Security Vulnerabilities, CVEs, Published In December 1999 CVSS score >= 7

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.

The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.

Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

glFtpD includes a default glftpd user account with a default password and a UID of 0.

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.

WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.

The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.