Full List

Search

Recent Vulnerabilities

• CVE-1999-1211 • published on September 12, 2001 Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.
• CVE-1999-1221 • published on September 12, 2001 dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
• CVE-1999-1224 • published on September 12, 2001 IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
• CVE-1999-1225 • published on September 12, 2001 rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
• CVE-1999-1241 • published on September 12, 2001 Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
• CVE-1999-1250 • published on September 12, 2001 Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files.
• CVE-1999-1251 • published on September 12, 2001 Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
• CVE-1999-1253 • published on September 12, 2001 Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
• CVE-1999-1256 • published on September 12, 2001 Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file.
• CVE-1999-1260 • published on September 12, 2001 mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
• CVE-1999-1264 • published on September 12, 2001 WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled.
• CVE-1999-1268 • published on September 12, 2001 Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
• CVE-1999-1271 • published on September 12, 2001 Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
• CVE-1999-1212 • published on September 12, 2001 Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.
• CVE-1999-1216 • published on September 12, 2001 Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
• CVE-1999-1220 • published on September 12, 2001 Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.
• CVE-1999-1229 • published on September 12, 2001 Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
• CVE-1999-1230 • published on September 12, 2001 Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
• CVE-1999-1231 • published on September 12, 2001 ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
• CVE-1999-1236 • published on September 12, 2001 Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf.