CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15651 CVE-1999-0594 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.
15652 CVE-1999-0592 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The Logon box of a Windows NT system displays the name of the last user who logged in.
15653 CVE-1999-0591 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An event log in Windows NT has inappropriate access permissions.
15654 CVE-1999-0590 2000-06-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
A system does not present an appropriate legal message or warning to a user who is accessing it.
15655 CVE-1999-0589 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Windows NT registry key has inappropriate permissions.
15656 CVE-1999-0587 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.
15657 CVE-1999-0584 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT file system is not NTFS.
15658 CVE-1999-0583 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
There is a one-way or two-way trust relationship between Windows NT domains.
15659 CVE-1999-0581 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
15660 CVE-1999-0580 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
15661 CVE-1999-0579 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
15662 CVE-1999-0577 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
15663 CVE-1999-0572 1997-01-01 2008-09-09
9.3
Admin Remote Medium Not required Complete Complete Complete
.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
15664 CVE-1999-0571 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
15665 CVE-1999-0570 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
15666 CVE-1999-0569 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.
15667 CVE-1999-0568 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
rpc.admind in Solaris is not running in a secure mode.
15668 CVE-1999-0565 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Sendmail alias allows input to be piped to a program.
15669 CVE-1999-0564 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.
15670 CVE-1999-0561 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IIS has the #exec function enabled for Server Side Include (SSI) files.
15671 CVE-1999-0560 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Windows NT file or directory has inappropriate permissions.
15672 CVE-1999-0559 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Unix file or directory has inappropriate permissions.
15673 CVE-1999-0556 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Two or more Unix accounts have the same UID.
15674 CVE-1999-0555 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Unix account with a name other than "root" has UID 0, i.e. root privileges.
15675 CVE-1999-0554 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NFS exports system-critical data to the world, e.g. / or a password file.
15676 CVE-1999-0548 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A superfluous NFS server is running, but it is not importing or exporting any file systems.
15677 CVE-1999-0547 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An SSH server allows authentication through the .rhosts file.
15678 CVE-1999-0539 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A trust relationship exists between two Unix hosts.
15679 CVE-1999-0535 1997-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
15680 CVE-1999-0530 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system is operating in "promiscuous" mode which allows it to perform packet sniffing.
15681 CVE-1999-0527 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
15682 CVE-1999-0526 1997-07-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
15683 CVE-1999-0515 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
15684 CVE-1999-0512 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
15685 CVE-1999-0509 94 Exec Code 1996-05-29 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.
15686 CVE-1999-0498 1991-09-27 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
15687 CVE-1999-0495 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
15688 CVE-1999-0492 1999-04-23 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
15689 CVE-1999-0489 1999-05-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
15690 CVE-1999-0465 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
15691 CVE-1999-0461 1999-01-28 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
15692 CVE-1999-0454 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
15693 CVE-1999-0452 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A service or application has a backdoor password that was placed there by the developer.
15694 CVE-1999-0443 1999-04-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
15695 CVE-1999-0426 1999-03-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
15696 CVE-1999-0408 1999-02-25 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
15697 CVE-1999-0407 1999-02-09 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
15698 CVE-1999-0397 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
15699 CVE-1999-0394 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
15700 CVE-1999-0385 DoS Exec Code Overflow 1998-12-01 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.