CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0679 Exec Code Overflow 1999-11-08 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.
2 CVE-2000-1206 1999-08-20 2008-09-10
5.0
None Remote Low Not required Partial None None
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3 CVE-2000-0531 DoS 1999-11-23 2008-09-05
2.1
None Local Low Not required None None Partial
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
4 CVE-2000-0489 DoS 1999-09-05 2008-09-10
2.1
None Local Low Not required None None Partial
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
5 CVE-2000-0481 DoS Overflow 1999-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
6 CVE-2000-0412 1999-05-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
7 CVE-2000-0374 Bypass +Info 1999-08-22 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
8 CVE-2000-0373 +Priv 1999-06-01 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
9 CVE-2000-0371 1999-03-01 2008-09-10
1.2
None Local High Not required None Partial None
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
10 CVE-2000-0370 Exec Code 1999-01-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.
11 CVE-2000-0369 DoS 1999-10-08 2008-09-10
5.0
None Remote Low Not required None None Partial
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
12 CVE-2000-0367 +Priv 1999-02-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
13 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
14 CVE-2000-0365 1999-06-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.
15 CVE-2000-0364 1999-06-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
16 CVE-2000-0363 +Priv 1999-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
17 CVE-2000-0362 Overflow +Priv 1999-10-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
18 CVE-2000-0361 1999-12-14 2008-09-10
2.1
None Local Low Not required Partial None None
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
19 CVE-2000-0358 1999-12-03 2008-09-10
5.0
None Remote Low Not required None None Partial
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
20 CVE-2000-0357 1999-12-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
21 CVE-2000-0356 1999-10-13 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.
22 CVE-2000-0355 1999-08-21 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.
23 CVE-2000-0353 Exec Code 1999-06-28 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
24 CVE-2000-0352 Exec Code 1999-11-18 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
25 CVE-2000-0333 DoS 1999-05-31 2008-09-10
5.0
None Remote Low Not required None None Partial
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
26 CVE-2000-0330 Exec Code 1999-11-12 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
27 CVE-2000-0329 1999-11-11 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
28 CVE-2000-0328 1999-08-24 2008-09-10
5.0
None Remote Low Not required Partial None None
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
29 CVE-2000-0327 Exec Code 1999-10-21 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
30 CVE-2000-0325 Exec Code 1999-08-20 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
31 CVE-2000-0323 1999-07-28 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
32 CVE-2000-0165 Exec Code Overflow 1999-11-13 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.
33 CVE-2000-0153 1999-03-26 2008-09-10
5.0
None Remote Low Not required Partial None None
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
34 CVE-2000-0139 DoS 1999-12-03 2008-09-10
2.1
None Local Low Not required None None Partial
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
35 CVE-2000-0119 1999-12-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
36 CVE-2000-0118 1999-06-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
37 CVE-2000-0100 +Priv 1999-12-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
38 CVE-2000-0076 1999-12-30 2008-09-10
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
39 CVE-2000-0073 DoS Overflow 1999-11-17 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
40 CVE-2000-0068 1999-12-14 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
41 CVE-2000-0060 DoS Overflow 1999-12-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
42 CVE-2000-0054 1999-01-03 2008-09-10
5.0
None Remote Low Not required Partial None None
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
43 CVE-2000-0047 DoS Overflow 1999-10-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message.
44 CVE-2000-0043 Exec Code Overflow 1999-12-30 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
45 CVE-2000-0042 DoS Exec Code Overflow 1999-12-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
46 CVE-2000-0041 1999-12-28 2008-09-10
5.0
None Remote Low Not required None None Partial
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
47 CVE-2000-0040 +Priv 1999-12-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
48 CVE-2000-0039 1999-12-29 2008-09-10
5.0
None Remote Low Not required Partial None None
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.
49 CVE-2000-0038 1999-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
glFtpD includes a default glftpd user account with a default password and a UID of 0.
50 CVE-2000-0037 +Priv 1999-12-28 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
Total number of vulnerabilities : 894   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.