Full List

Search

Recent Vulnerabilities

• CVE-1999-1121 • published on March 9, 2002 The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
• CVE-1999-1138 • published on March 9, 2002 SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
• CVE-1999-1139 • published on March 9, 2002 Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
• CVE-1999-1140 • published on March 9, 2002 Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.
• CVE-1999-1142 • published on March 9, 2002 SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
• CVE-1999-1144 • published on March 9, 2002 Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
• CVE-1999-1093 • published on March 9, 2002 Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
• CVE-1999-1094 • published on March 9, 2002 Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
• CVE-1999-1102 • published on March 9, 2002 lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
• CVE-1999-1104 • published on March 9, 2002 Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
• CVE-1999-1109 • published on March 9, 2002 Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
• CVE-1999-1117 • published on March 9, 2002 lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
• CVE-1999-1120 • published on March 9, 2002 netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.
• CVE-1999-1122 • published on March 9, 2002 Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
• CVE-1999-1127 • published on March 9, 2002 Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
• CVE-1999-1136 • published on March 9, 2002 Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
• CVE-1999-1143 • published on March 9, 2002 Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.
• CVE-1999-1145 • published on March 9, 2002 Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
• CVE-1999-1085 • published on March 9, 2002 SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."
• CVE-1999-1099 • published on March 9, 2002 Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.