CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15751 CVE-1999-1193 1991-05-14 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
15752 CVE-1999-1190 Exec Code Overflow 1999-11-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
15753 CVE-1999-1160 +Priv 1997-02-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
15754 CVE-1999-1138 1993-09-17 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
15755 CVE-1999-1125 +Priv 1997-09-19 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
15756 CVE-1999-1119 Exec Code 1992-04-27 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
15757 CVE-1999-1086 +Priv 1999-07-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
15758 CVE-1999-1064 DoS Exec Code Overflow 1999-08-22 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
15759 CVE-1999-1063 Exec Code 1999-06-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
15760 CVE-1999-1059 Exec Code 1992-02-25 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
15761 CVE-1999-1049 1999-02-21 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
15762 CVE-1999-1046 DoS Exec Code Overflow 1999-03-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
15763 CVE-1999-1032 +Priv 1991-12-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
15764 CVE-1999-1011 264 Exec Code 1999-07-19 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
15765 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
15766 CVE-1999-0987 287 1999-11-18 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
15767 CVE-1999-0977 Overflow +Priv 1999-12-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
15768 CVE-1999-0974 Overflow +Priv 1999-12-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
15769 CVE-1999-0973 Overflow +Priv 1999-12-07 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
15770 CVE-1999-0967 Overflow 1997-11-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
15771 CVE-1999-0953 1999-09-16 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
15772 CVE-1999-0951 Exec Code Overflow 1999-10-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
15773 CVE-1999-0950 Overflow 1999-10-28 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15774 CVE-1999-0944 1999-10-24 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
15775 CVE-1999-0943 Overflow +Priv 1999-10-15 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
15776 CVE-1999-0937 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
15777 CVE-1999-0936 Exec Code 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
15778 CVE-1999-0935 Exec Code 1999-12-15 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
15779 CVE-1999-0926 DoS 1999-09-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15780 CVE-1999-0920 Overflow +Priv 1999-05-26 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
15781 CVE-1999-0919 DoS 1998-05-10 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
15782 CVE-1999-0913 Exec Code 1999-08-05 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
15783 CVE-1999-0911 Overflow 1999-08-27 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15784 CVE-1999-0896 Exec Code Overflow 1999-11-04 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
15785 CVE-1999-0894 2000-01-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
15786 CVE-1999-0886 16 1999-09-17 2018-10-12
9.0
Admin Remote Low Single system Complete Complete Complete
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
15787 CVE-1999-0883 1999-10-25 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
15788 CVE-1999-0879 Overflow +Priv 1999-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
15789 CVE-1999-0878 Overflow +Priv 1999-08-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
15790 CVE-1999-0876 119 Overflow 2000-01-04 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
15791 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
15792 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
15793 CVE-1999-0837 DoS 1999-11-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Denial of service in BIND by improperly closing TCP sessions via so_linger.
15794 CVE-1999-0836 1998-12-02 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
15795 CVE-1999-0835 DoS 1999-11-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Denial of service in BIND named via malformed SIG records.
15796 CVE-1999-0834 Overflow 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
15797 CVE-1999-0832 Exec Code Overflow 1999-11-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
15798 CVE-1999-0822 Overflow 1999-11-30 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
15799 CVE-1999-0817 1999-09-15 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
15800 CVE-1999-0816 1998-05-10 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.