Full List

Search

Recent Vulnerabilities

• CVE-1999-1384 • published on March 9, 2002 Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
• CVE-1999-1385 • published on March 9, 2002 Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
• CVE-1999-1452 • published on March 9, 2002 GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
• CVE-1999-1455 • published on March 9, 2002 RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
• CVE-1999-1456 • published on March 9, 2002 thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
• CVE-1999-1512 • published on March 9, 2002 The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
• CVE-1999-1360 • published on March 9, 2002 Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
• CVE-1999-1379 • published on March 9, 2002 DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
• CVE-1999-1380 • published on March 9, 2002 Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
• CVE-1999-1382 • published on March 9, 2002 NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
• CVE-1999-1386 • published on March 9, 2002 Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
• CVE-1999-1433 • published on March 9, 2002 HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
• CVE-1999-1476 • published on March 9, 2002 A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
• CVE-1999-1488 • published on March 9, 2002 sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.
• CVE-1999-1535 • published on March 9, 2002 Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.
• CVE-1999-1565 • published on March 9, 2002 Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
• CVE-2000-0006 • published on March 9, 2002 strace allows local users to read arbitrary files via memory mapped file names.
• CVE-2000-0027 • published on March 9, 2002 IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
• CVE-2000-0007 • published on March 9, 2002 Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
• CVE-2000-0180 • published on March 9, 2002 Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.