Full List

Search

Recent Vulnerabilities

• CVE-1999-1299 • published on September 12, 2001 rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
• CVE-1999-1313 • published on September 12, 2001 Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
• CVE-1999-1315 • published on September 12, 2001 Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service.
• CVE-1999-1319 • published on September 12, 2001 Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.
• CVE-1999-1322 • published on September 12, 2001 The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
• CVE-1999-1340 • published on September 12, 2001 Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
• CVE-1999-1342 • published on September 12, 2001 ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port.
• CVE-1999-1344 • published on September 12, 2001 Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file.
• CVE-1999-1350 • published on September 12, 2001 ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse.
• CVE-1999-1352 • published on September 12, 2001 mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.
• CVE-1999-1355 • published on September 12, 2001 BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
• CVE-1999-1357 • published on September 12, 2001 Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "" sign, and the 0x9b character to a "" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
• CVE-1999-1361 • published on September 12, 2001 Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
• CVE-1999-1366 • published on September 12, 2001 Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
• CVE-1999-1369 • published on September 12, 2001 Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
• CVE-1999-1373 • published on September 12, 2001 FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap.
• CVE-1999-1374 • published on September 12, 2001 perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
• CVE-1999-1377 • published on September 12, 2001 Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
• CVE-1999-1381 • published on September 12, 2001 Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands.
• CVE-1999-1388 • published on September 12, 2001 passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.