| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4251 |
CVE-2000-0227 |
|
|
DoS |
2000-03-23 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets. |
|
4252 |
CVE-2000-0184 |
|
|
|
2000-03-09 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
|
4253 |
CVE-2000-0167 |
|
|
DoS |
2000-02-15 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. |
|
4254 |
CVE-2000-0147 |
|
|
|
2000-02-08 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. |
|
4255 |
CVE-2000-0139 |
|
|
DoS |
1999-12-03 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
|
4256 |
CVE-2000-0132 |
200 |
|
+Info |
2000-01-31 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. |
|
4257 |
CVE-2000-0129 |
|
|
DoS Overflow |
2000-02-04 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. |
|
4258 |
CVE-2000-0124 |
|
|
Bypass |
2000-02-03 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. |
|
4259 |
CVE-2000-0089 |
|
|
|
2000-02-04 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. |
|
4260 |
CVE-2000-0080 |
|
|
|
2000-01-10 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
AIX techlibss allows local users to overwrite files via a symlink attack. |
|
4261 |
CVE-2000-0076 |
|
|
|
1999-12-30 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
|
4262 |
CVE-2000-0069 |
|
|
|
2000-01-01 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The recover program in Solstice Backup allows local users to restore sensitive files. |
|
4263 |
CVE-2000-0067 |
|
|
|
2000-01-11 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. |
|
4264 |
CVE-2000-0028 |
|
|
Bypass |
1999-12-23 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
|
4265 |
CVE-2000-0019 |
|
|
|
1999-03-04 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IMail POP3 daemon uses weak encryption, which allows local users to read files. |
|
4266 |
CVE-2000-0008 |
|
|
|
1999-12-26 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FTPPro allows local users to read sensitive information, which is stored in plain text. |
|
4267 |
CVE-2000-0006 |
|
|
|
1999-12-25 |
2017-10-09 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
strace allows local users to read arbitrary files via memory mapped file names. |
|
4268 |
CVE-1999-1587 |
|
|
|
1999-12-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. |
|
4269 |
CVE-1999-1572 |
|
|
|
1996-07-16 |
2017-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
|
4270 |
CVE-1999-1564 |
|
|
DoS |
1999-09-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. |
|
4271 |
CVE-1999-1554 |
|
|
|
1990-10-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. |
|
4272 |
CVE-1999-1545 |
|
|
|
1999-07-14 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users. |
|
4273 |
CVE-1999-1540 |
|
|
|
1999-10-04 |
2017-12-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code. |
|
4274 |
CVE-1999-1538 |
|
|
|
1999-01-14 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. |
|
4275 |
CVE-1999-1499 |
|
|
|
1998-04-10 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. |
|
4276 |
CVE-1999-1496 |
|
|
|
1999-06-08 |
2017-12-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. |
|
4277 |
CVE-1999-1495 |
|
|
|
1999-02-18 |
2017-12-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file. |
|
4278 |
CVE-1999-1494 |
|
|
|
1994-08-09 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. |
|
4279 |
CVE-1999-1476 |
|
|
DoS |
1999-12-31 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. |
|
4280 |
CVE-1999-1453 |
|
|
|
1999-02-02 |
2016-10-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. |
|
4281 |
CVE-1999-1452 |
|
|
|
1999-12-31 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. |
|
4282 |
CVE-1999-1449 |
|
|
DoS |
1997-05-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. |
|
4283 |
CVE-1999-1446 |
|
|
|
1997-08-05 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. |
|
4284 |
CVE-1999-1441 |
|
|
DoS |
1998-06-30 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it. |
|
4285 |
CVE-1999-1439 |
|
|
|
1998-01-02 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. |
|
4286 |
CVE-1999-1430 |
|
|
|
1999-01-01 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access. |
|
4287 |
CVE-1999-1429 |
|
|
|
1998-01-05 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. |
|
4288 |
CVE-1999-1423 |
|
|
DoS |
1997-06-26 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. |
|
4289 |
CVE-1999-1409 |
|
|
|
1998-07-03 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. |
|
4290 |
CVE-1999-1408 |
|
|
DoS |
1997-03-05 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. |
|
4291 |
CVE-1999-1407 |
|
|
|
1998-03-09 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. |
|
4292 |
CVE-1999-1406 |
|
|
DoS |
1998-07-29 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. |
|
4293 |
CVE-1999-1402 |
|
|
|
1997-05-17 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. |
|
4294 |
CVE-1999-1400 |
|
|
Bypass |
1999-06-03 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. |
|
4295 |
CVE-1999-1394 |
|
|
|
1999-07-02 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device. |
|
4296 |
CVE-1999-1386 |
|
|
|
1999-12-31 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. |
|
4297 |
CVE-1999-1364 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. |
|
4298 |
CVE-1999-1363 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. |
|
4299 |
CVE-1999-1362 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. |
|
4300 |
CVE-1999-1360 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. |
