Full List

Search

Recent Vulnerabilities

• CVE-1999-1076 • published on September 12, 2001 Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
• CVE-1999-1082 • published on September 12, 2001 Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.
• CVE-1999-1020 • published on September 12, 2001 The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
• CVE-1999-1025 • published on September 12, 2001 CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.
• CVE-1999-1026 • published on September 12, 2001 aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
• CVE-1999-1029 • published on September 12, 2001 SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
• CVE-1999-1030 • published on September 12, 2001 counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation.
• CVE-1999-1036 • published on September 12, 2001 COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk.
• CVE-1999-1043 • published on September 12, 2001 Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
• CVE-1999-1051 • published on September 12, 2001 Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
• CVE-1999-1053 • published on September 12, 2001 guestbook.pl cleanses user-inserted SSI commands by removing text between "!--" and "--" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
• CVE-1999-1058 • published on September 12, 2001 Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands.
• CVE-1999-1060 • published on September 12, 2001 Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
• CVE-1999-1063 • published on September 12, 2001 CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
• CVE-1999-1065 • published on September 12, 2001 Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode.
• CVE-1999-1069 • published on September 12, 2001 Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
• CVE-1999-1079 • published on September 12, 2001 Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
• CVE-1999-1022 • published on September 12, 2001 serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
• CVE-1999-1031 • published on September 12, 2001 counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument.
• CVE-1999-1033 • published on September 12, 2001 Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.