Security Vulnerabilities Published In January 1999

1999 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-1999-0119			1999-01-19	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Windows NT 4.0 beta allows users to read and delete shares.
2	CVE-1999-0197			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
finger 0@host on some systems may print information on some user accounts.
3	CVE-1999-0198			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
finger .@host on some systems may print information on some user accounts.
4	CVE-1999-0200			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
5	CVE-1999-0220		DoS	1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Attackers can do a denial of service of IRC by crashing the server.
6	CVE-1999-0226	19	DoS	1999-01-01	2017-05-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
7	CVE-1999-0243			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Linux cfingerd could be exploited to gain root access.
8	CVE-1999-0248			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
9	CVE-1999-0255		Exec Code Overflow	1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Buffer overflow in ircd allows arbitrary command execution.
10	CVE-1999-0268			1999-01-01	2008-09-09	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
11	CVE-1999-0283			1999-01-01	2016-10-18	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The Java Web Server would allow remote users to obtain the source code for CGI programs.
12	CVE-1999-0285		DoS	1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
13	CVE-1999-0286			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
14	CVE-1999-0347			1999-01-26	2016-10-18	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
15	CVE-1999-0356			1999-01-25	2008-09-09	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
16	CVE-1999-0361			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
17	CVE-1999-0364			1999-01-01	2016-10-18	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
18	CVE-1999-0394			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
19	CVE-1999-0397			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
20	CVE-1999-0452			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A service or application has a backdoor password that was placed there by the developer.
21	CVE-1999-0454			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
22	CVE-1999-0461			1999-01-28	2008-09-09	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
23	CVE-1999-0465			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
24	CVE-1999-0495			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
25	CVE-1999-0512			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
26	CVE-1999-0515			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
27	CVE-1999-0527			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.
28	CVE-1999-0530			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A system is operating in "promiscuous" mode which allows it to perform packet sniffing.
29	CVE-1999-0539			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A trust relationship exists between two Unix hosts.
30	CVE-1999-0547			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
An SSH server allows authentication through the .rhosts file.
31	CVE-1999-0548			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A superfluous NFS server is running, but it is not importing or exporting any file systems.
32	CVE-1999-0554			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
NFS exports system-critical data to the world, e.g. / or a password file.
33	CVE-1999-0555			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A Unix account with a name other than "root" has UID 0, i.e. root privileges.
34	CVE-1999-0556			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Two or more Unix accounts have the same UID.
35	CVE-1999-0559			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A system-critical Unix file or directory has inappropriate permissions.
36	CVE-1999-0560			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A system-critical Windows NT file or directory has inappropriate permissions.
37	CVE-1999-0561			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
IIS has the #exec function enabled for Server Side Include (SSI) files.
38	CVE-1999-0564			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.
39	CVE-1999-0565			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A Sendmail alias allows input to be piped to a program.
40	CVE-1999-0568			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
rpc.admind in Solaris is not running in a secure mode.
41	CVE-1999-0569			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.
42	CVE-1999-0570			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
43	CVE-1999-0571			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
44	CVE-1999-0577			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
45	CVE-1999-0579			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
46	CVE-1999-0580			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
47	CVE-1999-0581			1999-01-01	2008-09-05	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
48	CVE-1999-0583			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
There is a one-way or two-way trust relationship between Windows NT domains.
49	CVE-1999-0584			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A Windows NT file system is not NTFS.
50	CVE-1999-0587			1999-01-01	2005-10-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.

Total number of vulnerabilities : 153 Page : 1 (This Page)2 3 4