote Low Not required Partial None None
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
36 CVE-1999-0444 DoS 1999-04-12 2008-09-09
5.0
None Remote Low Not required None None Partial
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
37 CVE-1999-0443 1999-04-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
38 CVE-1999-0439 Exec Code Overflow 1999-04-05 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.
39 CVE-1999-0287 1999-04-09 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Vulnerability in the Wguest CGI program.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.