CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 1999 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-1588 1 Exec Code Overflow 1999-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
2 CVE-2000-0357 1999-12-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
3 CVE-2000-0119 1999-12-22 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
4 CVE-2000-0100 +Priv 1999-12-29 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
5 CVE-2000-0068 1999-12-14 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
6 CVE-2000-0043 Exec Code Overflow 1999-12-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
7 CVE-2000-0042 DoS Exec Code Overflow 1999-12-29 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
8 CVE-2000-0040 +Priv 1999-12-23 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
9 CVE-2000-0038 1999-12-23 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
glFtpD includes a default glftpd user account with a default password and a UID of 0.
10 CVE-2000-0032 1999-12-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
11 CVE-2000-0027 +Priv 1999-12-27 2008-09-10
6.2
None Local High Not required Complete Complete Complete
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
12 CVE-2000-0026 Overflow 1999-12-21 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
13 CVE-2000-0024 Bypass 1999-12-21 2018-10-12
6.4
None Remote Low Not required Partial Partial None
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
14 CVE-2000-0018 +Priv 1999-12-22 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.
15 CVE-2000-0017 Overflow +Priv 1999-12-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
16 CVE-2000-0013 +Priv 1999-12-31 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
17 CVE-2000-0012 Exec Code Overflow 1999-12-27 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
18 CVE-2000-0011 Exec Code Overflow 1999-12-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
19 CVE-2000-0010 Exec Code 1999-12-26 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
20 CVE-2000-0009 Exec Code 1999-12-29 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
21 CVE-2000-0003 Overflow +Priv 1999-12-30 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
22 CVE-2000-0002 Exec Code Overflow 1999-12-22 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
23 CVE-1999-1592 1999-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
24 CVE-1999-1591 Bypass 1999-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
25 CVE-1999-1589 +Priv 1999-12-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
26 CVE-1999-1586 +Priv 1999-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
27 CVE-1999-1585 +Priv 1999-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
28 CVE-1999-1584 +Priv 1999-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
29 CVE-1999-1573 +Priv 1999-12-28 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
30 CVE-1999-1512 Exec Code 1999-12-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
31 CVE-1999-1497 1999-12-21 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
32 CVE-1999-1474 1999-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
33 CVE-1999-1465 Bypass 1999-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862.
34 CVE-1999-1464 Bypass 1999-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
35 CVE-1999-1455 1999-12-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
36 CVE-1999-1382 +Priv 1999-12-31 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
37 CVE-1999-1359 Bypass 1999-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
38 CVE-1999-1355 1999-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
39 CVE-1999-1335 1999-12-31 2017-10-10
6.4
None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
40 CVE-1999-1334 Exec Code Overflow 1999-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command line argument.
41 CVE-1999-1333 Exec Code 1999-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
42 CVE-1999-1329 Overflow +Priv 1999-12-31 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
43 CVE-1999-1328 1999-12-31 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
44 CVE-1999-1327 Overflow +Priv 1999-12-31 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
45 CVE-1999-1325 +Priv 1999-12-31 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
46 CVE-1999-1324 1999-12-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
47 CVE-1999-1316 1999-12-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
48 CVE-1999-1307 +Priv 1999-12-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
49 CVE-1999-1293 DoS 1999-12-31 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
50 CVE-1999-1246 +Priv 1999-12-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.