CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
18251 CVE-1999-1299 1997-02-03 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
18252 CVE-1999-1293 DoS 1999-12-31 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
18253 CVE-1999-1241 Exec Code 1999-05-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
18254 CVE-1999-1237 120 Exec Code Overflow 1999-06-06 2020-07-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
18255 CVE-1999-1199 DoS 1998-08-07 2021-06-06
10.0
None Remote Low Not required Complete Complete Complete
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
18256 CVE-1999-1193 1991-05-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
18257 CVE-1999-1190 Exec Code Overflow 1999-11-15 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
18258 CVE-1999-1160 +Priv 1997-02-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
18259 CVE-1999-1138 1993-09-17 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
18260 CVE-1999-1125 +Priv 1997-09-19 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
18261 CVE-1999-1119 Exec Code 1992-04-27 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
18262 CVE-1999-1086 +Priv 1999-07-15 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
18263 CVE-1999-1064 DoS Exec Code Overflow 1999-08-22 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
18264 CVE-1999-1063 Exec Code 1999-06-01 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
18265 CVE-1999-1059 Exec Code 1992-02-25 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
18266 CVE-1999-1049 1999-02-21 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
18267 CVE-1999-1046 DoS Exec Code Overflow 1999-03-01 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
18268 CVE-1999-1032 +Priv 1991-12-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
18269 CVE-1999-1011 264 Exec Code 1999-07-19 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
18270 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
18271 CVE-1999-0987 287 1999-11-18 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
18272 CVE-1999-0977 Overflow +Priv 1999-12-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
18273 CVE-1999-0974 Overflow +Priv 1999-12-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
18274 CVE-1999-0973 Overflow +Priv 1999-12-07 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
18275 CVE-1999-0967 Overflow 1997-11-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
18276 CVE-1999-0953 1999-09-16 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
18277 CVE-1999-0951 Exec Code Overflow 1999-10-22 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
18278 CVE-1999-0950 Overflow 1999-10-28 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
18279 CVE-1999-0944 1999-10-24 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
18280 CVE-1999-0943 Overflow +Priv 1999-10-15 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
18281 CVE-1999-0937 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
18282 CVE-1999-0936 Exec Code 1998-12-03 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
18283 CVE-1999-0935 Exec Code 1999-12-15 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
18284 CVE-1999-0926 DoS 1999-09-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
18285 CVE-1999-0920 Overflow +Priv 1999-05-26 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
18286 CVE-1999-0919 DoS 1998-05-10 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
18287 CVE-1999-0913 Exec Code 1999-08-05 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
18288 CVE-1999-0911 Overflow 1999-08-27 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
18289 CVE-1999-0896 Exec Code Overflow 1999-11-04 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
18290 CVE-1999-0894 2000-01-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
18291 CVE-1999-0886 16 1999-09-17 2018-10-12
9.0
None Remote Low ??? Complete Complete Complete
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
18292 CVE-1999-0883 1999-10-25 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
18293 CVE-1999-0879 Overflow +Priv 1999-10-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
18294 CVE-1999-0878 Overflow +Priv 1999-08-22 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
18295 CVE-1999-0876 119 Overflow 2000-01-04 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
18296 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
18297 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
18298 CVE-1999-0837 DoS 1999-11-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in BIND by improperly closing TCP sessions via so_linger.
18299 CVE-1999-0836 1998-12-02 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
18300 CVE-1999-0835 DoS 1999-11-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in BIND named via malformed SIG records.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.