CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 1999

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-1999-1591 Bypass 1999-12-31 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
52 CVE-1999-1590 Dir. Trav. 1999-12-31 2008-09-05
3.5
 None Remote Medium ??? Partial None None
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
53 CVE-1999-1589 +Priv 1999-12-31 2008-09-05
7.2
 None Local Low Not required Complete Complete Complete
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
54 CVE-1999-1588 1 Exec Code Overflow 1999-12-31 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
55 CVE-1999-1587 1999-12-31 2018-10-30
2.1
 None Local Low Not required Partial None None
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
56 CVE-1999-1586 +Priv 1999-12-31 2017-07-11
7.2
 None Local Low Not required Complete Complete Complete
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
57 CVE-1999-1585 +Priv 1999-12-31 2018-10-30
7.2
 None Local Low Not required Complete Complete Complete
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
58 CVE-1999-1584 +Priv 1999-12-31 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
59 CVE-1999-1573 +Priv 1999-12-28 2017-10-19
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
60 CVE-1999-1512 Exec Code 1999-12-31 2017-10-10
10.0
 None Remote Low Not required Complete Complete Complete
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
61 CVE-1999-1497 1999-12-21 2008-09-05
7.2
 None Local Low Not required Complete Complete Complete
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
62 CVE-1999-1488 1999-12-31 2008-09-05
5.0
 None Remote Low Not required Partial None None
sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.
63 CVE-1999-1481 Bypass 1999-12-31 2017-10-10
5.0
 None Remote Low Not required Partial None None
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
64 CVE-1999-1476 DoS 1999-12-31 2017-10-10
2.1
 None Local Low Not required None None Partial
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
65 CVE-1999-1474 1999-12-31 2017-12-19
7.5
 None Remote Low Not required Partial Partial Partial
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
66 CVE-1999-1473 1999-12-31 2021-07-22
5.0
 None Remote Low Not required Partial None None
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
67 CVE-1999-1472 1999-12-31 2021-07-22
5.0
 None Remote Low Not required Partial None None
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
68 CVE-1999-1465 Bypass 1999-12-31 2017-12-19
7.5
 None Remote Low Not required Partial Partial Partial
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862.
69 CVE-1999-1464 Bypass 1999-12-31 2017-12-19
7.5
 None Remote Low Not required Partial Partial Partial
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
70 CVE-1999-1462 200 +Info 1999-12-31 2018-11-29
5.0
 None Remote Low Not required Partial None None
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
71 CVE-1999-1456 1999-12-31 2017-10-10
5.0
 None Remote Low Not required Partial None None
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
72 CVE-1999-1455 1999-12-31 2017-10-10
7.5
 None Remote Low Not required Partial Partial Partial
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
73 CVE-1999-1452 1999-12-31 2017-10-10
2.1
 None Local Low Not required Partial None None
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
74 CVE-1999-1451 1999-12-31 2018-10-12
5.0
 None Remote Low Not required Partial None None
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
75 CVE-1999-1444 1999-12-31 2008-09-10
5.0
 None Remote Low Not required Partial None None
genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.
76 CVE-1999-1386 1999-12-31 2016-10-18
2.1
 None Local Low Not required None Partial None
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
77 CVE-1999-1382 +Priv 1999-12-31 2016-10-18
7.2
 None Local Low Not required Complete Complete Complete
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
78 CVE-1999-1379 1999-12-31 2016-10-18
5.0
 None Remote Low Not required None None Partial
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
79 CVE-1999-1364 DoS 1999-12-31 2008-09-05
2.1
 None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
80 CVE-1999-1363 DoS 1999-12-31 2008-09-05
2.1
 None Local Low Not required None None Partial
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
81 CVE-1999-1362 DoS 1999-12-31 2008-09-05
2.1
 None Local Low Not required None None Partial
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
82 CVE-1999-1360 DoS 1999-12-31 2008-09-05
2.1
 None Local Low Not required None None Partial
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
83 CVE-1999-1359 Bypass 1999-12-31 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
84 CVE-1999-1358 Bypass 1999-12-31 2008-09-05
4.6
 None Local Low Not required Partial Partial Partial
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
85 CVE-1999-1355 1999-12-31 2017-12-19
7.5
 None Remote Low Not required Partial Partial Partial
BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
86 CVE-1999-1339 DoS 1999-12-31 2016-10-18
5.0
 None Remote Low Not required None None Partial
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
87 CVE-1999-1335 1999-12-31 2017-10-10
6.4
 None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
88 CVE-1999-1334 Exec Code Overflow 1999-12-31 2016-10-18
7.5
 None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command line argument.
89 CVE-1999-1333 Exec Code 1999-12-31 2016-10-18
7.5
 None Remote Low Not required Partial Partial Partial
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
90 CVE-1999-1332 1999-12-31 2016-10-18
2.1
 None Local Low Not required None Partial None
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
91 CVE-1999-1331 DoS 1999-12-31 2008-09-10
2.1
 None Local Low Not required None None Partial
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
92 CVE-1999-1330 Overflow 1999-12-31 2016-10-18
4.6
 None Local Low Not required Partial Partial Partial
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
93 CVE-1999-1329 Overflow +Priv 1999-12-31 2008-09-10
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
94 CVE-1999-1328 1999-12-31 2016-10-18
7.2
 None Local Low Not required Complete Complete Complete
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
95 CVE-1999-1327 Overflow +Priv 1999-12-31 2016-10-18
7.2
 None Local Low Not required Complete Complete Complete
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
96 CVE-1999-1325 +Priv 1999-12-31 2017-10-10
7.2
 None Local Low Not required Complete Complete Complete
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
97 CVE-1999-1324 1999-12-31 2017-10-10
7.5
 None Remote Low Not required Partial Partial Partial
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
98 CVE-1999-1320 +Priv 1999-12-31 2008-09-05
4.6
 None Local Low Not required Partial Partial Partial
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
99 CVE-1999-1317 +Priv 1999-12-31 2017-10-10
4.6
 None Local Low Not required Partial Partial Partial
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
100 CVE-1999-1316 1999-12-31 2017-10-10
7.5
 None Remote Low Not required Partial Partial Partial
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
Total number of vulnerabilities : 201   Page : 1 2 (This Page)3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.