-
CVE-1999-0877
•
published on January 4, 2000
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
-
CVE-1999-0879
•
published on January 4, 2000
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
-
CVE-1999-0884
•
published on January 4, 2000
The Zeus web server administrative interface uses weak encryption for its passwords.
-
CVE-1999-0886
•
published on January 4, 2000
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
-
CVE-1999-0918
•
published on January 4, 2000
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
-
CVE-1999-0935
•
published on January 4, 2000
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
-
CVE-1999-0943
•
published on January 4, 2000
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
-
CVE-1999-0947
•
published on January 4, 2000
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
-
CVE-1999-0951
•
published on January 4, 2000
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
-
CVE-1999-0953
•
published on January 4, 2000
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
-
CVE-1999-0973
•
published on January 4, 2000
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
-
CVE-1999-0974
•
published on January 4, 2000
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
-
CVE-1999-0977
•
published on January 4, 2000
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
-
CVE-1999-0695
•
published on January 4, 2000
The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.
-
CVE-1999-0699
•
published on January 4, 2000
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.
-
CVE-1999-0707
•
published on January 4, 2000
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
-
CVE-1999-0722
•
published on January 4, 2000
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
-
CVE-1999-0723
•
published on January 4, 2000
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
-
CVE-1999-0726
•
published on January 4, 2000
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
-
CVE-1999-0735
•
published on January 4, 2000
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.