CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15851 CVE-1999-1319 +Priv 1996-01-03 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.
15852 CVE-1999-1299 1997-02-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
15853 CVE-1999-1293 DoS 1999-12-31 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
15854 CVE-1999-1241 Exec Code 1999-05-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
15855 CVE-1999-1237 Exec Code Overflow 1999-06-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
15856 CVE-1999-1199 DoS 1998-08-07 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
15857 CVE-1999-1193 1991-05-14 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
15858 CVE-1999-1190 Exec Code Overflow 1999-11-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
15859 CVE-1999-1160 +Priv 1997-02-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
15860 CVE-1999-1138 1993-09-17 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
15861 CVE-1999-1125 +Priv 1997-09-19 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
15862 CVE-1999-1119 Exec Code 1992-04-27 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
15863 CVE-1999-1086 +Priv 1999-07-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
15864 CVE-1999-1064 DoS Exec Code Overflow 1999-08-22 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
15865 CVE-1999-1063 Exec Code 1999-06-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
15866 CVE-1999-1059 Exec Code 1992-02-25 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
15867 CVE-1999-1049 1999-02-21 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
15868 CVE-1999-1046 DoS Exec Code Overflow 1999-03-01 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
15869 CVE-1999-1032 +Priv 1991-12-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
15870 CVE-1999-1011 264 Exec Code 1999-07-19 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
15871 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
15872 CVE-1999-0987 287 1999-11-18 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
15873 CVE-1999-0977 Overflow +Priv 1999-12-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
15874 CVE-1999-0974 Overflow +Priv 1999-12-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
15875 CVE-1999-0973 Overflow +Priv 1999-12-07 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
15876 CVE-1999-0967 Overflow 1997-11-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
15877 CVE-1999-0953 1999-09-16 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
15878 CVE-1999-0951 Exec Code Overflow 1999-10-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
15879 CVE-1999-0950 Overflow 1999-10-28 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15880 CVE-1999-0944 1999-10-24 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
15881 CVE-1999-0943 Overflow +Priv 1999-10-15 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
15882 CVE-1999-0937 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
15883 CVE-1999-0936 Exec Code 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
15884 CVE-1999-0935 Exec Code 1999-12-15 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
15885 CVE-1999-0926 DoS 1999-09-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15886 CVE-1999-0920 Overflow +Priv 1999-05-26 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
15887 CVE-1999-0919 DoS 1998-05-10 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
15888 CVE-1999-0913 Exec Code 1999-08-05 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
15889 CVE-1999-0911 Overflow 1999-08-27 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
15890 CVE-1999-0896 Exec Code Overflow 1999-11-04 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
15891 CVE-1999-0894 2000-01-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
15892 CVE-1999-0886 16 1999-09-17 2018-10-12
9.0
Admin Remote Low Single system Complete Complete Complete
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
15893 CVE-1999-0883 1999-10-25 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
15894 CVE-1999-0879 Overflow +Priv 1999-10-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
15895 CVE-1999-0878 Overflow +Priv 1999-08-22 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
15896 CVE-1999-0876 119 Overflow 2000-01-04 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
15897 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
15898 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
15899 CVE-1999-0837 DoS 1999-11-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Denial of service in BIND by improperly closing TCP sessions via so_linger.
15900 CVE-1999-0836 1998-12-02 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.