Vulnerability Details

CVE-1999-0977 • published on January 4, 2000 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

CVE-1999-0975 • published on January 4, 2000 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

CVE-1999-0978 • published on January 4, 2000 htdig allows remote attackers to execute commands via filenames with shell metacharacters.

CVE-1999-0725 • published on January 4, 2000 When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

CVE-1999-0728 • published on January 4, 2000 A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

CVE-1999-0730 • published on January 4, 2000 The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

CVE-1999-0731 • published on January 4, 2000 The KDE klock program allows local users to unlock a session using malformed input.

CVE-1999-0744 • published on January 4, 2000 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

CVE-1999-0752 • published on January 4, 2000 Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

CVE-1999-0755 • published on January 4, 2000 Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

CVE-1999-0765 • published on January 4, 2000 SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

CVE-1999-0766 • published on January 4, 2000 The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.

CVE-1999-0774 • published on January 4, 2000 Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.

CVE-1999-0777 • published on January 4, 2000 IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

CVE-1999-0807 • published on January 4, 2000 The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

CVE-1999-0809 • published on January 4, 2000 Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

CVE-1999-0812 • published on January 4, 2000 Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

CVE-1999-0817 • published on January 4, 2000 Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

CVE-1999-0848 • published on January 4, 2000 Denial of service in BIND named via consuming more than "fdmax" file descriptors.

CVE-1999-0868 • published on January 4, 2000 ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

Recent Vulnerabilities