CVE List - 1999 / September
Showing 301 - 320 of 320 CVEs for September 1999 (Page 4 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-0494 | 1999-09-29 | Denial of service in WinGate proxy through a buffer overflow in POP3. |
| CVE-1999-0496 | 1999-09-29 | A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. |
| CVE-1999-0513 | 1999-09-29 | ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| CVE-1999-0514 | 1999-09-29 | UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
| CVE-1999-0526 | 1999-09-29 | An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| CVE-1999-0551 | 1999-09-29 | HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. |
| CVE-1999-0566 | 1999-09-29 | An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
| CVE-1999-0612 | 1999-09-29 | A version of finger is running that exposes valid user information to any entity on the network. |
| CVE-1999-0626 | 1999-09-29 | A version of rusers is running that exposes valid user information to any entity on the network. |
| CVE-1999-0627 | 1999-09-29 | The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
| CVE-1999-0628 | 1999-09-29 | The rwho/rwhod service is running, which exposes machine status and user information. |
| CVE-1999-0011 | 1999-09-29 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
| CVE-1999-0012 | 1999-09-29 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. |
| CVE-1999-0016 | 1999-09-29 | Land IP denial of service. |
| CVE-1999-0035 | 1999-09-29 | Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
| CVE-1999-0103 | 1999-09-29 | Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. |
| CVE-1999-0159 | 1999-09-29 | Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x... |
| CVE-1999-0468 | 1999-09-29 | Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. |
| CVE-1999-0472 | 1999-09-29 | The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. |
| CVE-1999-0151 | 2000-01-04 | The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. |
| CVE-1999-0212 | 2000-01-04 | Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| CVE-1999-0275 | 2000-01-04 | Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| CVE-1999-0280 | 2000-01-04 | Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| CVE-1999-0290 | 2000-01-04 | The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. |
| CVE-1999-0291 | 2000-01-04 | The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. |
| CVE-1999-0297 | 2000-01-04 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| CVE-1999-0304 | 2000-01-04 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
| CVE-1999-0318 | 2000-01-04 | Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| CVE-1999-0322 | 2000-01-04 | The open() function in FreeBSD allows local attackers to write to arbitrary files. |
| CVE-1999-0343 | 2000-01-04 | A malicious Palace server can force a client to execute arbitrary programs. |
| CVE-1999-0408 | 2000-01-04 | Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
| CVE-1999-0409 | 2000-01-04 | Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. |
| CVE-1999-0421 | 2000-01-04 | During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. |
| CVE-1999-0428 | 2000-01-04 | OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. |
| CVE-1999-0439 | 2000-01-04 | Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. |
| CVE-1999-0470 | 2000-01-04 | A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| CVE-1999-0674 | 2000-01-04 | The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| CVE-1999-0680 | 2000-01-04 | Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. |
| CVE-1999-0682 | 2000-01-04 | Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. |
| CVE-1999-0685 | 2000-01-04 | Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. |
| CVE-1999-0686 | 2000-01-04 | Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. |
| CVE-1999-0687 | 2000-01-04 | The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. |
| CVE-1999-0688 | 2000-01-04 | Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. |
| CVE-1999-0689 | 2000-01-04 | The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. |
| CVE-1999-0690 | 2000-01-04 | HP CDE program includes the current directory in root's PATH variable. |
| CVE-1999-0691 | 2000-01-04 | Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. |
| CVE-1999-0692 | 2000-01-04 | The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. |
| CVE-1999-0693 | 2000-01-04 | Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. |
| CVE-1999-0695 | 2000-01-04 | The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. |
| CVE-1999-0699 | 2000-01-04 | The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. |
| CVE-1999-0700 | 2000-01-04 | Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
| CVE-1999-0701 | 2000-01-04 | After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| CVE-1999-0702 | 2000-01-04 | Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. |
| CVE-1999-0703 | 2000-01-04 | OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| CVE-1999-0704 | 2000-01-04 | Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
| CVE-1999-0705 | 2000-01-04 | Buffer overflow in INN inews program. |
| CVE-1999-0706 | 2000-01-04 | Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| CVE-1999-0707 | 2000-01-04 | The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
| CVE-1999-0710 | 2000-01-04 | The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary... |
| CVE-1999-0713 | 2000-01-04 | The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. |
| CVE-1999-0714 | 2000-01-04 | Vulnerability in Compaq Tru64 UNIX edauth command. |
| CVE-1999-0715 | 2000-01-04 | Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| CVE-1999-0716 | 2000-01-04 | Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. |
| CVE-1999-0717 | 2000-01-04 | A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. |
| CVE-1999-0721 | 2000-01-04 | Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| CVE-1999-0722 | 2000-01-04 | The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. |
| CVE-1999-0723 | 2000-01-04 | The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. |
| CVE-1999-0724 | 2000-01-04 | Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |
| CVE-1999-0725 | 2000-01-04 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code... |
| CVE-1999-0726 | 2000-01-04 | An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| CVE-1999-0728 | 2000-01-04 | A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| CVE-1999-0730 | 2000-01-04 | The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. |
| CVE-1999-0731 | 2000-01-04 | The KDE klock program allows local users to unlock a session using malformed input. |
| CVE-1999-0732 | 2000-01-04 | The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. |
| CVE-1999-0735 | 2000-01-04 | KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. |
| CVE-1999-0744 | 2000-01-04 | Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
| CVE-1999-0745 | 2000-01-04 | Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. |
| CVE-1999-0749 | 2000-01-04 | Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. |
| CVE-1999-0751 | 2000-01-04 | Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
| CVE-1999-0752 | 2000-01-04 | Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
| CVE-1999-0755 | 2000-01-04 | Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. |
| CVE-1999-0761 | 2000-01-04 | Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. |
| CVE-1999-0762 | 2000-01-04 | When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. |
| CVE-1999-0763 | 2000-01-04 | NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. |
| CVE-1999-0764 | 2000-01-04 | NetBSD allows ARP packets to overwrite static ARP entries. |
| CVE-1999-0765 | 2000-01-04 | SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. |
| CVE-1999-0766 | 2000-01-04 | The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. |
| CVE-1999-0769 | 2000-01-04 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. |
| CVE-1999-0771 | 2000-01-04 | The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
| CVE-1999-0772 | 2000-01-04 | Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
| CVE-1999-0774 | 2000-01-04 | Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. |
| CVE-1999-0777 | 2000-01-04 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| CVE-1999-0779 | 2000-01-04 | Denial of service in HP-UX SharedX recserv program. |
| CVE-1999-0793 | 2000-01-04 | Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. |
| CVE-1999-0794 | 2000-01-04 | Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. |
| CVE-1999-0802 | 2000-01-04 | Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. |
| CVE-1999-0804 | 2000-01-04 | Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. |
| CVE-1999-0807 | 2000-01-04 | The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. |
| CVE-1999-0809 | 2000-01-04 | Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server... |
| CVE-1999-0810 | 2000-01-04 | Denial of service in Samba NETBIOS name service daemon (nmbd). |