CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-1999-0457 +Priv 1999-01-17 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Linux ftpwatch program allows local users to gain root privileges.
102 CVE-1999-0454 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
103 CVE-1999-0453 200 +Info 1999-01-01 2008-09-05
5.0
None Remote Low Not required Partial None None
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).
104 CVE-1999-0452 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
A service or application has a backdoor password that was placed there by the developer.
105 CVE-1999-0451 DoS 1999-01-19 2008-09-05
2.1
None Local Low Not required None None Partial
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
106 CVE-1999-0450 1999-01-26 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
107 CVE-1999-0449 DoS 1999-01-26 2008-09-09
7.8
None Remote Low Not required None None Complete
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
108 CVE-1999-0448 1999-01-01 2008-09-09
5.0
None Remote Low Not required Partial None None
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
109 CVE-1999-0442 1999-01-07 2018-10-30
2.1
None Local Low Not required None Partial None
Solaris ff.core allows local users to modify files.
110 CVE-1999-0402 1999-01-02 2008-09-09
5.0
None Remote Low Not required Partial None None
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.
111 CVE-1999-0401 1999-01-01 2008-09-09
3.7
None Local High Not required Partial Partial Partial
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.
112 CVE-1999-0400 DoS 1999-01-26 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Denial of service in Linux 2.2.0 running the ldd command on a core file.
113 CVE-1999-0399 Exec Code 1999-01-01 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.
114 CVE-1999-0398 1999-01-01 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
115 CVE-1999-0397 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
116 CVE-1999-0395 1999-01-01 2008-09-09
5.1
None Remote High Not required Partial Partial Partial
A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.
117 CVE-1999-0394 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
118 CVE-1999-0393 DoS 1999-01-01 2016-10-18
5.0
None Remote Low Not required None None Partial
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
119 CVE-1999-0392 Overflow 1999-01-10 2008-09-09
5.0
None Remote Low Not required Partial None None
Buffer overflow in Thomas Boutell's cgic library version up to 1.05.
120 CVE-1999-0391 1999-01-05 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
121 CVE-1999-0390 Overflow 1999-01-04 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Dosemu Slang library in Linux.
122 CVE-1999-0389 Overflow 1999-01-03 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the bootp server in the Debian Linux netstd package.
123 CVE-1999-0388 Exec Code 1999-01-01 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
124 CVE-1999-0384 1999-01-01 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
125 CVE-1999-0364 1999-01-01 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
126 CVE-1999-0361 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
127 CVE-1999-0360 Exec Code 1999-01-30 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
128 CVE-1999-0357 DoS 1999-01-25 2008-09-09
5.0
None Remote Low Not required None None Partial
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
129 CVE-1999-0356 1999-01-25 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
130 CVE-1999-0355 DoS 1999-01-01 2021-04-08
5.0
None Remote Low Not required None None Partial
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
131 CVE-1999-0352 1999-01-25 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.
132 CVE-1999-0349 119 DoS Exec Code Overflow 1999-01-27 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
133 CVE-1999-0348 200 +Info 1999-01-27 2018-08-13
5.0
None Remote Low Not required Partial None None
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
134 CVE-1999-0347 1999-01-26 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
135 CVE-1999-0286 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
136 CVE-1999-0285 DoS 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
137 CVE-1999-0283 1999-01-01 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
The Java Web Server would allow remote users to obtain the source code for CGI programs.
138 CVE-1999-0276 Overflow 1999-01-01 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
mSQL v2.0.1 and below allows remote execution through a buffer overflow.
139 CVE-1999-0268 1999-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
140 CVE-1999-0255 Exec Code Overflow 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ircd allows arbitrary command execution.
141 CVE-1999-0248 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
142 CVE-1999-0243 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Linux cfingerd could be exploited to gain root access.
143 CVE-1999-0240 1999-01-01 2005-10-20
7.5
None Remote Low Not required Partial Partial Partial
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
144 CVE-1999-0231 DoS Overflow 1999-01-01 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access.
145 CVE-1999-0226 19 DoS 1999-01-01 2017-05-03
10.0
None Remote Low Not required Complete Complete Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
146 CVE-1999-0220 DoS 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Attackers can do a denial of service of IRC by crashing the server.
147 CVE-1999-0205 DoS 1999-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Sendmail 8.6.11 and 8.6.12.
148 CVE-1999-0200 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
149 CVE-1999-0198 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger .@host on some systems may print information on some user accounts.
150 CVE-1999-0197 1999-01-01 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
finger 0@host on some systems may print information on some user accounts.
Total number of vulnerabilities : 153   Page : 1 2 3 (This Page)4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.