Full List

Search

Recent Vulnerabilities

• CVE-1999-1411 • published on March 9, 2002 The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
• CVE-1999-1414 • published on March 9, 2002 IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
• CVE-1999-1437 • published on March 9, 2002 ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.
• CVE-1999-1473 • published on March 9, 2002 When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
• CVE-1999-1472 • published on March 9, 2002 Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
• CVE-1999-1494 • published on March 9, 2002 colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
• CVE-1999-1507 • published on March 9, 2002 Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
• CVE-1999-1530 • published on March 9, 2002 cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
• CVE-1999-1531 • published on March 9, 2002 Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.
• CVE-1999-1407 • published on March 9, 2002 ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
• CVE-1999-1419 • published on March 9, 2002 Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
• CVE-1999-1423 • published on March 9, 2002 ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
• CVE-1999-1432 • published on March 9, 2002 Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
• CVE-1999-1478 • published on March 9, 2002 The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
• CVE-1999-1481 • published on March 9, 2002 Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
• CVE-1999-1542 • published on March 9, 2002 RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.
• CVE-1999-1550 • published on March 9, 2002 bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.
• CVE-1999-1339 • published on March 9, 2002 Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
• CVE-1999-1351 • published on March 9, 2002 Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick soundname requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.
• CVE-1999-1358 • published on March 9, 2002 When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.