CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15801 CVE-2000-0151 Exec Code 2000-02-01 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
15802 CVE-2000-0092 2000-01-19 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
15803 CVE-2000-0045 2000-01-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
15804 CVE-2000-0031 +Priv 2000-10-20 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
15805 CVE-2000-0027 +Priv 1999-12-27 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
15806 CVE-2000-0024 Bypass 1999-12-21 2018-10-12
6.4
None Remote Low Not required Partial Partial None
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
15807 CVE-1999-1485 DoS 1999-05-31 2017-12-18
6.4
None Remote Low Not required Partial None Partial
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
15808 CVE-1999-1468 +Priv 1991-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
15809 CVE-1999-1428 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
15810 CVE-1999-1427 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
15811 CVE-1999-1426 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
15812 CVE-1999-1425 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
15813 CVE-1999-1424 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
15814 CVE-1999-1421 DoS 1998-07-20 2016-10-17
6.4
None Remote Low Not required None Partial Partial
NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
15815 CVE-1999-1410 +Priv 1997-05-09 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
15816 CVE-1999-1398 1997-05-07 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
15817 CVE-1999-1388 1994-05-13 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
15818 CVE-1999-1361 DoS 1998-05-09 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
15819 CVE-1999-1335 1999-12-31 2017-10-09
6.4
None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
15820 CVE-1999-1274 1997-12-29 2017-12-18
6.4
None Remote Low Not required Partial Partial None
iPass RoamServer 3.1 creates temporary files with world-writable permissions.
15821 CVE-1999-1167 XSS 1999-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
15822 CVE-1999-1162 DoS 1993-05-24 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
15823 CVE-1999-1097 1999-05-04 2017-12-18
6.4
None Remote Low Not required Partial Partial None
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
15824 CVE-1999-1022 +Priv 1994-10-02 2017-12-18
6.2
Admin Local High Not required Complete Complete Complete
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
15825 CVE-1999-0965 1997-09-19 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in xterm allows local users to modify arbitrary files via the logging option.
15826 CVE-1999-0961 +Priv 1996-09-21 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
15827 CVE-1999-0772 DoS 1999-06-01 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
15828 CVE-1999-0764 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD allows ARP packets to overwrite static ARP entries.
15829 CVE-1999-0763 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
15830 CVE-1999-0740 DoS 1999-08-19 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
15831 CVE-1999-0718 +Priv 2001-03-12 2017-10-09
6.2
Admin Local High Not required Complete Complete Complete
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
15832 CVE-1999-0700 119 Overflow 1999-07-29 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
15833 CVE-1999-0520 1999-01-01 2005-10-20
6.4
None Remote Low Not required Partial Partial None
A system-critical NETBIOS/SMB share has inappropriate access control.
15834 CVE-1999-0425 1999-03-18 2008-09-09
6.4
None Remote Low Not required None Partial Partial
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
15835 CVE-1999-0418 DoS 1999-03-08 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
15836 CVE-1999-0351 DoS 1999-02-01 2018-05-02
6.4
None Remote Low Not required Partial None Partial
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
15837 CVE-1999-0350 1999-02-08 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
15838 CVE-1999-0342 1998-12-01 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Linux PAM modules allow local users to gain root access using temporary files.
15839 CVE-1999-0215 1998-10-26 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Routed allows attackers to append data to files.
15840 CVE-1999-0201 1997-01-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
15841 CVE-1999-0191 1997-09-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
IIS newdsn.exe CGI script allows remote users to overwrite files.
15842 CVE-1999-0184 1997-07-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
15843 CVE-1999-0183 1997-09-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Linux implementations of TFTP would allow access to files outside the restricted directory.
15844 CVE-1999-0181 DoS Exec Code 1994-01-01 2008-09-09
6.8
None Remote Medium Not required Partial Partial Partial
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.
15845 CVE-1999-0174 1997-02-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
15846 CVE-1999-0164 1995-08-29 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
15847 CVE-1999-0074 1997-07-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.