CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15651 CVE-1999-1119 Exec Code 1992-04-27 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
15652 CVE-1999-1086 +Priv 1999-07-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
15653 CVE-1999-1064 DoS Exec Code Overflow 1999-08-22 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
15654 CVE-1999-1063 Exec Code 1999-06-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
15655 CVE-1999-1059 Exec Code 1992-02-25 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
15656 CVE-1999-1049 1999-02-21 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
15657 CVE-1999-1046 DoS Exec Code Overflow 1999-03-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
15658 CVE-1999-1032 +Priv 1991-12-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
15659 CVE-1999-1011 264 Exec Code 1999-07-19 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
15660 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
15661 CVE-1999-0987 287 1999-11-18 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
15662 CVE-1999-0977 Overflow +Priv 1999-12-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
15663 CVE-1999-0974 Overflow +Priv 1999-12-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
15664 CVE-1999-0973 Overflow +Priv 1999-12-07 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
15665 CVE-1999-0967 Overflow 1997-11-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
15666 CVE-1999-0953 1999-09-16 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
15667 CVE-1999-0951 Exec Code Overflow 1999-10-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
15668 CVE-1999-0950 Overflow 1999-10-28 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15669 CVE-1999-0944 1999-10-24 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
15670 CVE-1999-0943 Overflow +Priv 1999-10-15 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
15671 CVE-1999-0937 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
15672 CVE-1999-0936 Exec Code 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
15673 CVE-1999-0935 Exec Code 1999-12-15 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
15674 CVE-1999-0926 DoS 1999-09-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15675 CVE-1999-0920 Overflow +Priv 1999-05-26 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
15676 CVE-1999-0919 DoS 1998-05-10 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
15677 CVE-1999-0913 Exec Code 1999-08-05 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
15678 CVE-1999-0911 Overflow 1999-08-27 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15679 CVE-1999-0896 Exec Code Overflow 1999-11-04 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
15680 CVE-1999-0894 2000-01-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
15681 CVE-1999-0886 16 1999-09-17 2018-10-12
9.0
Admin Remote Low Single system Complete Complete Complete
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
15682 CVE-1999-0883 1999-10-25 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
15683 CVE-1999-0879 Overflow +Priv 1999-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
15684 CVE-1999-0878 Overflow +Priv 1999-08-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
15685 CVE-1999-0876 119 Overflow 2000-01-04 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
15686 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
15687 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
15688 CVE-1999-0837 DoS 1999-11-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Denial of service in BIND by improperly closing TCP sessions via so_linger.
15689 CVE-1999-0836 1998-12-02 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
15690 CVE-1999-0835 DoS 1999-11-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Denial of service in BIND named via malformed SIG records.
15691 CVE-1999-0834 Overflow 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
15692 CVE-1999-0832 Exec Code Overflow 1999-11-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
15693 CVE-1999-0822 Overflow 1999-11-30 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
15694 CVE-1999-0817 1999-09-15 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
15695 CVE-1999-0816 1998-05-10 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
15696 CVE-1999-0814 1999-08-11 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.
15697 CVE-1999-0810 DoS 1999-07-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in Samba NETBIOS name service daemon (nmbd).
15698 CVE-1999-0801 1999-04-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
15699 CVE-1999-0799 Overflow 1997-06-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
15700 CVE-1999-0798 Overflow 1998-12-04 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.