Full List

Search

Recent Vulnerabilities

• CVE-1999-1048 • published on March 9, 2002 Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
• CVE-1999-1057 • published on March 9, 2002 VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
• CVE-1999-1074 • published on March 9, 2002 Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
• CVE-1999-1027 • published on March 9, 2002 Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.
• CVE-1999-1055 • published on March 9, 2002 Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
• CVE-1999-1019 • published on March 9, 2002 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.
• CVE-1999-1021 • published on March 9, 2002 NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
• CVE-1999-1028 • published on March 9, 2002 Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.
• CVE-1999-1034 • published on March 9, 2002 Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.
• CVE-1999-1035 • published on March 9, 2002 IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
• CVE-1999-1037 • published on March 9, 2002 rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.
• CVE-1999-1045 • published on March 9, 2002 pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
• CVE-1999-1059 • published on March 9, 2002 Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
• CVE-1999-1090 • published on March 9, 2002 The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
• CVE-1999-1098 • published on March 9, 2002 Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
• CVE-1999-1103 • published on March 9, 2002 dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
• CVE-1999-1105 • published on March 9, 2002 Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
• CVE-1999-1111 • published on March 9, 2002 Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
• CVE-1999-1114 • published on March 9, 2002 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
• CVE-1999-1116 • published on March 9, 2002 Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.