| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0374 |
|
|
Bypass +Info |
1999-08-22 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. |
|
2 |
CVE-2000-0028 |
|
|
Bypass |
1999-12-23 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
|
3 |
CVE-2000-0024 |
|
|
Bypass |
1999-12-21 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
|
4 |
CVE-1999-1591 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. |
|
5 |
CVE-1999-1559 |
|
|
Bypass |
1999-03-31 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. |
|
6 |
CVE-1999-1547 |
20 |
|
Bypass |
1999-11-25 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. |
|
7 |
CVE-1999-1518 |
|
|
DoS Bypass |
1999-07-15 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults. |
|
8 |
CVE-1999-1481 |
|
|
Bypass |
1999-12-31 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. |
|
9 |
CVE-1999-1465 |
|
|
Bypass |
1999-12-31 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862. |
|
10 |
CVE-1999-1464 |
|
|
Bypass |
1999-12-31 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564. |
|
11 |
CVE-1999-1454 |
|
|
Bypass |
1999-10-04 |
2016-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. |
|
12 |
CVE-1999-1400 |
|
|
Bypass |
1999-06-03 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. |
|
13 |
CVE-1999-1393 |
|
|
Bypass |
1999-05-21 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. |
|
14 |
CVE-1999-1365 |
|
|
+Priv Bypass |
1999-06-28 |
2017-10-25 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. |
|
15 |
CVE-1999-1359 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. |
|
16 |
CVE-1999-1358 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. |
|
17 |
CVE-1999-1347 |
|
|
Bypass |
1999-10-07 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. |
|
18 |
CVE-1999-1124 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. |
|
19 |
CVE-1999-1111 |
|
|
Overflow Bypass |
1999-11-09 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. |
|
20 |
CVE-1999-1077 |
|
|
Bypass |
1999-11-01 |
2016-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. |
|
21 |
CVE-1999-1076 |
|
|
Bypass |
1999-10-26 |
2016-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. |
|
22 |
CVE-1999-1047 |
|
|
Bypass |
1999-10-18 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. |
|
23 |
CVE-1999-1018 |
|
|
Bypass |
1999-07-27 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. |
|
24 |
CVE-1999-0909 |
264 |
|
Bypass |
1999-09-20 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. |
|
25 |
CVE-1999-0428 |
|
|
Bypass |
1999-03-22 |
2008-09-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. |
