CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0119 1999-01-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT 4.0 beta allows users to read and delete shares.
2 CVE-1999-0197 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger 0@host on some systems may print information on some user accounts.
3 CVE-1999-0198 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger .@host on some systems may print information on some user accounts.
4 CVE-1999-0200 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
5 CVE-1999-0220 DoS 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Attackers can do a denial of service of IRC by crashing the server.
6 CVE-1999-0226 19 DoS 1999-01-01 2017-05-03
10.0
None Remote Low Not required Complete Complete Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
7 CVE-1999-0243 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Linux cfingerd could be exploited to gain root access.
8 CVE-1999-0248 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
9 CVE-1999-0255 Exec Code Overflow 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ircd allows arbitrary command execution.
10 CVE-1999-0268 1999-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
11 CVE-1999-0283 1999-01-01 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The Java Web Server would allow remote users to obtain the source code for CGI programs.
12 CVE-1999-0285 DoS 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
13 CVE-1999-0286 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
14 CVE-1999-0347 1999-01-26 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
15 CVE-1999-0356 1999-01-25 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
16 CVE-1999-0361 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
17 CVE-1999-0364 1999-01-01 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
18 CVE-1999-0394 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
19 CVE-1999-0397 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
20 CVE-1999-0452 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A service or application has a backdoor password that was placed there by the developer.
21 CVE-1999-0454 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
22 CVE-1999-0461 1999-01-28 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
23 CVE-1999-0465 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
24 CVE-1999-0495 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
25 CVE-1999-0512 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
26 CVE-1999-0515 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
27 CVE-1999-0527 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
28 CVE-1999-0530 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system is operating in "promiscuous" mode which allows it to perform packet sniffing.
29 CVE-1999-0539 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A trust relationship exists between two Unix hosts.
30 CVE-1999-0547 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An SSH server allows authentication through the .rhosts file.
31 CVE-1999-0548 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A superfluous NFS server is running, but it is not importing or exporting any file systems.
32 CVE-1999-0554 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NFS exports system-critical data to the world, e.g. / or a password file.
33 CVE-1999-0555 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Unix account with a name other than "root" has UID 0, i.e. root privileges.
34 CVE-1999-0556 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Two or more Unix accounts have the same UID.
35 CVE-1999-0559 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Unix file or directory has inappropriate permissions.
36 CVE-1999-0560 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Windows NT file or directory has inappropriate permissions.
37 CVE-1999-0561 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
IIS has the #exec function enabled for Server Side Include (SSI) files.
38 CVE-1999-0564 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.
39 CVE-1999-0565 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Sendmail alias allows input to be piped to a program.
40 CVE-1999-0568 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
rpc.admind in Solaris is not running in a secure mode.
41 CVE-1999-0569 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.
42 CVE-1999-0570 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
43 CVE-1999-0571 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
44 CVE-1999-0577 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
45 CVE-1999-0579 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
46 CVE-1999-0580 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
47 CVE-1999-0581 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
48 CVE-1999-0583 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
There is a one-way or two-way trust relationship between Windows NT domains.
49 CVE-1999-0584 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT file system is not NTFS.
50 CVE-1999-0587 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.
Total number of vulnerabilities : 153   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.