| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0323 |
|
|
|
1999-07-28 |
2018-10-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. |
|
2 |
CVE-1999-1560 |
|
|
Exec Code |
1999-07-20 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in a script in Texas A&M University (TAMU) Tiger allows local users to execute arbitrary commands as the Tiger user, usually root. |
|
3 |
CVE-1999-1545 |
|
|
|
1999-07-14 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users. |
|
4 |
CVE-1999-1543 |
|
|
|
1999-07-10 |
2021-09-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. |
|
5 |
CVE-1999-1537 |
|
|
DoS |
1999-07-07 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. |
|
6 |
CVE-1999-1536 |
|
|
+Priv |
1999-07-30 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file. |
|
7 |
CVE-1999-1535 |
|
|
DoS Exec Code Overflow |
1999-07-20 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request. |
|
8 |
CVE-1999-1518 |
|
|
DoS Bypass |
1999-07-15 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults. |
|
9 |
CVE-1999-1478 |
|
|
DoS |
1999-07-06 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. |
|
10 |
CVE-1999-1460 |
|
|
|
1999-07-13 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. |
|
11 |
CVE-1999-1394 |
|
|
|
1999-07-02 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device. |
|
12 |
CVE-1999-1378 |
|
|
|
1999-07-19 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. |
|
13 |
CVE-1999-1338 |
|
|
|
1999-07-21 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions. |
|
14 |
CVE-1999-1227 |
|
|
|
1999-07-30 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. |
|
15 |
CVE-1999-1166 |
|
|
+Priv |
1999-07-11 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. |
|
16 |
CVE-1999-1165 |
|
|
+Priv |
1999-07-21 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. |
|
17 |
CVE-1999-1130 |
|
|
|
1999-07-30 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. |
|
18 |
CVE-1999-1086 |
|
|
+Priv |
1999-07-15 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls. |
|
19 |
CVE-1999-1078 |
|
|
+Priv |
1999-07-29 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. |
|
20 |
CVE-1999-1018 |
|
|
Bypass |
1999-07-27 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. |
|
21 |
CVE-1999-1017 |
|
|
|
1999-07-28 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. |
|
22 |
CVE-1999-1011 |
264 |
|
Exec Code |
1999-07-19 |
2018-10-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. |
|
23 |
CVE-1999-0918 |
20 |
|
DoS |
1999-07-03 |
2018-10-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Denial of service in various Windows systems via malformed, fragmented IGMP packets. |
|
24 |
CVE-1999-0889 |
|
|
|
1999-07-01 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. |
|
25 |
CVE-1999-0811 |
|
|
Overflow |
1999-07-21 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Samba smbd program via a malformed message command. |
|
26 |
CVE-1999-0810 |
|
|
DoS |
1999-07-21 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Denial of service in Samba NETBIOS name service daemon (nmbd). |
|
27 |
CVE-1999-0809 |
|
|
|
1999-07-09 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". |
|
28 |
CVE-1999-0770 |
|
|
DoS |
1999-07-29 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. |
|
29 |
CVE-1999-0752 |
|
|
DoS Overflow |
1999-07-06 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
|
30 |
CVE-1999-0728 |
264 |
|
|
1999-07-06 |
2018-10-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
|
31 |
CVE-1999-0721 |
20 |
|
DoS |
1999-07-20 |
2018-10-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. |
|
32 |
CVE-1999-0710 |
|
|
|
1999-07-25 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
|
33 |
CVE-1999-0707 |
|
|
|
1999-07-01 |
2008-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
|
34 |
CVE-1999-0700 |
119 |
|
Overflow |
1999-07-29 |
2018-10-12 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
|
35 |
CVE-1999-0696 |
|
|
Overflow |
1999-07-01 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
|
36 |
CVE-1999-0692 |
|
|
+Priv |
1999-07-19 |
2008-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. |
|
37 |
CVE-1999-0690 |
|
|
|
1999-07-01 |
2008-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP CDE program includes the current directory in root's PATH variable. |
|
38 |
CVE-1999-0688 |
|
|
Overflow |
1999-07-01 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. |
|
39 |
CVE-1999-0683 |
|
|
DoS |
1999-07-30 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Gauntlet Firewall via a malformed ICMP packet. |
|
40 |
CVE-1999-0224 |
|
|
DoS |
1999-07-23 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Denial of service in Windows NT messenger service through a long username. |
