| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-1999-0001 |
20 |
|
DoS |
1999-12-30 |
2010-12-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. |
|
2 |
CVE-1999-0154 |
|
|
|
1999-12-31 |
2020-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
|
3 |
CVE-1999-0289 |
|
|
|
1999-12-12 |
2020-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
|
4 |
CVE-1999-0455 |
|
|
|
1999-12-25 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
|
5 |
CVE-1999-0477 |
|
|
|
1999-12-25 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
|
6 |
CVE-1999-0808 |
|
|
DoS Exec Code Overflow |
1999-12-31 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. |
|
7 |
CVE-1999-0815 |
|
|
DoS |
1999-12-31 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. |
|
8 |
CVE-1999-0819 |
|
|
|
1999-12-01 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. |
|
9 |
CVE-1999-0820 |
|
|
+Priv |
1999-12-01 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. |
|
10 |
CVE-1999-0823 |
|
|
Overflow +Priv |
1999-12-01 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. |
|
11 |
CVE-1999-0825 |
|
|
|
1999-12-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail. |
|
12 |
CVE-1999-0826 |
|
|
Overflow +Priv |
1999-12-01 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in FreeBSD angband allows local users to gain privileges. |
|
13 |
CVE-1999-0828 |
|
|
|
1999-12-02 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission. |
|
14 |
CVE-1999-0834 |
|
|
Overflow |
1999-12-01 |
2008-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. |
|
15 |
CVE-1999-0838 |
|
|
DoS Overflow |
1999-12-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. |
|
16 |
CVE-1999-0846 |
|
|
DoS |
1999-12-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in MDaemon 2.7 via a large number of connection attempts. |
|
17 |
CVE-1999-0850 |
|
|
|
1999-12-02 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The default permissions for Endymion MailMan allow local users to read email or modify files. |
|
18 |
CVE-1999-0852 |
|
|
|
1999-12-02 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. |
|
19 |
CVE-1999-0853 |
|
|
Overflow +Priv |
1999-12-01 |
2008-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. |
|
20 |
CVE-1999-0855 |
|
|
Overflow |
1999-12-01 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in FreeBSD gdc program. |
|
21 |
CVE-1999-0856 |
|
|
|
1999-12-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. |
|
22 |
CVE-1999-0857 |
|
|
|
1999-12-01 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
FreeBSD gdc program allows local users to modify files via a symlink attack. |
|
23 |
CVE-1999-0858 |
16 |
|
|
1999-12-02 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. |
|
24 |
CVE-1999-0859 |
|
|
|
1999-12-01 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
|
25 |
CVE-1999-0860 |
|
|
|
1999-12-01 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. |
|
26 |
CVE-1999-0862 |
|
|
+Priv |
1999-12-02 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file. |
|
27 |
CVE-1999-0864 |
|
|
|
1999-12-03 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. |
|
28 |
CVE-1999-0865 |
|
|
Overflow |
1999-12-03 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. |
|
29 |
CVE-1999-0866 |
|
|
Overflow +Priv |
1999-12-03 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in UnixWare xauto program allows local users to gain root privilege. |
|
30 |
CVE-1999-0892 |
|
|
Overflow |
1999-12-24 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. |
|
31 |
CVE-1999-0934 |
|
|
|
1999-12-15 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. |
|
32 |
CVE-1999-0935 |
|
|
Exec Code |
1999-12-15 |
2005-05-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. |
|
33 |
CVE-1999-0963 |
|
|
+Priv |
1999-12-01 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. |
|
34 |
CVE-1999-0972 |
|
|
Overflow |
1999-12-09 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Xshipwars xsw program. |
|
35 |
CVE-1999-0973 |
|
|
Overflow +Priv |
1999-12-07 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. |
|
36 |
CVE-1999-0974 |
|
|
Overflow +Priv |
1999-12-09 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. |
|
37 |
CVE-1999-0975 |
|
|
Exec Code |
1999-12-10 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. |
|
38 |
CVE-1999-0976 |
|
|
DoS |
1999-12-07 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. |
|
39 |
CVE-1999-0977 |
|
|
Overflow +Priv |
1999-12-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. |
|
40 |
CVE-1999-0978 |
|
|
Exec Code |
1999-12-09 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
htdig allows remote attackers to execute commands via filenames with shell metacharacters. |
|
41 |
CVE-1999-0981 |
59 |
|
|
1999-12-08 |
2021-07-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." |
|
42 |
CVE-1999-0982 |
|
|
|
1999-12-05 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. |
|
43 |
CVE-1999-0986 |
|
|
DoS |
1999-12-08 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. |
|
44 |
CVE-1999-0988 |
|
|
|
1999-12-04 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. |
|
45 |
CVE-1999-0989 |
|
|
Exec Code Overflow |
1999-12-06 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. |
|
46 |
CVE-1999-0990 |
|
|
|
1999-12-05 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. |
|
47 |
CVE-1999-0991 |
|
|
DoS Overflow |
1999-12-06 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. |
|
48 |
CVE-1999-0993 |
665 |
|
|
1999-12-13 |
2020-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. |
|
49 |
CVE-1999-0994 |
255 |
|
|
1999-12-16 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. |
|
50 |
CVE-1999-0995 |
20 |
|
DoS |
1999-12-16 |
2018-10-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." |
