Full List

Search

Recent Vulnerabilities

• CVE-1999-1100 • published on March 9, 2002 Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
• CVE-1999-1119 • published on March 9, 2002 FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
• CVE-1999-1137 • published on March 9, 2002 The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
• CVE-1999-1087 • published on March 9, 2002 Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
• CVE-1999-1115 • published on March 9, 2002 Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
• CVE-1999-1118 • published on March 9, 2002 ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
• CVE-1999-1131 • published on March 9, 2002 Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.
• CVE-1999-1132 • published on March 9, 2002 Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
• CVE-1999-1146 • published on March 9, 2002 Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.
• CVE-1999-1162 • published on March 9, 2002 Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
• CVE-1999-1167 • published on March 9, 2002 Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
• CVE-1999-1188 • published on March 9, 2002 mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
• CVE-1999-1191 • published on March 9, 2002 Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
• CVE-1999-1159 • published on March 9, 2002 SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
• CVE-1999-1148 • published on March 9, 2002 FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
• CVE-1999-1156 • published on March 9, 2002 BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.
• CVE-1999-1160 • published on March 9, 2002 Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
• CVE-1999-1161 • published on March 9, 2002 Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
• CVE-1999-1175 • published on March 9, 2002 Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
• CVE-1999-1193 • published on March 9, 2002 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.