CVE List - 2000 / January
Showing 1 - 100 of 182 CVEs for January 2000 (Page 1 of 2)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-0212 | 2000-01-04 | Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| CVE-1999-0275 | 2000-01-04 | Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| CVE-1999-0280 | 2000-01-04 | Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| CVE-1999-0290 | 2000-01-04 | The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. |
| CVE-1999-0291 | 2000-01-04 | The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. |
| CVE-1999-0297 | 2000-01-04 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| CVE-1999-0304 | 2000-01-04 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
| CVE-1999-0318 | 2000-01-04 | Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| CVE-1999-0322 | 2000-01-04 | The open() function in FreeBSD allows local attackers to write to arbitrary files. |
| CVE-1999-0343 | 2000-01-04 | A malicious Palace server can force a client to execute arbitrary programs. |
| CVE-1999-0408 | 2000-01-04 | Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
| CVE-1999-0409 | 2000-01-04 | Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. |
| CVE-1999-0421 | 2000-01-04 | During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. |
| CVE-1999-0428 | 2000-01-04 | OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. |
| CVE-1999-0439 | 2000-01-04 | Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. |
| CVE-1999-0470 | 2000-01-04 | A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| CVE-1999-0674 | 2000-01-04 | The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| CVE-1999-0680 | 2000-01-04 | Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. |
| CVE-1999-0682 | 2000-01-04 | Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. |
| CVE-1999-0685 | 2000-01-04 | Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. |
| CVE-1999-0686 | 2000-01-04 | Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. |
| CVE-1999-0687 | 2000-01-04 | The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. |
| CVE-1999-0688 | 2000-01-04 | Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. |
| CVE-1999-0689 | 2000-01-04 | The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. |
| CVE-1999-0690 | 2000-01-04 | HP CDE program includes the current directory in root's PATH variable. |
| CVE-1999-0691 | 2000-01-04 | Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. |
| CVE-1999-0692 | 2000-01-04 | The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. |
| CVE-1999-0693 | 2000-01-04 | Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. |
| CVE-1999-0695 | 2000-01-04 | The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. |
| CVE-1999-0699 | 2000-01-04 | The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. |
| CVE-1999-0700 | 2000-01-04 | Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
| CVE-1999-0701 | 2000-01-04 | After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| CVE-1999-0702 | 2000-01-04 | Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. |
| CVE-1999-0703 | 2000-01-04 | OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| CVE-1999-0704 | 2000-01-04 | Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
| CVE-1999-0705 | 2000-01-04 | Buffer overflow in INN inews program. |
| CVE-1999-0706 | 2000-01-04 | Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| CVE-1999-0707 | 2000-01-04 | The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
| CVE-1999-0710 | 2000-01-04 | The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary... |
| CVE-1999-0713 | 2000-01-04 | The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. |
| CVE-1999-0714 | 2000-01-04 | Vulnerability in Compaq Tru64 UNIX edauth command. |
| CVE-1999-0715 | 2000-01-04 | Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| CVE-1999-0716 | 2000-01-04 | Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. |
| CVE-1999-0717 | 2000-01-04 | A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. |
| CVE-1999-0721 | 2000-01-04 | Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
| CVE-1999-0722 | 2000-01-04 | The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. |
| CVE-1999-0723 | 2000-01-04 | The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. |
| CVE-1999-0724 | 2000-01-04 | Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |
| CVE-1999-0725 | 2000-01-04 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code... |
| CVE-1999-0726 | 2000-01-04 | An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| CVE-1999-0728 | 2000-01-04 | A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| CVE-1999-0730 | 2000-01-04 | The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. |
| CVE-1999-0731 | 2000-01-04 | The KDE klock program allows local users to unlock a session using malformed input. |
| CVE-1999-0732 | 2000-01-04 | The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. |
| CVE-1999-0735 | 2000-01-04 | KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. |
| CVE-1999-0744 | 2000-01-04 | Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
| CVE-1999-0745 | 2000-01-04 | Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. |
| CVE-1999-0749 | 2000-01-04 | Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. |
| CVE-1999-0751 | 2000-01-04 | Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
| CVE-1999-0752 | 2000-01-04 | Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
| CVE-1999-0755 | 2000-01-04 | Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. |
| CVE-1999-0761 | 2000-01-04 | Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. |
| CVE-1999-0762 | 2000-01-04 | When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. |
| CVE-1999-0763 | 2000-01-04 | NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. |
| CVE-1999-0764 | 2000-01-04 | NetBSD allows ARP packets to overwrite static ARP entries. |
| CVE-1999-0765 | 2000-01-04 | SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. |
| CVE-1999-0766 | 2000-01-04 | The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. |
| CVE-1999-0769 | 2000-01-04 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. |
| CVE-1999-0771 | 2000-01-04 | The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
| CVE-1999-0772 | 2000-01-04 | Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
| CVE-1999-0774 | 2000-01-04 | Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. |
| CVE-1999-0777 | 2000-01-04 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| CVE-1999-0779 | 2000-01-04 | Denial of service in HP-UX SharedX recserv program. |
| CVE-1999-0793 | 2000-01-04 | Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. |
| CVE-1999-0794 | 2000-01-04 | Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. |
| CVE-1999-0802 | 2000-01-04 | Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. |
| CVE-1999-0804 | 2000-01-04 | Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. |
| CVE-1999-0807 | 2000-01-04 | The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. |
| CVE-1999-0809 | 2000-01-04 | Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server... |
| CVE-1999-0810 | 2000-01-04 | Denial of service in Samba NETBIOS name service daemon (nmbd). |
| CVE-1999-0812 | 2000-01-04 | Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. |
| CVE-1999-0814 | 2000-01-04 | Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. |
| CVE-1999-0817 | 2000-01-04 | Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. |
| CVE-1999-0833 | 2000-01-04 | Buffer overflow in BIND 8.2 via NXT records. |
| CVE-1999-0835 | 2000-01-04 | Denial of service in BIND named via malformed SIG records. |
| CVE-1999-0837 | 2000-01-04 | Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| CVE-1999-0839 | 2000-01-04 | Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. |
| CVE-1999-0848 | 2000-01-04 | Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
| CVE-1999-0849 | 2000-01-04 | Denial of service in BIND named via maxdname. |
| CVE-1999-0851 | 2000-01-04 | Denial of service in BIND named via naptr. |
| CVE-1999-0858 | 2000-01-04 | Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. |
| CVE-1999-0861 | 2000-01-04 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. |
| CVE-1999-0867 | 2000-01-04 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. |
| CVE-1999-0868 | 2000-01-04 | ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
| CVE-1999-0869 | 2000-01-04 | Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |
| CVE-1999-0870 | 2000-01-04 | Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. |
| CVE-1999-0871 | 2000-01-04 | Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. |
| CVE-1999-0876 | 2000-01-04 | Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
| CVE-1999-0877 | 2000-01-04 | Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. |
| CVE-1999-0878 | 2000-01-04 | Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. |