CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 1999 (CVSS score >= 5)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0367 +Priv 1999-02-18 2008-09-10
7.2
 None Local Low Not required Complete Complete Complete
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
2 CVE-1999-1482 +Priv 1999-02-19 2008-09-05
7.2
 None Local Low Not required Complete Complete Complete
SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes.
3 CVE-1999-1405 Exec Code 1999-02-17 2016-10-18
10.0
 None Remote Low Not required Complete Complete Complete
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
4 CVE-1999-1375 1999-02-11 2016-10-18
5.0
 None Remote Low Not required Partial None None
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
5 CVE-1999-1260 +Info 1999-02-15 2017-12-19
7.5
 None Remote Low Not required Partial Partial Partial
mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
6 CVE-1999-1255 1999-02-19 2017-12-19
5.0
 None Remote Low Not required None Partial None
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter.
7 CVE-1999-1247 1 +Priv 1999-02-24 2017-12-19
7.2
 None Local Low Not required Complete Complete Complete
Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
8 CVE-1999-1203 DoS 1999-02-12 2016-10-18
5.0
 None Remote Low Not required None None Partial
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
9 CVE-1999-1201 DoS 1999-02-06 2017-10-10
5.0
 None Remote Low Not required None None Partial
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
10 CVE-1999-1180 Exec Code 1999-02-16 2008-09-10
5.0
 None Remote Low Not required None None Partial
O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.
11 CVE-1999-1169 DoS 1999-02-04 2008-09-10
5.0
 None Remote Low Not required None None Partial
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
12 CVE-1999-1168 1999-02-20 2008-09-05
7.2
 None Local Low Not required Complete Complete Complete
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
13 CVE-1999-1060 DoS Exec Code Overflow 1999-02-17 2016-10-18
5.0
 None Remote Low Not required None None Partial
Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
14 CVE-1999-1049 1999-02-21 2021-04-07
10.0
 None Remote Low Not required Complete Complete Complete
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
15 CVE-1999-0441 DoS Overflow 1999-02-22 2008-09-09
5.0
 None Remote Low Not required None None Partial
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
16 CVE-1999-0412 1999-02-19 2020-11-23
7.5
 None Remote Low Not required Partial Partial Partial
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
17 CVE-1999-0408 1999-02-25 2008-09-09
10.0
 None Remote Low Not required Complete Complete Complete
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
18 CVE-1999-0407 1999-02-09 2016-10-18
10.0
 None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
19 CVE-1999-0406 Overflow 1999-02-19 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
20 CVE-1999-0405 Overflow 1999-02-18 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
A buffer overflow in lsof allows local users to obtain root privilege.
21 CVE-1999-0404 Exec Code Overflow 1999-02-14 2008-09-09
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
22 CVE-1999-0403 DoS 1999-02-01 2016-10-18
5.0
 None Remote Low Not required None None Partial
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
23 CVE-1999-0383 1999-02-02 2008-09-09
7.5
 None Remote Low Not required Partial Partial Partial
ACC Tigris allows public access without a login.
24 CVE-1999-0381 Overflow 1999-02-26 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
25 CVE-1999-0379 Exec Code 1999-02-22 2018-10-12
7.5
 None Remote Low Not required Partial Partial Partial
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
26 CVE-1999-0378 1999-02-22 2008-09-09
5.0
 None Remote Low Not required Partial None None
InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.
27 CVE-1999-0377 DoS 1999-02-22 2016-12-28
5.0
 None Remote Low Not required None None Partial
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
28 CVE-1999-0375 Exec Code Overflow 1999-02-16 2008-09-09
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.
29 CVE-1999-0373 Exec Code Overflow 1999-02-01 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
30 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
31 CVE-1999-0366 287 1999-02-08 2018-10-12
7.5
 None Remote Low Not required Partial Partial Partial
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
32 CVE-1999-0365 Exec Code 1999-02-04 2008-09-09
7.5
 None Remote Low Not required Partial Partial Partial
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.
33 CVE-1999-0363 Overflow 1999-02-02 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.
34 CVE-1999-0362 DoS 1999-02-02 2008-09-09
5.0
 None Remote Low Not required None None Partial
WS_FTP server remote denial of service through cwd command.
35 CVE-1999-0358 Overflow 1999-02-01 2008-09-09
7.2
 None Local Low Not required Complete Complete Complete
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.
36 CVE-1999-0353 1999-02-10 2013-09-03
9.3
 None Remote Medium Not required Complete Complete Complete
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
37 CVE-1999-0351 DoS 1999-02-01 2018-05-03
6.4
 None Remote Low Not required Partial None Partial
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
38 CVE-1999-0350 1999-02-08 2008-09-09
6.2
 None Local High Not required Complete Complete Complete
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
39 CVE-1999-0291 1999-02-01 2008-09-09
7.5
 None Remote Low Not required Partial Partial Partial
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.