CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15351 CVE-1999-0526 1997-07-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
15352 CVE-1999-0515 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
15353 CVE-1999-0512 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
15354 CVE-1999-0509 94 Exec Code 1996-05-29 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.
15355 CVE-1999-0498 1991-09-27 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
15356 CVE-1999-0495 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
15357 CVE-1999-0492 1999-04-23 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
15358 CVE-1999-0489 1999-05-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
15359 CVE-1999-0465 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
15360 CVE-1999-0461 1999-01-28 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
15361 CVE-1999-0454 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
15362 CVE-1999-0452 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A service or application has a backdoor password that was placed there by the developer.
15363 CVE-1999-0443 1999-04-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
15364 CVE-1999-0426 1999-03-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
15365 CVE-1999-0408 1999-02-25 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
15366 CVE-1999-0407 1999-02-09 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
15367 CVE-1999-0397 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
15368 CVE-1999-0394 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
15369 CVE-1999-0385 DoS Exec Code Overflow 1998-12-01 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
15370 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
15371 CVE-1999-0364 1999-01-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
15372 CVE-1999-0361 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
15373 CVE-1999-0356 1999-01-25 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
15374 CVE-1999-0353 1999-02-10 2013-09-03
9.3
Admin Remote Medium Not required Complete Complete Complete
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
15375 CVE-1999-0347 1999-01-26 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
15376 CVE-1999-0323 1998-02-20 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
FreeBSD mmap function allows users to modify append-only or immutable files.
15377 CVE-1999-0320 1998-03-01 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
15378 CVE-1999-0299 Overflow 1997-03-05 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in FreeBSD lpd through long DNS hostnames.
15379 CVE-1999-0286 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
15380 CVE-1999-0285 DoS 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
15381 CVE-1999-0283 1999-01-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
The Java Web Server would allow remote users to obtain the source code for CGI programs.
15382 CVE-1999-0268 1999-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
15383 CVE-1999-0255 Exec Code Overflow 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ircd allows arbitrary command execution.
15384 CVE-1999-0254 +Info 1998-11-02 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
15385 CVE-1999-0250 DoS 1997-07-01 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in Qmail through long SMTP commands.
15386 CVE-1999-0248 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
15387 CVE-1999-0246 1996-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP Remote Watch allows a remote user to gain root access.
15388 CVE-1999-0243 1999-01-01 2005-10-20
10.0
Admin Remote Low Not required Complete Complete Complete
Linux cfingerd could be exploited to gain root access.
15389 CVE-1999-0241 Exec Code 1995-11-01 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
15390 CVE-1999-0238 1997-08-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
php.cgi allows attackers to read any file on the system.
15391 CVE-1999-0236 1997-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
15392 CVE-1999-0235 Overflow 1995-02-17 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
15393 CVE-1999-0233 Exec Code 1996-02-25 2018-08-13
10.0
Admin Remote Low Not required Complete Complete Complete
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
15394 CVE-1999-0232 Overflow 1995-02-01 2017-05-03
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.
15395 CVE-1999-0226 19 DoS 1999-01-01 2017-05-03
10.0
None Remote Low Not required Complete Complete Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
15396 CVE-1999-0220 DoS 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Attackers can do a denial of service of IRC by crashing the server.
15397 CVE-1999-0214 DoS 1992-07-21 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Denial of service by sending forged ICMP unreachable packets.
15398 CVE-1999-0213 DoS 1998-07-15 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
15399 CVE-1999-0210 +Priv 1997-11-26 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
15400 CVE-1999-0208 Exec Code 1995-12-12 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.