CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15051 CVE-1999-0407 1999-02-09 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
15052 CVE-1999-0397 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
15053 CVE-1999-0394 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
15054 CVE-1999-0385 DoS Exec Code Overflow 1998-12-01 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
15055 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
15056 CVE-1999-0364 1999-01-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
15057 CVE-1999-0361 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
15058 CVE-1999-0356 1999-01-25 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
15059 CVE-1999-0353 1999-02-10 2013-09-03
9.3
Admin Remote Medium Not required Complete Complete Complete
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
15060 CVE-1999-0347 1999-01-26 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
15061 CVE-1999-0323 1998-02-20 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
FreeBSD mmap function allows users to modify append-only or immutable files.
15062 CVE-1999-0320 1998-03-01 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
15063 CVE-1999-0299 Overflow 1997-03-05 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in FreeBSD lpd through long DNS hostnames.
15064 CVE-1999-0286 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
15065 CVE-1999-0285 DoS 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
15066 CVE-1999-0283 1999-01-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
The Java Web Server would allow remote users to obtain the source code for CGI programs.
15067 CVE-1999-0268 1999-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
15068 CVE-1999-0255 Exec Code Overflow 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ircd allows arbitrary command execution.
15069 CVE-1999-0254 +Info 1998-11-02 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
15070 CVE-1999-0250 DoS 1997-07-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in Qmail through long SMTP commands.
15071 CVE-1999-0248 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
15072 CVE-1999-0246 1996-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP Remote Watch allows a remote user to gain root access.
15073 CVE-1999-0243 1999-01-01 2005-10-20
10.0
Admin Remote Low Not required Complete Complete Complete
Linux cfingerd could be exploited to gain root access.
15074 CVE-1999-0241 Exec Code 1995-11-01 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
15075 CVE-1999-0238 1997-08-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
php.cgi allows attackers to read any file on the system.
15076 CVE-1999-0236 1997-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
15077 CVE-1999-0235 Overflow 1995-02-17 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
15078 CVE-1999-0233 Exec Code 1996-02-25 2018-08-13
10.0
Admin Remote Low Not required Complete Complete Complete
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
15079 CVE-1999-0232 Overflow 1995-02-01 2017-05-03
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.
15080 CVE-1999-0226 19 DoS 1999-01-01 2017-05-03
10.0
None Remote Low Not required Complete Complete Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
15081 CVE-1999-0220 DoS 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Attackers can do a denial of service of IRC by crashing the server.
15082 CVE-1999-0214 DoS 1992-07-21 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Denial of service by sending forged ICMP unreachable packets.
15083 CVE-1999-0213 DoS 1998-07-15 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
15084 CVE-1999-0210 +Priv 1997-11-26 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
15085 CVE-1999-0208 Exec Code 1995-12-12 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
15086 CVE-1999-0206 Overflow 1996-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
15087 CVE-1999-0204 Exec Code 1997-01-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
15088 CVE-1999-0203 +Priv 1995-08-17 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
15089 CVE-1999-0200 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
15090 CVE-1999-0198 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger [email protected] on some systems may print information on some user accounts.
15091 CVE-1999-0197 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger [email protected] on some systems may print information on some user accounts.
15092 CVE-1999-0192 Overflow 1997-10-18 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.
15093 CVE-1999-0186 Exec Code 1998-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
15094 CVE-1999-0182 Overflow 1997-09-30 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
15095 CVE-1999-0169 1997-07-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
NFS allows attackers to read and write any file on the system by specifying a false UID.
15096 CVE-1999-0165 1997-03-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
NFS cache poisoning.
15097 CVE-1999-0124 1993-08-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.
15098 CVE-1999-0119 1999-01-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT 4.0 beta allows users to read and delete shares.
15099 CVE-1999-0113 1994-05-23 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Some implementations of rlogin allow root access if given a -froot parameter.
15100 CVE-1999-0101 Overflow 1996-12-10 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.