CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0001 20 DoS 1999-12-30 2010-12-16
5.0
None Remote Low Not required None None Partial
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
2 CVE-1999-0154 1999-12-31 2020-11-23
5.0
None Remote Low Not required Partial None None
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
3 CVE-1999-0289 1999-12-12 2020-10-13
5.0
None Remote Low Not required Partial None None
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4 CVE-1999-0455 1999-12-25 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
5 CVE-1999-0477 1999-12-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
6 CVE-1999-0808 DoS Exec Code Overflow 1999-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
7 CVE-1999-0815 DoS 1999-12-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
8 CVE-1999-0819 1999-12-01 2016-10-18
5.0
None Remote Low Not required Partial None None
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
9 CVE-1999-0820 +Priv 1999-12-01 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
10 CVE-1999-0823 Overflow +Priv 1999-12-01 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
11 CVE-1999-0825 1999-12-03 2008-09-09
3.6
None Local Low Not required Partial Partial None
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.
12 CVE-1999-0826 Overflow +Priv 1999-12-01 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in FreeBSD angband allows local users to gain privileges.
13 CVE-1999-0828 1999-12-02 2008-09-09
3.6
None Local Low Not required Partial Partial None
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
14 CVE-1999-0834 Overflow 1999-12-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
15 CVE-1999-0838 DoS Overflow 1999-12-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
16 CVE-1999-0846 DoS 1999-12-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in MDaemon 2.7 via a large number of connection attempts.
17 CVE-1999-0850 1999-12-02 2008-09-09
3.6
None Local Low Not required Partial Partial None
The default permissions for Endymion MailMan allow local users to read email or modify files.
18 CVE-1999-0852 1999-12-02 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
19 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
20 CVE-1999-0855 Overflow 1999-12-01 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in FreeBSD gdc program.
21 CVE-1999-0856 1999-12-01 2008-09-09
5.0
None Remote Low Not required None Partial None
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.
22 CVE-1999-0857 1999-12-01 2008-09-09
2.1
None Local Low Not required None Partial None
FreeBSD gdc program allows local users to modify files via a symlink attack.
23 CVE-1999-0858 16 1999-12-02 2021-07-22
5.0
None Remote Low Not required None Partial None
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
24 CVE-1999-0859 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
25 CVE-1999-0860 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
26 CVE-1999-0862 +Priv 1999-12-02 2008-09-09
2.1
None Local Low Not required Partial None None
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
27 CVE-1999-0864 1999-12-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
28 CVE-1999-0865 Overflow 1999-12-03 2016-10-18
5.0
None Remote Low Not required None None Partial
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
29 CVE-1999-0866 Overflow +Priv 1999-12-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
30 CVE-1999-0892 Overflow 1999-12-24 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
31 CVE-1999-0934 1999-12-15 2018-05-03
5.0
None Remote Low Not required Partial None None
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
32 CVE-1999-0935 Exec Code 1999-12-15 2005-05-02
10.0
None Remote Low Not required Complete Complete Complete
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
33 CVE-1999-0963 +Priv 1999-12-01 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
34 CVE-1999-0972 Overflow 1999-12-09 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Xshipwars xsw program.
35 CVE-1999-0973 Overflow +Priv 1999-12-07 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
36 CVE-1999-0974 Overflow +Priv 1999-12-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
37 CVE-1999-0975 Exec Code 1999-12-10 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
38 CVE-1999-0976 DoS 1999-12-07 2008-09-09
2.1
None Local Low Not required None None Partial
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
39 CVE-1999-0977 Overflow +Priv 1999-12-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
40 CVE-1999-0978 Exec Code 1999-12-09 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
41 CVE-1999-0981 59 1999-12-08 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
42 CVE-1999-0982 1999-12-05 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
43 CVE-1999-0986 DoS 1999-12-08 2008-09-09
5.0
None Remote Low Not required None None Partial
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
44 CVE-1999-0988 1999-12-04 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.
45 CVE-1999-0989 Exec Code Overflow 1999-12-06 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
46 CVE-1999-0990 1999-12-05 2008-09-09
2.1
None Local Low Not required Partial None None
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
47 CVE-1999-0991 DoS Overflow 1999-12-06 2008-09-09
5.0
None Remote Low Not required None None Partial
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.
48 CVE-1999-0993 665 1999-12-13 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
49 CVE-1999-0994 255 1999-12-16 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
50 CVE-1999-0995 20 DoS 1999-12-16 2018-10-12
7.8
None Remote Low Not required None None Complete
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
Total number of vulnerabilities : 201   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.