cpe:/o:openbsd:openbsd:2.4 cpe:/o:freebsd:freebsd:2.2.6 cpe:/o:freebsd:freebsd:2.1.7 cpe:/o:freebsd:freebsd:2.2.5 cpe:/o:freebsd:freebsd:2.1.7.1 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:freebsd:freebsd:3.0 cpe:/o:freebsd:freebsd:2.0.1 cpe:/o:freebsd:freebsd:2.2.3 cpe:/o:freebsd:freebsd:1.0 cpe:/o:freebsd:freebsd:2.2.4 cpe:/o:openbsd:openbsd:2.3 cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/o:bsdi:bsd_os:3.1 cpe:/o:freebsd:freebsd:2.2.2 cpe:/o:freebsd:freebsd:2.2 cpe:/o:freebsd:freebsd:1.1 cpe:/o:freebsd:freebsd:2.2.8 cpe:/o:freebsd:freebsd:1.1.5.1 cpe:/o:freebsd:freebsd:1.2 CVE-1999-0001 1999-12-30T00:00:00.000-05:00 2010-12-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 5707 CONFIRM http://www.openbsd.org/errata23.html#tcpfix ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. cpe:/o:caldera:openlinux:1.2 cpe:/o:redhat:linux:5.1 cpe:/o:redhat:linux:4.2 cpe:/o:redhat:linux:4.1 cpe:/o:redhat:linux:3.0.3 cpe:/o:redhat:linux:2.1 cpe:/o:bsdi:bsd_os:1.1 cpe:/o:redhat:linux:5.0 cpe:/o:redhat:linux:2.0 cpe:/o:redhat:linux:4.0 CVE-1999-0002 1998-10-12T00:00:00.000-04:00 2009-01-26T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 121 CIAC J-006 SGI 19981006-01-I Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. cpe:/o:sun:solaris:2.5 cpe:/o:hp:hp-ux:11.00 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.0 cpe:/o:sgi:irix:6.4 cpe:/o:ibm:aix:4.1.2 cpe:/o:sun:solaris:2.5.1 cpe:/o:sgi:irix:5.2 cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.3 cpe:/o:sgi:irix:6.0 cpe:/o:ibm:aix:4.1.5 cpe:/o:sun:solaris:2.4 cpe:/o:ibm:aix:4.1.3 cpe:/o:sgi:irix:6.3 cpe:/a:tritreal:ted_cde:4.3 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.3 cpe:/o:ibm:aix:4.2.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.3 cpe:/o:ibm:aix:4.1 cpe:/o:sun:solaris:1.1 cpe:/o:sun:solaris:2.1 cpe:/o:hp:hp-ux:10.02 cpe:/o:ibm:aix:4.2 cpe:/o:hp:hp-ux:10.03 cpe:/o:hp:hp-ux:10.01 cpe:/o:sgi:irix:6.1 cpe:/o:ibm:aix:4.1.1 cpe:/o:sun:solaris:1.2 CVE-1999-0003 1998-04-01T00:00:00.000-05:00 2008-09-09T08:33:30.790-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 122 SGI 19981101-01-PX SGI 19981101-01-A Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). cpe:/a:university_of_washington:pine:4.02 cpe:/o:sco:unixware:7.0 cpe:/a:hp:dtmail CVE-1999-0004 1997-12-16T00:00:00.000-05:00 2008-09-09T08:33:31.007-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MS MS98-008 MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. cpe:/a:university_of_washington:imap:10.234 cpe:/a:netscape:messaging_server:3.55 CVE-1999-0005 1998-07-20T00:00:00.000-04:00 2008-09-09T08:33:31.117-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 130 SUN 00177 Arbitrary command execution via IMAP buffer overflow in authenticate command. cpe:/a:qualcomm:qpopper:2.4 CVE-1999-0006 1998-07-14T00:00:00.000-04:00 2008-09-09T08:33:31.180-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 133 SGI 19980801-01-I Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. cpe:/a:open_market:secure_webserver:2.1 cpe:/a:ssleay:ssleay:0.9 cpe:/a:netscape:directory_server:1.3:patch5 cpe:/a:netscape:certificate_server:1.0:patch1 cpe:/a:netscape:directory_server:3.1:patch1 cpe:/a:c2net:stonghold_web_server:2.2 cpe:/a:microsoft:exchange_server:5.5 cpe:/a:netscape:proxy_server:3.5.1 cpe:/a:netscape:enterprise_server:3.0.1b cpe:/a:c2net:stonghold_web_server:2.3 cpe:/a:netscape:enterprise_server:2.0 cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:c2net:stonghold_web_server:2.0.1 cpe:/a:netscape:collabra_server:3.5.2 cpe:/a:ssleay:ssleay:0.6.6 cpe:/a:netscape:messaging_server:3.54 cpe:/a:netscape:fasttrack_server:3.01b cpe:/a:ssleay:ssleay:0.8.1 cpe:/a:microsoft:internet_information_server:4.0 cpe:/a:microsoft:site_server:3.0 cpe:/a:netscape:enterprise_server:3.5.1 cpe:/a:netscape:directory_server:3.12 CVE-1999-0007 1998-06-26T00:00:00.000-04:00 2008-09-09T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MS MS98-002 Information from SSL-encrypted sessions via PKCS #1. cpe:/o:sun:solaris:2.5 cpe:/o:hp:hp-ux:11.00 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:10.34 cpe:/o:sun:solaris:2.5.1 CVE-1999-0008 1998-06-08T00:00:00.000-04:00 2008-09-09T08:33:31.320-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00170 Buffer overflow in NIS+, in Sun's rpc.nisd program. cpe:/o:sgi:irix:4.0.1 cpe:/o:netbsd:netbsd:1.1 cpe:/o:sun:solaris:2.5::x86 cpe:/o:redhat:linux:4.1 cpe:/a:data_general:dg_ux:5.4_3.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:sgi:irix:5.2 cpe:/o:ibm:aix:4.1.4 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:4.0.5a cpe:/o:sun:solaris:2.4 cpe:/o:netbsd:netbsd:1.3 cpe:/o:sgi:irix:4.0.5_iop cpe:/o:ibm:aix:4.1.3 cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sgi:irix:6.3 cpe:/o:netbsd:netbsd:1.2 cpe:/o:sgi:irix:4.0.5f cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:sgi:irix:3.3.2 cpe:/o:sgi:irix:4.0.5d cpe:/o:sun:solaris:2.3 cpe:/o:sco:open_desktop:3.0 cpe:/o:ibm:aix:4.2.1 cpe:/o:sgi:irix:4.0.4t cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:4.0.4 cpe:/a:data_general:dg_ux:5.4_4.1 cpe:/o:sgi:irix:4.0.5g cpe:/o:sgi:irix:4.0.1t cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:3.3.1 cpe:/o:ibm:aix:4.2 cpe:/o:redhat:linux:5.0 cpe:/o:sgi:irix:4.0 cpe:/a:data_general:dg_ux:5.4_3.0 cpe:/a:data_general:dg_ux:5.4_4.11 cpe:/o:sgi:irix:6.1 cpe:/o:sgi:irix:4.0.2 cpe:/o:sgi:irix:3.3 cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.5 cpe:/o:sco:unixware:2.1 cpe:/o:redhat:linux:4.2 cpe:/o:sun:solaris:2.6 cpe:/o:sgi:irix:4.0.5e cpe:/o:ibm:aix:4.1.2 cpe:/o:sco:unixware:7.0 cpe:/o:sgi:irix:4.0.4b cpe:/o:bsdi:bsd_os:2.0 cpe:/o:sun:solaris:2.5.1 cpe:/o:sco:open_desktop:5.0 cpe:/o:ibm:aix:4.3 cpe:/a:isc:bind:8.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:sun:solaris:2.6::x86 cpe:/o:bsdi:bsd_os:2.0.1 cpe:/o:sgi:irix:3.3.3 cpe:/a:isc:bind:8.1.1 cpe:/o:sgi:irix:4.0.5h cpe:/o:netbsd:netbsd:1.2.1 cpe:/o:netbsd:netbsd:1.0 cpe:/o:redhat:linux:4.0 cpe:/o:caldera:openlinux:1.0 cpe:/o:sgi:irix:4.0.5 cpe:/o:nec:asl_ux_4800:64 cpe:/o:sgi:irix:4.0.3 cpe:/o:sgi:irix:3.2 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:ibm:aix:4.1 cpe:/a:isc:bind:4.9.6 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sgi:irix:4.0.5_ipr cpe:/o:ibm:aix:4.1.1 CVE-1999-0009 1998-04-08T00:00:00.000-04:00 2008-09-09T08:33:31.727-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9808-083 BID 134 SUN 00180 SGI 19980603-01-PX Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. cpe:/o:sun:solaris:5.5.1 cpe:/o:sco:openserver:5.0 cpe:/a:data_general:dg_ux:y2k_patchr4.11mu05 cpe:/o:sun:solaris:5.5 cpe:/o:sco:unix:3.2v4 cpe:/a:data_general:dg_ux:y2k_patchr4.12mu03 cpe:/o:sco:unixware:2.1 cpe:/o:redhat:linux:4.2 cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:sco:unixware:7.0 cpe:/o:sco:open_desktop:3.0 cpe:/a:isc:bind:4.9 cpe:/o:sun:solaris:5.6 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu02 cpe:/o:ibm:aix:4.3 cpe:/o:sun:solaris:5.3 cpe:/a:isc:bind:8 cpe:/o:sun:solaris:5.4 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu01 cpe:/o:ibm:aix:4.1 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu03 cpe:/o:ibm:aix:4.2 cpe:/o:redhat:linux:5.0 cpe:/o:netbsd:netbsd:1.3 cpe:/o:nec:asl_ux_4800:11 cpe:/o:nec:asl_ux_4800:13 CVE-1999-0010 1998-04-08T00:00:00.000-04:00 2008-09-09T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9808-083 SGI 19980603-01-PX Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. cpe:/o:sun:solaris:5.5.1 cpe:/o:sco:openserver:5.0 cpe:/a:data_general:dg_ux:y2k_patchr4.11mu05 cpe:/o:sun:solaris:5.5 cpe:/o:sco:unix:3.2v4 cpe:/a:data_general:dg_ux:y2k_patchr4.12mu03 cpe:/o:sco:unixware:2.1 cpe:/o:redhat:linux:4.2 cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:sco:unixware:7.0 cpe:/o:sco:open_desktop:3.0 cpe:/a:isc:bind:4.9 cpe:/o:sun:solaris:5.6 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu02 cpe:/o:ibm:aix:4.3 cpe:/o:sun:solaris:5.3 cpe:/a:isc:bind:8 cpe:/o:sun:solaris:5.4 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu01 cpe:/o:ibm:aix:4.1 cpe:/a:data_general:dg_ux:y2k_patchr4.20mu03 cpe:/o:ibm:aix:4.2 cpe:/o:redhat:linux:5.0 cpe:/o:netbsd:netbsd:1.3 cpe:/o:nec:asl_ux_4800:11 cpe:/o:nec:asl_ux_4800:13 CVE-1999-0011 1998-04-08T00:00:00.000-04:00 2008-09-09T08:33:31.867-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9808-083 SUN 00180 SGI 19980603-01-PX Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. cpe:/a:microsoft:personal_web_server:4.0 cpe:/a:microsoft:frontpage cpe:/a:netscape:fasttrack_server:3.01 cpe:/a:netscape:enterprise_server:3.0 cpe:/a:microsoft:internet_information_server:4.0 cpe:/a:netscape:fasttrack_server:2.01 CVE-1999-0012 1998-02-06T00:00:00.000-05:00 2008-09-09T08:33:31.947-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. cpe:/a:ssh:ssh:1.2.6 cpe:/a:ssh:ssh:1.2.3 cpe:/a:ssh:ssh:1.2.0 cpe:/a:ssh:ssh:1.2.2 cpe:/a:ssh:ssh:1.2.4 cpe:/a:ssh:ssh:1.2.10 cpe:/a:ssh:ssh:1.2.5 cpe:/a:ssh:ssh:1.2.11 cpe:/a:ssh:ssh:1.2.7 cpe:/a:ssh:ssh:1.2.12 cpe:/a:ssh:ssh:1.2.8 cpe:/a:ssh:ssh:1.2.9 cpe:/a:ssh:ssh:1.2.13 cpe:/a:ssh:ssh:1.2.14 cpe:/a:ssh:ssh:1.2.1 CVE-1999-0013 1998-01-22T00:00:00.000-05:00 2008-09-09T08:33:32.007-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. cpe:/a:cde:cde:1.2 cpe:/a:cde:cde:1.02_x86 cpe:/a:cde:cde:1.2_x86 cpe:/o:hp:hp-ux:11.00 cpe:/o:hp:hp-ux:10.10 cpe:/a:cde:cde:1.01_x86 cpe:/a:cde:cde:1.01 cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.1 cpe:/a:cde:cde:1.02 cpe:/o:ibm:aix:4.2 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:vvos:10.24 CVE-1999-0014 1998-01-21T00:00:00.000-05:00 2008-09-09T08:33:32.087-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9801-075 SUN 00185 Unauthorized privileged access or denial of service via dtappgather program in CDE. cpe:/o:hp:hp-ux:10.24 cpe:/o:netbsd:netbsd:1.1 cpe:/o:hp:hp-ux:11.00 cpe:/o:hp:hp-ux:10.16 cpe:/o:microsoft:windows_95:0.0a cpe:/o:microsoft:windows_nt:3.5.1:sp2 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:hp:hp-ux:10.30 cpe:/o:hp:hp-ux:9.01 cpe:/o:sun:sunos:4.1.4 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:hp:hp-ux:9.03 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:hp:hp-ux:10.20 cpe:/o:microsoft:windows_nt:3.5.1 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_nt:3.5.1:sp1 cpe:/o:netbsd:netbsd:1.2.1 cpe:/o:netbsd:netbsd:1.2 cpe:/o:netbsd:netbsd:1.0 cpe:/o:hp:hp-ux:9.07 cpe:/o:hp:hp-ux:9.05 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.04 cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:10 CVE-1999-0015 1997-12-16T00:00:00.000-05:00 2009-03-04T00:00:06.593-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Teardrop IP denial of service. cpe:/o:microsoft:windows_95 cpe:/o:hp:hp-ux:10.24 cpe:/o:netbsd:netbsd:1.1 cpe:/o:hp:hp-ux:11.00 cpe:/o:netbsd:netbsd:1.0 cpe:/a:microsoft:winsock:2.0 cpe:/o:hp:hp-ux:10.16 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:9.07 cpe:/a:gnu:inet:5.01 cpe:/o:hp:hp-ux:9.05 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:cisco:ios:7000 cpe:/o:hp:hp-ux:10.30 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.04 cpe:/o:hp:hp-ux:9.01 cpe:/o:sun:sunos:4.1.4 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:hp:hp-ux:9.03 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 CVE-1999-0016 1997-12-01T00:00:00.000-05:00 2008-09-09T08:33:32.243-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9801-076 Land IP denial of service. cpe:/o:sun:sunos:5.4 cpe:/o:netbsd:netbsd:1.1 cpe:/o:sco:unixware:2.1 cpe:/o:siemens:reliant_unix cpe:/o:freebsd:freebsd:1.0 cpe:/o:sun:sunos:5.5.1::x86 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:sunos:5.4::x86 cpe:/o:ibm:aix:4.3 cpe:/o:sun:sunos:4.1.4 cpe:/o:freebsd:freebsd:2.1.0 cpe:/a:washington_university:wu-ftpd:2.4 cpe:/o:sco:openserver:5.0.4 cpe:/o:sun:sunos:5.5::x86 cpe:/o:caldera:openlinux:1.2 cpe:/a:gnu:inet:6.02 cpe:/o:sun:sunos:5.3 cpe:/o:netbsd:netbsd:1.2.1 cpe:/o:netbsd:netbsd:1.2 cpe:/o:freebsd:freebsd:2.1.7 cpe:/o:netbsd:netbsd:1.0 cpe:/o:sco:open_desktop:3.0 cpe:/a:gnu:inet:5.01 cpe:/o:freebsd:freebsd:2.0 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:sunos:5.5.1 cpe:/a:gnu:inet:6.01 cpe:/o:ibm:aix:4.2 cpe:/o:sun:sunos:5.5 cpe:/o:freebsd:freebsd:1.1 cpe:/o:freebsd:freebsd:1.2 CVE-1999-0017 1997-12-10T00:00:00.000-05:00 2008-09-09T08:33:32.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5.1 cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0018 1997-12-05T00:00:00.000-05:00 2008-09-09T08:33:32.383-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 127 Buffer overflow in statd allows root privileges. cpe:/o:sun:sunos:5.5::x86 cpe:/a:ncr:mp-ras:2.03 cpe:/o:sun:sunos:5.4 cpe:/o:sun:sunos:5.3 cpe:/o:sco:open_desktop:3 cpe:/o:sco:openserver:5.0 cpe:/o:sco:openserver:3.0 cpe:/o:sco:open_desktop:2 cpe:/o:nighthawk:cx_ux cpe:/a:data_general:dg_ux:4.11 cpe:/o:sun:sunos:5.4::x86 cpe:/a:ncr:mp-ras:3.0 cpe:/o:nighthawk:powerux cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:5.5 cpe:/o:sco:unixware:2 cpe:/o:sgi:irix:6.1 CVE-1999-0019 1996-04-24T00:00:00.000-04:00 2008-09-09T08:33:32.460-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00135 Delete or create a file via rpc.statd, due to invalid information. CVE-1999-0020 1999-01-01T00:00:00.000-05:00 2008-09-09T08:33:34.853-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:muhammad_a._muquit:wwwcount:2.3 CVE-1999-0021 1997-11-05T00:00:00.000-05:00 2008-09-09T08:33:34.930-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 128 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. cpe:/o:ibm:aix:3.2.5 cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.0 cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:4.1.2 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:5.2 cpe:/o:ibm:aix:4.1.4 cpe:/o:sgi:irix:6.0 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:bsdi:bsd_os:1.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:10.00 cpe:/o:ibm:aix:3.2.4 cpe:/o:sun:solaris:4.1.3:u1 cpe:/o:ibm:aix:4.1.3 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sun:solaris:4.1.1 cpe:/o:sun:solaris:2.2 cpe:/o:sgi:irix:5.3::xfs cpe:/o:sun:solaris:2.3 cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sun:solaris:4.1.3 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.1 cpe:/o:freebsd:freebsd:2.0 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.1.1 cpe:/o:sgi:irix:6.1 CVE-1999-0022 1996-07-03T00:00:00.000-04:00 2008-09-09T08:33:34.993-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00179 Local user gains root privileges via buffer overflow in rdist, via expstr() function. cpe:/o:sun:sunos:5.4 cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:solaris:2.5 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:unixware:2.1 cpe:/o:sun:solaris:1.1.2 cpe:/a:inet:inet:5.01 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:sun:sunos:4.1.4 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:sun:solaris:2.4 cpe:/o:sco:tcp_ip:1.2.1 cpe:/o:sco:unixware:2.0 cpe:/a:inet:inet:6.01 cpe:/o:freebsd:freebsd:2.2 cpe:/o:sco:openserver:5.0.2 cpe:/o:sco:open_desktop:2.0 cpe:/o:sun:sunos:5.3 cpe:/o:sco:openserver:5.0 cpe:/o:sun:solaris:2.3 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:tcp_ip:1.2.0 cpe:/o:freebsd:freebsd:2.0 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:sun:solaris:1.1 cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:sunos:4.1.3 cpe:/o:ibm:aix:4.2 cpe:/o:sco:openserver:2.0 cpe:/o:sun:sunos:5.5 cpe:/o:bsdi:bsd_os CVE-1999-0023 1996-07-24T00:00:00.000-04:00 2008-09-09T08:33:35.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Local user gains root privileges via buffer overflow in rdist, via lookup() function. cpe:/o:nec:ews-ux_v:4.2 cpe:/o:sco:openserver:5.0 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sco:unix:3.2v4 cpe:/o:sco:unixware:2.1 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.3 cpe:/o:sco:open_desktop:3.0 cpe:/o:sun:solaris:2.5.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:nec:asl_ux_4800:64 cpe:/a:isc:bind:4.9.5 cpe:/o:ibm:aix:4.1 cpe:/a:isc:bind:8.1 cpe:/o:bsdi:bsd_os:3.0 cpe:/o:sun:solaris:2.4 cpe:/o:ibm:aix:4.2 cpe:/o:nec:ews-ux_v:4.2mp cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:nec:up-ux_v:4.2mp cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0024 1997-08-13T00:00:00.000-04:00 2008-09-09T08:33:35.133-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 DNS cache poisoning via BIND, by predictable query IDs. cpe:/o:sgi:irix CVE-1999-0025 1997-07-16T00:00:00.000-04:00 2008-09-09T08:33:35.243-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#20851 CERT CA-1997-21 XF df-bo(440) BID 346 root privileges via buffer overflow in df command on SGI IRIX systems. cpe:/o:sgi:irix CVE-1999-0026 1997-07-16T00:00:00.000-04:00 2008-09-09T08:33:35.307-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS root privileges via buffer overflow in pset command on SGI IRIX systems. cpe:/o:sgi:irix CVE-1999-0027 1997-07-16T00:00:00.000-04:00 2009-02-25T00:00:00.000-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS root privileges via buffer overflow in eject command on SGI IRIX systems. cpe:/o:sgi:irix CVE-1999-0028 1997-07-16T00:00:00.000-04:00 2008-09-09T08:33:35.447-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS root privileges via buffer overflow in login/scheme command on SGI IRIX systems. cpe:/o:sgi:irix CVE-1999-0029 1997-07-16T00:00:00.000-04:00 2008-09-09T08:33:35.523-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS root privileges via buffer overflow in ordist command on SGI IRIX systems. cpe:/o:sgi:irix CVE-1999-0030 1997-07-16T00:00:00.000-04:00 2008-09-09T08:33:35.587-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS root privileges via buffer overflow in xlock command on SGI IRIX systems. cpe:/a:netscape:communicator:3.0 cpe:/a:microsoft:ie:3.0 cpe:/a:microsoft:ie:4.0 cpe:/a:netscape:communicator:4.0 cpe:/a:netscape:communicator:2.0 CVE-1999-0031 1997-07-08T00:00:00.000-04:00 2008-09-09T08:33:35.790-04:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9707-065 JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.4 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:sgi:irix:5.0.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:next:nextstep:4.0 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.0 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.0 cpe:/o:sun:sunos:4.1.4 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:next:nextstep:4.1 cpe:/o:sgi:irix:6.1 CVE-1999-0032 1996-10-25T00:00:00.000-04:00 2008-09-09T08:33:35.867-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 707 CIAC I-042 SGI 19980402-01-PX Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sco:openserver:5.0 cpe:/o:sun:sunos:5.3 cpe:/o:sun:sunos:5.4 cpe:/o:sco:unixware:2.1 cpe:/o:sgi:irix cpe:/o:sco:openserver:3.0 cpe:/o:sco:unixware:3.2v4 cpe:/o:sco:open_desktop:3.0 cpe:/o:sun:sunos:5.5.1::x86 cpe:/a:ncr:mp-ras:3.0 cpe:/o:sun:sunos:5.4::x86 cpe:/o:ibm:aix cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:sunos:5.5 CVE-1999-0033 1997-06-12T00:00:00.000-04:00 2008-09-09T08:33:35.930-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Command execution in Sun systems via buffer overflow in the at program. cpe:/a:larry_wall:perl:5.3 cpe:/o:redhat:linux:4.2 cpe:/o:redhat:linux:4.1 cpe:/o:bsdi:bsd_os:3.0 cpe:/a:sgi:freeware:1.0 cpe:/a:sgi:freeware:2.0 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:redhat:linux:4.0 CVE-1999-0034 1997-05-29T00:00:00.000-04:00 2008-09-09T08:33:36.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. cpe:/o:sgi:irix cpe:/a:gnu:inet:5.01 CVE-1999-0035 1997-05-29T00:00:00.000-04:00 2008-09-09T08:33:36.087-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:6.1 CVE-1999-0036 1997-05-26T00:00:00.000-04:00 2008-09-09T08:33:36.147-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF sgi-lockout(557) OSVDB 990 CIAC H-106 SGI 19970508-02-PX IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:redhat:linux CVE-1999-0037 1997-05-21T00:00:00.000-04:00 2008-09-09T08:33:36.227-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. cpe:/a:data_general:dg_ux:2.0 cpe:/o:hp:hp-ux:10.24 cpe:/o:debian:debian_linux:0.93 cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:hp:hp-ux:10.16 cpe:/o:sgi:irix:6.4 cpe:/o:sun:solaris:2.5.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:hp:hp-ux:10.30 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:debian:debian_linux:1.1 cpe:/a:data_general:dg_ux:3.0 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:10.08 cpe:/a:data_general:dg_ux:4.0 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.00 cpe:/o:debian:debian_linux:1.2 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/a:data_general:dg_ux:5.0 cpe:/o:sgi:irix:5.3::xfs cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.34 cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.3 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:debian:debian_linux:1.3 cpe:/a:data_general:dg_ux:1.0 cpe:/o:ibm:aix:4.2 cpe:/a:data_general:dg_ux:7.0 cpe:/o:hp:hp-ux:10.01 cpe:/o:sun:solaris:2.5.1::x86 cpe:/a:data_general:dg_ux:6.0 cpe:/o:sgi:irix:6.1 CVE-1999-0038 1997-04-26T00:00:00.000-04:00 2008-09-09T08:33:36.307-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in xlock program allows local users to execute commands as root. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.1 CVE-1999-0039 1997-05-06T00:00:00.000-04:00 2008-09-09T08:33:36.367-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS CERT CA-1997-12 XF http-sgi-webdist(333) BID 374 OSVDB 235 SGI 19970501-02-PX webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. cpe:/o:nec:ews-ux_v:4.2 cpe:/o:hp:hp-ux:10.24 cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:hp:hp-ux:9.10 cpe:/o:sgi:irix:6.4 cpe:/o:hp:hp-ux:10.16 cpe:/o:bsdi:bsd_os:2.0 cpe:/o:sun:solaris:2.5.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:hp:hp-ux:10.30 cpe:/o:sgi:irix:6.0 cpe:/o:hp:hp-ux:9.01 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:10.08 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:sun:solaris:2.4::x86 cpe:/o:nec:up-ux_v:4.2mp cpe:/o:bsdi:bsd_os:2.0.1 cpe:/o:hp:hp-ux:10.09 cpe:/o:sgi:irix:6.3 cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.34 cpe:/o:nec:asl_ux_4800:64 cpe:/o:sgi:irix:6.2 cpe:/o:hp:hp-ux:9.00 cpe:/o:sgi:irix:5.3 cpe:/o:freebsd:freebsd:2.0 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:ibm:aix:4.2 cpe:/o:nec:ews-ux_v:4.2mp cpe:/o:hp:hp-ux:10.01 cpe:/o:sgi:irix:4.0 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:freebsd:freebsd:1.1.5.1 cpe:/o:sgi:irix:6.1 CVE-1999-0040 1997-05-01T00:00:00.000-04:00 2008-09-09T08:33:36.447-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. cpe:/o:ibm:aix:3.2.5 cpe:/a:gnu:libc:5.2.18 cpe:/a:gnu:libc:5.0.9 cpe:/o:ibm:aix:4.1 cpe:/o:cray:unicos:1.5::mk cpe:/o:cray:unicos:9.0 cpe:/o:slackware:slackware_linux:3.1 cpe:/a:gnu:libc:5.3.12 cpe:/o:ibm:aix:4.2 cpe:/o:cray:unicos:9.2 cpe:/o:cray:unicos_max:1.3 cpe:/o:redhat:linux:4.0 CVE-1999-0041 1997-02-13T00:00:00.000-05:00 2008-09-09T08:33:36.507-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in NLS (Natural Language Service). cpe:/a:university_of_washington:imap:4 cpe:/o:bsdi:bsd_os:3.0 cpe:/o:redhat:linux:2.0 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:redhat:linux:4.0 cpe:/o:ibm:aix:4.2.1 cpe:/o:caldera:openlinux:1.0 cpe:/a:university_of_washington:pop:3 CVE-1999-0042 1997-04-07T00:00:00.000-04:00 2008-09-09T08:33:36.570-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in University of Washington's implementation of IMAP and POP servers. cpe:/a:isc:inn:1.5 cpe:/a:netscape:news_server:1.1 cpe:/h:nec:goah_networksv:1.2 cpe:/o:redhat:linux:4.1 cpe:/a:isc:inn:1.4sec2 cpe:/a:isc:inn:1.4unoff3 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:caldera:openlinux:1.0 cpe:/o:redhat:linux:4.0 cpe:/a:isc:inn:1.4unoff4 cpe:/h:nec:goah_intrasv:1.1 cpe:/h:nec:goah_networksv:3.1 cpe:/h:nec:goah_networksv:2.2 cpe:/a:isc:inn:1.4sec CVE-1999-0043 1996-12-04T00:00:00.000-05:00 2008-09-09T08:33:36.647-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.1 CVE-1999-0044 1996-12-03T00:00:00.000-05:00 2008-09-09T08:33:36.743-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19970301-01-P fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. cpe:/a:netscape:communications_server:1.12 cpe:/a:netscape:commerce_server:1.12 cpe:/a:apache:http_server:1.0 cpe:/a:netscape:communications_server:1.1 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:0.8.11 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:0.8.14 cpe:/a:netscape:enterprise_server:2.0a cpe:/a:apache:http_server:1.0.3 CVE-1999-0045 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:36.807-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 List of arbitrary files on Web host via nph-test-cgi script. cpe:/a:data_general:dg_ux:2.0 cpe:/o:hp:hp-ux:10.24 cpe:/o:debian:debian_linux:0.93 cpe:/o:netbsd:netbsd:1.1 cpe:/o:sun:solaris:2.5::x86 cpe:/o:digital:ultrix:3.0 cpe:/o:next:nextstep:3.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:next:nextstep:4.0 cpe:/o:ibm:aix:4.1.4 cpe:/o:digital:unix:4.0a cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:sun:sunos:4.1.4 cpe:/o:next:nextstep:3.0 cpe:/a:data_general:dg_ux:3.0 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:digital:unix:4.0 cpe:/o:digital:unix:3.2g cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:10.08 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:sun:solaris:2.4::x86 cpe:/o:ibm:aix:4.1.3 cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:hp:hp-ux:10.09 cpe:/o:next:nextstep:3.2 cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.34 cpe:/o:freebsd:freebsd:2.0 cpe:/a:data_general:dg_ux:1.0 cpe:/o:hp:hp-ux:10.01 cpe:/o:freebsd:freebsd:1.1.5.1 cpe:/o:next:nextstep:1.0 cpe:/o:sun:solaris:2.5 cpe:/o:digital:ultrix:4.2 cpe:/o:hp:hp-ux:10.16 cpe:/o:ibm:aix:4.1.2 cpe:/o:next:nextstep:3.3 cpe:/o:next:nextstep:2.0 cpe:/o:next:nextstep:1.0a cpe:/o:bsdi:bsd_os:2.0 cpe:/o:sun:solaris:2.5.1 cpe:/o:digital:ultrix:4.3a cpe:/o:digital:ultrix:2.2 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:hp:hp-ux:10.30 cpe:/o:digital:unix:4.0b cpe:/o:bsdi:bsd_os:1.1 cpe:/o:ibm:aix:4.1.5 cpe:/a:data_general:dg_ux:4.0 cpe:/o:bsdi:bsd_os:2.0.1 cpe:/o:next:nextstep:2.1 cpe:/o:netbsd:netbsd:1.0 cpe:/o:digital:ultrix:4.0 cpe:/o:digital:ultrix:4.4 cpe:/o:digital:ultrix:4.3 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:digital:ultrix:4.5 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:digital:ultrix:4.1 cpe:/o:ibm:aix:4.1.1 CVE-1999-0046 1997-02-06T00:00:00.000-05:00 2008-09-09T08:33:36.867-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow of rlogin program using TERM environmental variable. cpe:/a:eric_allman:sendmail:8.8.4 cpe:/a:eric_allman:sendmail:8.8.3 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:caldera:openlinux:1.0 CVE-1999-0047 1997-01-28T00:00:00.000-05:00 2008-09-09T08:33:36.947-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 685 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. cpe:/o:ibm:aix:4.1 cpe:/a:debian:netkit:0.07 cpe:/o:nec:ews-ux_v cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:4.2 cpe:/o:nec:up-ux_v cpe:/o:nec:asl_ux_4800 CVE-1999-0048 1997-01-27T00:00:00.000-05:00 2008-09-09T08:33:37.007-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00147 Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:5 cpe:/o:sgi:irix:6.1 CVE-1999-0049 1997-01-08T00:00:00.000-05:00 2008-09-09T08:33:37.087-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Csetup under IRIX allows arbitrary file creation or overwriting. cpe:/o:hp:hp-ux:9.10 cpe:/o:hp:hp-ux:9.08 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:9.07 cpe:/o:hp:hp-ux:9.05 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.04 cpe:/o:hp:hp-ux:9.01 cpe:/o:hp:hp-ux:9.03 cpe:/o:hp:hp-ux:9.09 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:9.06 CVE-1999-0050 1996-12-01T00:00:00.000-05:00 2008-09-09T08:33:37.147-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in HP-UX newgrp program. cpe:/o:sgi:irix:4.0.1 cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:2.5::x86 cpe:/a:sgi:license_oeo:3.0 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sun:sunos:4.1.4 cpe:/o:sgi:irix:4.0.5a cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sun:solaris:2.4 cpe:/o:sgi:irix:4.0.5_iop cpe:/o:sun:solaris:2.4::x86 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:4.0.5f cpe:/a:sgi:license_oeo:3.1 cpe:/o:sgi:irix:4.0.5d cpe:/o:sgi:irix:3.3.2 cpe:/o:sgi:irix:4.0.4t cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:4.0.5g cpe:/o:sgi:irix:4.0.4 cpe:/o:sgi:irix:4.0.1t cpe:/o:sgi:irix:5.1 cpe:/a:globetrotter:flexlm:4.1 cpe:/o:sun:sunos:4.1.4jl cpe:/o:sgi:irix:4.0 cpe:/o:sgi:irix:6.1 cpe:/o:sgi:irix:4.0.2 cpe:/o:sgi:irix:5.0 cpe:/o:sun:solaris:2.5 cpe:/o:sgi:irix:4.0.5e cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:4.0.4b cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/a:globetrotter:flexlm:5.0 cpe:/o:sgi:irix:3.3.3 cpe:/o:sgi:irix:4.0.5h cpe:/a:sgi:license_oeo:3.1.1 cpe:/o:sgi:irix:4.0.5 cpe:/o:sgi:irix:4.0.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sun:sunos:4.1.3 cpe:/a:globetrotter:flexlm:4.0 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sgi:irix:4.0.5_ipr CVE-1999-0051 1997-01-06T00:00:00.000-05:00 2008-09-09T08:33:38.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. cpe:/o:openbsd:openbsd:2.4 cpe:/o:freebsd:freebsd:2.1.7.1 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:openbsd:openbsd:2.2 cpe:/o:bsdi:bsd_os:4.0 cpe:/o:openbsd:openbsd:2.3 cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:freebsd:freebsd:2.2.2 cpe:/o:freebsd:freebsd:1.1.5.1 cpe:/o:freebsd:freebsd:2.2.8 CVE-1999-0052 1998-11-04T00:00:00.000-05:00 2008-09-09T08:33:38.447-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF freebsd-ip-frag-dos(1389) OSVDB 908 IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. cpe:/o:freebsd:freebsd:6.2:stable CVE-1999-0053 1998-10-13T00:00:00.000-04:00 2008-09-05T16:16:20.580-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 6094 TCP RST denial of service in FreeBSD. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0054 1998-06-10T00:00:00.000-04:00 2008-09-09T08:33:38.697-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00171 Sun's ftpd daemon can be subjected to a denial of service. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.3 cpe:/o:ibm:aix:4.3.2 cpe:/o:sun:solaris:2.5.1 cpe:/o:ibm:aix:4.2.1 cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.3.1 cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0055 1998-05-14T00:00:00.000-04:00 2008-09-09T08:33:38.960-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIXAPAR IX80543 SUN 00172 Buffer overflows in Sun libnsl allow root access. cpe:/o:sun:sunos cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.5.1 CVE-1999-0056 1998-09-09T00:00:00.000-04:00 2008-09-09T08:33:39.023-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00174 Buffer overflow in Sun's ping program can give root access to local users. cpe:/o:sun:sunos cpe:/o:hp:hp-ux:10.09 cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:hp:hp-ux:10.24 cpe:/o:ibm:aix cpe:/o:hp:hp-ux:9 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:vvos cpe:/o:sun:solaris cpe:/a:eric_allman:vacation CVE-1999-0057 1998-11-16T00:00:00.000-05:00 2008-09-09T08:33:39.103-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9811-087 Vacation program allows command execution by remote users through a sendmail command. cpe:/a:php:php:1.0 cpe:/a:php:php:2.0b10 CVE-1999-0058 1997-04-17T00:00:00.000-04:00 2008-09-09T08:33:39.163-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 712 Buffer overflow in PHP cgi program, php.cgi allows shell access. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.1 CVE-1999-0059 1997-07-14T00:00:00.000-04:00 2008-09-09T08:33:39.243-04:00 7.1 NETWORK MEDIUM NONE COMPLETE NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF irix-fam(325) BID 353 OSVDB 164 IRIX fam service allows an attacker to obtain a list of all files on the server. cpe:/h:lucent:ascend_max_router:2.0 cpe:/h:lucent:ascend_max_router:3.0 cpe:/h:lucent:ascend_max_router:5.0 cpe:/h:lucent:ascend_pipeline_router:4.0 cpe:/h:lucent:ascend_pipeline_router:5.0 cpe:/h:lucent:ascend_pipeline_router:1.0 cpe:/h:lucent:ascend_max_router:4.0 cpe:/h:lucent:ascend_pipeline_router:3.0 cpe:/h:lucent:ascend_tnt_router:1.0 cpe:/h:lucent:ascend_pipeline_router:2.0 cpe:/h:lucent:ascend_pipeline_router:6.0 cpe:/h:lucent:ascend_max_router:1.0 cpe:/h:lucent:ascend_tnt_router:2.0 CVE-1999-0060 1998-03-16T00:00:00.000-05:00 2008-09-09T08:33:39.307-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. cpe:/o:openbsd:openbsd:2.1 cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:bsdi:bsd_os CVE-1999-0061 1997-10-02T00:00:00.000-04:00 2008-09-09T08:33:39.383-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). cpe:/o:openbsd:openbsd:2.3 CVE-1999-0062 1998-08-03T00:00:00.000-04:00 2008-09-09T08:33:39.447-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 7559 The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. cpe:/o:cisco:ios:12.0%281%29w cpe:/o:cisco:ios:11.3aa cpe:/o:cisco:ios:12.0%282%29xd cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:11.3db cpe:/o:cisco:ios:12.0%281%29xa3 cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0%282%29xc cpe:/o:cisco:ios:12.0%281%29xe cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.0db cpe:/o:cisco:ios:12.0%281%29xb CVE-1999-0063 1999-01-11T00:00:00.000-05:00 2008-09-09T08:33:39.523-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:3.2.4 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0064 1997-05-26T00:00:00.000-04:00 2008-09-09T08:33:39.587-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX lquerylv program gives root access to local users. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0065 1998-08-31T00:00:00.000-04:00 2008-09-09T08:33:39.647-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00181 Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. cpe:/a:john_s._roberts:anyform:2.0 cpe:/a:john_s._roberts:anyform:1.0 CVE-1999-0066 1995-07-31T00:00:00.000-04:00 2008-09-09T08:33:39.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 719 AnyForm CGI remote execution. cpe:/a:ncsa:ncsa_httpd:1.5a::export cpe:/a:apache:http_server:1.0.3 CVE-1999-0067 1996-03-20T00:00:00.000-05:00 2008-09-09T08:33:39.807-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1996-06 BID 629 OSVDB 136 phf CGI program allows remote command execution through shell metacharacters. cpe:/a:php:php:1.0 cpe:/a:php:php:2.0b10 cpe:/a:php:php:2.0 CVE-1999-0068 1997-10-19T00:00:00.000-04:00 2008-09-09T08:33:39.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 713 OSVDB 3396 CGI PHP mylog script allows an attacker to read any file on the target server. cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5.1 CVE-1999-0069 1998-04-29T00:00:00.000-04:00 2008-09-09T08:33:39.947-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8158 SUN 00169 Solaris ufsrestore buffer overflow. cpe:/a:apache:http_server cpe:/a:ncsa:ncsa_web_server CVE-1999-0070 1996-04-01T00:00:00.000-05:00 2008-09-09T08:33:40.007-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 test-cgi program allows an attacker to list files on the server. cpe:/a:apache:http_server:1.1.1 CVE-1999-0071 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:40.070-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.2.1 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0072 1997-10-22T00:00:00.000-04:00 2008-09-09T08:33:40.147-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX xdat gives root access to local users. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:digital:osf_1:3.0 cpe:/o:digital:osf_1:1.2 cpe:/o:sgi:irix:5.0 cpe:/o:digital:osf_1:1.3 cpe:/o:sgi:irix:5.3::xfs cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.0 cpe:/o:digital:unix:4.0 cpe:/o:digital:unix:3.2g cpe:/o:digital:osf_1:3.2 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:digital:osf_1:2.0 cpe:/o:sgi:irix:6.1 CVE-1999-0073 1995-10-13T00:00:00.000-04:00 2008-09-09T08:33:40.210-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:netbsd:netbsd:2.0.4 cpe:/o:microsoft:windows_nt cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0074 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:40.273-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Listening TCP ports are sequentially allocated, allowing spoofing attacks. cpe:/a:washington_university:wu-ftpd CVE-1999-0075 1996-10-16T00:00:00.000-04:00 2008-09-09T08:33:40.353-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 5742 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. cpe:/a:washington_university:wu-ftpd CVE-1999-0076 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:40.413-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in wu-ftp from PASV command causes a core dump. cpe:/o:microsoft:windows_nt:4.0 CVE-1999-0077 1995-01-01T00:00:00.000-05:00 2008-09-09T08:33:40.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF tcp-seq-predict(139) Predictable TCP sequence numbers allow spoofing. cpe:/a:ncr:mp-ras:2.03 cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:sun:solaris:2.5 cpe:/o:sco:unixware:2.1 cpe:/o:nec:up-ux_v cpe:/o:next:nextstep cpe:/o:sco:openserver:5 cpe:/a:ncr:mp-ras:3.0 cpe:/o:sgi:irix:5.3 cpe:/o:sun:sunos:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:solaris:2.4 cpe:/o:ibm:aix:4.2 cpe:/a:ncr:mp-ras:3.01 cpe:/o:bsdi:bsd_os cpe:/o:hp:hp-ux CVE-1999-0078 1996-04-18T00:00:00.000-04:00 2008-09-09T08:33:40.557-04:00 1.9 LOCAL MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. cpe:/a:bisonware:bisonware_ftp_server:3.5 CVE-1999-0079 1997-09-12T00:00:00.000-04:00 2008-09-09T08:33:40.617-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. cpe:/a:washington_university:wu-ftpd:2.4 CVE-1999-0080 1995-11-30T00:00:00.000-05:00 2008-09-09T08:33:40.697-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. cpe:/a:washington_university:wu-ftpd CVE-1999-0081 1997-01-11T00:00:00.000-05:00 2008-09-09T08:33:40.757-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 wu-ftp allows files to be overwritten via the rnfr command. cpe:/a:ftpcd:ftpcd cpe:/a:ftp:ftp CVE-1999-0082 1988-11-11T00:00:00.000-05:00 2008-09-09T08:33:40.853-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS FarmerVenema Improving the Security of Your Site by Breaking Into it CWD ~root command in ftpd allows root access. cpe:/o:sgi:irix CVE-1999-0083 1997-06-11T00:00:00.000-04:00 2008-09-09T08:33:40.913-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 getcwd() file descriptor leak in FTP. cpe:/a:sun:nfs CVE-1999-0084 1990-05-01T00:00:00.000-04:00 2008-09-05T16:16:25.283-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF nfs-mknod(78) Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:netbsd:netbsd:2.0.4 cpe:/o:ibm:aix:4.2 CVE-1999-0085 1996-08-21T00:00:00.000-04:00 2008-09-09T08:33:41.103-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF rwhod(119) XF rwhod-vuln(118) Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.2 CVE-1999-0086 1998-01-08T00:00:00.000-05:00 2008-09-09T08:33:41.163-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 AIX routed allows remote users to modify sensitive files. cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 CVE-1999-0087 1998-02-01T00:00:00.000-05:00 2008-09-09T08:33:41.243-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 7992 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. cpe:/o:ibm:aix:4.3 CVE-1999-0088 1998-10-26T00:00:00.000-05:00 2008-09-05T16:16:25.877-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. cpe:/o:ibm:aix:4.3 CVE-1999-0089 1997-10-28T00:00:00.000-05:00 2008-09-05T16:16:26.003-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX libDtSvc library can allow local users to gain root access. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0090 1997-10-01T00:00:00.000-04:00 2008-09-09T08:33:41.447-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX rcp command allows local users to obtain root access. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.2.1 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0091 1997-10-28T00:00:00.000-05:00 2008-09-09T08:33:41.507-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX writesrv command allows local users to obtain root access. cpe:/o:ibm:aix:4.2.1 CVE-1999-0092 1997-10-29T00:00:00.000-05:00 2008-09-09T08:33:41.587-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Various vulnerabilities in the AIX portmir command allows local users to obtain root access. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0093 1997-10-29T00:00:00.000-05:00 2008-09-09T08:33:41.647-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0094 1997-10-29T00:00:00.000-05:00 2008-09-09T08:33:41.710-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS AIX piodmgrsu command allows local users to gain additional group privileges. cpe:/a:eric_allman:sendmail:5.58 CVE-1999-0095 1988-10-01T00:00:00.000-04:00 2008-09-09T08:33:41.790-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 1 OSVDB 195 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. cpe:/o:sco:openserver:5.0 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/o:sco:internet_faststart:1.0 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sco:openserver:5.0.2 cpe:/o:bsdi:bsd_os CVE-1999-0096 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:41.883-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00122 Sendmail decode alias can be used to overwrite sensitive files. cpe:/o:ibm:aix:3.2.5 cpe:/o:hp:hp-ux:10.24 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:hp:hp-ux:9.10 cpe:/o:hp:hp-ux:11.00 cpe:/o:sun:solaris:2.6 cpe:/o:hp:hp-ux:10.16 cpe:/o:ibm:aix:4.1.2 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:sunos:4.1.3c cpe:/o:ibm:aix:4.1.4 cpe:/o:hp:hp-ux:9.01 cpe:/o:sun:sunos:4.1.4 cpe:/o:ibm:aix:4.1.5 cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:9.03 cpe:/o:sun:solaris:2.6::x86 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:9.09 cpe:/o:ibm:aix:3.2.4 cpe:/o:sun:solaris:2.4::x86 cpe:/o:ibm:aix:4.1.3 cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:hp:hp-ux:9.08 cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:9.07 cpe:/o:ibm:aix:4.2.1 cpe:/o:hp:hp-ux:9.05 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.04 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:hp:hp-ux:9.06 cpe:/o:ibm:aix:4.1.1 CVE-1999-0097 1997-10-29T00:00:00.000-05:00 2008-09-09T08:33:41.960-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). cpe:/a:apple:appleshare::::jp cpe:/a:slmail:slmail:2.6 cpe:/a:pmail:mercury_mail_server CVE-1999-0098 1998-04-01T00:00:00.000-05:00 2008-09-09T08:33:42.023-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. cpe:/o:convex:spp-ux:3 cpe:/o:convex:convexos:11.0 cpe:/o:cray:unicos:9.0 cpe:/o:sun:solaris:2.3 cpe:/o:bsdi:bsd_os:2.0 cpe:/o:cray:unicos:8.3 cpe:/o:convex:convexos:10.2 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:solaris:2.4 cpe:/o:convex:convexos:10.1 cpe:/o:cray:unicos:8.0 cpe:/o:sun:solaris:2.4::x86 cpe:/o:bsdi:bsd_os:2.0.1 cpe:/o:convex:convexos:11.1 CVE-1999-0099 1995-10-19T00:00:00.000-04:00 2008-09-09T08:33:42.103-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. cpe:/a:isc:inn:1.5.1 CVE-1999-0100 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:42.163-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Remote access in AIX innd 1.5.1, using control messages. cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.2 CVE-1999-0101 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:45.460-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC H-13 Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. cpe:/a:seattle_lab_software:slmail:3.0.2421 CVE-1999-0102 1998-07-09T00:00:00.000-04:00 2008-09-09T08:33:45.540-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. CVE-1999-0103 1996-02-08T00:00:00.000-05:00 2008-09-09T08:33:45.603-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:sunos:4.1.4 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:caldera:openlinux:2.0 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_95:0a cpe:/o:hp:hp-ux CVE-1999-0104 1997-12-16T00:00:00.000-05:00 2009-03-04T00:00:14.640-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. CVE-1999-0105 1997-03-01T00:00:00.000-05:00 2008-09-09T08:33:45.743-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 finger allows recursive searches by using a long string of @ symbols. CVE-1999-0106 1997-03-01T00:00:00.000-05:00 2008-09-09T08:33:45.807-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Finger redirection allows finger bombs. cpe:/a:apache:http_server:1.2.5 cpe:/a:apache:http_server:1.0 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:0.8.11 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:1.1.1 cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:1.0.3 CVE-1999-0107 1997-12-30T00:00:00.000-05:00 2008-09-09T08:33:45.883-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. cpe:/o:sgi:irix CVE-1999-0108 1998-05-01T00:00:00.000-04:00 2008-09-09T08:33:45.947-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The printers program in IRIX has a buffer overflow that gives root access to local users. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0109 1997-02-10T00:00:00.000-05:00 2008-09-09T08:33:46.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00140 Buffer overflow in ffbconfig in Solaris 2.5.1. CVE-1999-0110 1999-01-01T00:00:00.000-05:00 2008-09-09T08:33:46.557-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.2 CVE-1999-0111 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:46.617-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 RIP v1 is susceptible to spoofing. cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/a:cde:cde CVE-1999-0112 1997-05-01T00:00:00.000-04:00 2008-09-09T08:33:46.697-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF dtterm-bo(878) Buffer overflow in AIX dtterm program for the CDE. cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2.4 CVE-1999-0113 1994-05-23T00:00:00.000-04:00 2008-09-09T08:33:46.773-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 458 Some implementations of rlogin allow root access if given a -froot parameter. cpe:/a:elm_development_group:elm:2.4 CVE-1999-0114 1998-01-01T00:00:00.000-05:00 2008-09-09T08:33:46.837-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2.4 CVE-1999-0115 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:46.913-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 1800 AIX bugfiler program allows local users to gain root access. cpe:/o:ibm:aix:3.2.5 cpe:/h:ibm:sng:2.1 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/h:ibm:sng:2.2 CVE-1999-0116 1996-09-19T00:00:00.000-04:00 2008-09-09T08:33:46.977-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00136 SGI 19961202-01-PX Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.1 CVE-1999-0117 1992-03-31T00:00:00.000-05:00 2008-09-09T08:33:47.057-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIX passwd allows local users to gain root access. cpe:/o:ibm:aix:4.3 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.2 CVE-1999-0118 1998-11-01T00:00:00.000-05:00 2008-09-09T08:33:48.180-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19981119 RSI.0011.11-09-98.AIX.INFOD AIX infod allows local users to gain root access through an X display. cpe:/o:microsoft:windows_nt:4.0::beta CVE-1999-0119 1999-01-19T00:00:00.000-05:00 2008-09-05T16:16:30.393-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Windows NT 4.0 beta allows users to read and delete shares. cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:sunos:4.1 CVE-1999-0120 1994-03-21T00:00:00.000-05:00 2008-09-09T08:33:48.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00126 Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. CVE-1999-0121 1999-01-21T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in dtaction command gives root access. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.1 CVE-1999-0122 1997-07-21T00:00:00.000-04:00 2008-09-09T08:33:48.460-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in AIX lchangelv gives root access. cpe:/o:slackware:slackware_linux:3.0 CVE-1999-0123 1995-12-01T00:00:00.000-05:00 2008-09-05T16:16:30.923-04:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Race condition in Linux mailx command allows local users to read user files. cpe:/a:university_of_minnesota:gopherd CVE-1999-0124 1993-08-09T00:00:00.000-04:00 2008-09-09T08:33:48.587-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sgi:irix:6.3 cpe:/o:sun:solaris:2.6:hw3 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5::x86 cpe:/o:redhat:linux:4.2 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.5.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5.3 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0125 1998-01-25T00:00:00.000-05:00 2008-09-09T08:33:48.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SGI 19980605-01-PX Buffer overflow in SGI IRIX mailx program. cpe:/a:xfree86_project:xfree86 CVE-1999-0126 1998-05-03T00:00:00.000-04:00 2008-09-09T08:33:48.727-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC J-010 SGI IRIX buffer overflow in xterm and Xaw allows root access. cpe:/o:hp:hp-ux CVE-1999-0127 1996-12-19T00:00:00.000-05:00 2008-09-09T08:33:48.807-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:sunos:5.4 cpe:/o:sco:openserver:5.0 cpe:/o:linux:linux_kernel:2.0 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sco:open_desktop:3.0 cpe:/o:linux:linux_kernel:1.3.0 cpe:/o:sun:sunos:5.5.1::x86 cpe:/o:sun:sunos:5.4::x86 cpe:/h:ibm:sng:2.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:sun:sunos:5.5.1 cpe:/o:ibm:aix:4.2 cpe:/o:sco:tcp_ip:1.2.1 cpe:/h:ibm:sng:2.2 cpe:/h:ibm:sng cpe:/o:sun:sunos:5.5 cpe:/o:sco:openserver:5.0.2 cpe:/o:digital:osf_1:1.3.3 CVE-1999-0128 1996-12-18T00:00:00.000-05:00 2008-09-09T08:33:48.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:sco:internet_faststart:1.0 cpe:/o:hp:hp-ux:10.16 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sun:solaris:2.5.1 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:solaris:2.4 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:sco:openserver:5.0.2 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sco:openserver:5.0 cpe:/a:eric_allman:sendmail:8.8 cpe:/o:hp:hp-ux:10.10 cpe:/o:sun:solaris:2.3 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/a:eric_allman:sendmail:8.8.2 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/a:eric_allman:sendmail:8.8.1 cpe:/a:eric_allman:sendmail:8.8.3 cpe:/o:ibm:aix:4.2 cpe:/o:hp:hp-ux:10.01 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0129 1996-12-03T00:00:00.000-05:00 2008-09-09T08:33:48.930-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. cpe:/a:eric_allman:sendmail:8.8 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:hp:hp-ux:10.10 cpe:/a:eric_allman:sendmail:8.7 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:redhat:linux:4.0 cpe:/a:caldera:network_desktop:1.0 cpe:/o:freebsd:freebsd:2.1.5 cpe:/a:eric_allman:sendmail:8.8.2 cpe:/a:eric_allman:sendmail:8.8.1 cpe:/o:ibm:aix:4.2 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 CVE-1999-0130 1996-11-16T00:00:00.000-05:00 2008-09-09T08:33:49.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 716 Local users can start Sendmail in daemon mode and gain root privileges. cpe:/o:sco:openserver:5.0 cpe:/a:eric_allman:sendmail:8.6 cpe:/o:sco:internet_faststart:1.0 cpe:/o:redhat:linux:3.0.3 cpe:/o:hp:hp-ux:10.10 cpe:/a:eric_allman:sendmail:8.7.2 cpe:/o:bsdi:bsd_os:2.1 cpe:/a:eric_allman:sendmail:8.7.4 cpe:/o:digital:osf_1:1.3.2 cpe:/a:eric_allman:sendmail:8.7.5 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.2 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 cpe:/o:sco:openserver:5.0.2 cpe:/a:eric_allman:sendmail:8.7.1 cpe:/a:eric_allman:sendmail:8.7.3 CVE-1999-0131 1996-09-11T00:00:00.000-04:00 2008-09-09T08:33:49.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 717 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:sunos:4.1.3c cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:2.0 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:hp:hp-ux:9 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:solaris:2.4::x86 cpe:/o:hp:hp-ux:10 CVE-1999-0132 1996-08-15T00:00:00.000-04:00 2008-09-09T08:33:49.133-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1996-19 XF expreserve(401) OSVDB 11723 Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. cpe:/a:adobe:framemaker CVE-1999-0133 1996-08-14T00:00:00.000-04:00 2008-09-09T08:33:49.210-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:sunos:5.4::x86 cpe:/o:sun:sunos:5.4 cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:sunos:5.5 cpe:/o:sun:sunos:5.5.1::x86 CVE-1999-0134 1996-08-06T00:00:00.000-04:00 2008-09-09T08:33:49.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8159 vold in Solaris 2.x allows local users to gain root access. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0135 1996-07-25T00:00:00.000-04:00 2008-09-09T08:33:49.337-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS admintool in Solaris allows a local user to write to arbitrary files and gain root access. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:sunos:5.5 cpe:/o:sun:sunos:5.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0136 1996-07-31T00:00:00.000-04:00 2008-09-09T08:33:49.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. cpe:/a:fred_n._van_kempen:dip:3.3.7o CVE-1999-0137 1996-07-09T00:00:00.000-04:00 2008-09-09T08:33:49.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The dip program on many Linux systems allows local users to gain root access via a buffer overflow. cpe:/o:nec:ews-ux_v:4.2 cpe:/o:ibm:aix:3.2.5 cpe:/o:hp:hp-ux:8 cpe:/o:linux:linux_kernel:2.0 cpe:/o:apple:a_ux:3.1.1 cpe:/o:digital:osf_1:1.3 cpe:/o:ibm:aix:4 cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:linux:linux_kernel:1.2.0 cpe:/o:nec:ews-ux_v:4.2mp cpe:/o:hp:hp-ux:9 cpe:/o:nec:asl_ux_4800 cpe:/o:nec:up-ux_v:4.2mp cpe:/o:hp:hp-ux:10 CVE-1999-0138 1996-06-26T00:00:00.000-04:00 2008-09-09T08:33:49.557-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:7.0::x86 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0139 1998-12-12T00:00:00.000-05:00 2008-09-09T08:33:49.617-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8205 Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. cpe:/o:microsoft:windows_nt CVE-1999-0140 1999-06-30T00:00:00.000-04:00 2008-09-05T16:16:33.893-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in RAS/PPTP on NT systems. cpe:/a:netscape:navigator:2.02 CVE-1999-0141 1996-03-29T00:00:00.000-05:00 2008-09-09T08:33:49.757-04:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00134 Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. cpe:/a:sun:java cpe:/a:netscape:navigator CVE-1999-0142 1996-03-01T00:00:00.000-05:00 2008-09-09T08:33:49.820-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. cpe:/a:mit:kerberos:4.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/a:mit:kerberos:5 cpe:/a:process_software:multinet:3.4 cpe:/a:process_software:multinet:3.5 CVE-1999-0143 1996-02-21T00:00:00.000-05:00 2008-09-09T08:33:49.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. CVE-1999-0144 1997-06-01T00:00:00.000-04:00 2005-10-20T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF qmail-rcpt BID 2237 MISC http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html MISC http://cr.yp.to/qmail/venema.html BUGTRAQ 19970612 Re: Denial of service (qmail-smtpd) BUGTRAQ 19970612 qmail-dos-2.c, another denial of service attack Denial of service in Qmail by specifying a large number of recipients with the RCPT command. cpe:/a:eric_allman:sendmail CVE-1999-0145 1993-09-30T00:00:00.000-04:00 2008-09-09T08:33:50.680-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1993-14 CERT CA-1990-11 BUGTRAQ 19950206 sendmail wizard thing... FarmerVenema Improving the Security of Your Site by Breaking Into it Sendmail WIZ command enabled, allowing root access. cpe:/a:ncsa:campas cpe:/a:ncsa:servers CVE-1999-0146 1997-07-15T00:00:00.000-04:00 2008-09-09T08:33:50.743-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XF http-cgi-campas(298) BID 1975 The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. cpe:/a:university_of_arizona:webglimpse:1.5 cpe:/a:university_of_arizona:glimpse_http:2.0 CVE-1999-0147 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:50.820-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.4 CVE-1999-0148 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:50.883-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 380 SGI 19970501-02-PX The handler CGI program in IRIX allows arbitrary command execution. cpe:/o:sgi:irix:6.2 CVE-1999-0149 1997-04-19T00:00:00.000-04:00 2008-09-09T08:33:50.947-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XF http-sgi-wrap(290) BID 373 OSVDB 247 SGI 19970501-02-PX The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. cpe:/a:gnu:fingerd CVE-1999-0150 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:51.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The Perl fingerd program allows arbitrary command execution from remote users. cpe:/a:satan:satan:1.0 cpe:/a:satan:satan:1.1 CVE-1999-0151 1995-04-03T00:00:00.000-04:00 2008-09-09T08:33:52.570-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. cpe:/a:data_general:dg_ux CVE-1999-0152 1997-08-11T00:00:00.000-04:00 2008-09-09T08:33:52.663-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The DG/UX finger daemon allows remote command execution through shell metacharacters. cpe:/o:microsoft:windows_2000 cpe:/o:sco:openserver:5.0 cpe:/o:microsoft:windows_95 cpe:/o:microsoft:windows_nt CVE-1999-0153 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:52.743-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 1666 Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:2.0 CVE-1999-0154 1999-12-31T00:00:00.000-05:00 2008-09-09T08:33:52.807-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. cpe:/a:aladdin_enterprises:ghostscript:3.22 cpe:/a:aladdin_enterprises:ghostscript:2.6 CVE-1999-0155 1995-08-31T00:00:00.000-04:00 2008-09-09T08:33:52.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The ghostscript command with the -dSAFER option allows remote attackers to execute commands. cpe:/a:washington_university:wu-ftpd CVE-1999-0156 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:52.947-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS wu-ftpd FTP daemon allows any user and password combination. cpe:/o:cisco:ios:11.3t cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:11.2p cpe:/o:cisco:ios:12.0t cpe:/o:cisco:pix_firewall:4.2%281%29 CVE-1999-0157 1998-08-18T00:00:00.000-04:00 2008-09-09T08:33:53.007-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 1097 Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. cpe:/o:cisco:pix_firewall:4.1%286%29 cpe:/o:cisco:pix_firewall:4.2%281%29 CVE-1999-0158 1998-08-31T00:00:00.000-04:00 2008-09-09T08:33:53.070-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CISCO 20010913 Cisco PIX Firewall Manager File Exposure OSVDB 685 Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. cpe:/o:cisco:ios:11.1%2816%29aa cpe:/o:cisco:ios:11.1%2817%29ct cpe:/o:cisco:ios:9.1 cpe:/o:cisco:ios:11.1%2817%29cc cpe:/o:cisco:ios:11.2%288%29sa3 cpe:/o:cisco:ios:11.1%2816%29ia cpe:/o:cisco:ios:11.2%289%29xa cpe:/o:cisco:ios:11.0%2820.3%29 cpe:/o:cisco:ios:11.2%289%29p cpe:/o:cisco:ios:11.3%281%29t cpe:/o:cisco:ios:11.2%2810%29 cpe:/o:cisco:ios:11.3%281%29ed cpe:/o:cisco:ios:11.2%2810%29bc cpe:/o:cisco:ios:11.1%2816%29 cpe:/o:cisco:ios:11.3%281%29 cpe:/o:cisco:ios:11.1%2815%29ca CVE-1999-0159 1998-08-12T00:00:00.000-04:00 2008-09-09T08:33:53.147-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. cpe:/o:cisco:ios:9.1 cpe:/o:cisco:ios:11.0 cpe:/o:cisco:ios:4.1 cpe:/o:cisco:ios:11.2p cpe:/o:cisco:ios:11.2 cpe:/o:cisco:ios:10.3 cpe:/o:cisco:ios:11.1 CVE-1999-0160 1997-10-01T00:00:00.000-04:00 2008-09-09T08:33:53.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 1099 Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. cpe:/o:cisco:ios:10.3%283.4%29 cpe:/o:cisco:ios:10.3%284.2%29 CVE-1999-0161 1995-07-31T00:00:00.000-04:00 2008-09-09T08:33:53.290-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 797 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. cpe:/o:cisco:ios:11.2 CVE-1999-0162 1998-09-01T00:00:00.000-04:00 2008-09-09T08:33:53.353-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. cpe:/a:eric_allman:sendmail CVE-1999-0163 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:53.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS In older versions of Sendmail, an attacker could use a pipe character to execute root commands. cpe:/o:sun:sunos:5.4::x86 cpe:/o:sun:sunos:5.4 cpe:/o:sun:sunos:5.3 CVE-1999-0164 1995-08-29T00:00:00.000-04:00 2008-09-09T08:33:53.493-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8346 A race condition in the Solaris ps command allows an attacker to overwrite critical files. cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:1.1.2 cpe:/o:sun:solaris:2.0 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.3 cpe:/o:sun:sunos:4.0 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.0.1 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.1 cpe:/a:sun:nfs cpe:/o:sun:solaris:1.1 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:2.4 cpe:/o:sun:sunos:3.5 cpe:/o:sun:sunos:4.0.2 cpe:/o:sun:solaris:2.4::x86 cpe:/o:bsdi:bsd_os cpe:/o:sun:solaris:1.2 CVE-1999-0165 1997-03-01T00:00:00.000-05:00 2008-09-09T08:33:53.557-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 NFS cache poisoning. cpe:/a:sun:nfs CVE-1999-0166 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:53.633-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 NFS allows users to use a "cd .." command to access other directories besides the exported file system. cpe:/o:sun:sunos:4.1.1 CVE-1999-0167 1991-12-06T00:00:00.000-05:00 2008-09-09T08:33:53.697-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. cpe:/o:sun:sunos:4.1.3c cpe:/o:sun:sunos:4.1.3 CVE-1999-0168 1992-06-04T00:00:00.000-04:00 2008-09-09T08:33:53.757-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. cpe:/a:sun:nfs CVE-1999-0169 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:53.837-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS NFS allows attackers to read and write any file on the system by specifying a false UID. cpe:/o:digital:ultrix CVE-1999-0170 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:53.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0171 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:53.977-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in syslog by sending it a large number of superfluous messages. cpe:/a:matt_wright:formmail CVE-1999-0172 1995-08-02T00:00:00.000-04:00 2008-09-09T08:33:54.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS FormMail CGI program allows remote execution of commands. cpe:/a:matt_wright:formmail CVE-1999-0173 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.103-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 FormMail CGI program can be used by web servers other than the host server that the program resides on. cpe:/a:netscape:communicator:4.07 cpe:/a:netscape:communicator:4.06 cpe:/a:netscape:communicator:4.6 cpe:/a:netscape:communicator:4.05 cpe:/a:netscape:communicator:4.51 cpe:/a:netscape:communicator:4.0 cpe:/a:netscape:communicator:4.5 CVE-1999-0174 1997-02-01T00:00:00.000-05:00 2008-09-09T08:33:54.180-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. cpe:/a:novell:web_server:1.0 CVE-1999-0175 1996-07-01T00:00:00.000-04:00 2008-09-09T08:33:54.243-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. cpe:/a:webgais_development_team:webgais:1.0b2 CVE-1999-0176 1997-07-10T00:00:00.000-04:00 2008-09-09T08:33:54.307-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The Webgais program allows a remote user to execute arbitrary commands. cpe:/a:oreilly:website:2.0 CVE-1999-0177 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:54.383-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. cpe:/a:oreilly:oreilly_website:1.1e CVE-1999-0178 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.540-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XF http-website-winsample(295) BID 2078 OSVDB 8 BUGTRAQ 19970106 Re: signal handling Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. cpe:/o:microsoft:windows_95 cpe:/o:microsoft:windows_nt:3.5.1 CVE-1999-0179 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.647-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q140818 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. CVE-1999-0180 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS in.rshd allows users to login with a NULL username and execute commands. cpe:/a:rpc.walld:rpc.walld CVE-1999-0181 1994-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.790-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. cpe:/a:samba:samba:1.9.17:p2 CVE-1999-0182 1997-09-30T00:00:00.000-04:00 2008-09-09T08:33:54.853-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC H-110 Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. cpe:/a:tftp:tftp cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0183 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:54.947-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Linux implementations of TFTP would allow access to files outside the restricted directory. cpe:/a:isc:bind:9.4.0 CVE-1999-0184 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:55.007-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0185 1997-10-01T00:00:00.000-04:00 2008-09-09T08:33:55.070-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00156 In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. cpe:/o:sun:solaris:2.6 CVE-1999-0186 1998-10-01T00:00:00.000-04:00 2008-09-09T08:33:55.227-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. CVE-1999-0187 1999-01-01T00:00:00.000-05:00 2008-09-09T08:33:59.307-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0188 1998-12-17T00:00:00.000-05:00 2008-09-09T08:33:59.367-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00182 The passwd command in Solaris can be subjected to a denial of service. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0189 1997-06-04T00:00:00.000-04:00 2008-09-09T08:33:59.447-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00142 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0190 1998-04-08T00:00:00.000-04:00 2008-09-09T08:33:59.507-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00167 Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. cpe:/a:microsoft:internet_information_server:3.0 CVE-1999-0191 1997-09-01T00:00:00.000-04:00 2008-09-09T08:33:59.570-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 275 IIS newdsn.exe CGI script allows remote users to overwrite files. cpe:/o:slackware:slackware_linux:3.2 cpe:/o:slackware:slackware_linux:3.5 cpe:/o:redhat:linux:6.0::i386 cpe:/o:slackware:slackware_linux:3.3 cpe:/o:redhat:linux:4.2 cpe:/o:redhat:linux:5.1 cpe:/o:redhat:linux:4.1 cpe:/o:slackware:slackware_linux:3.6 cpe:/o:redhat:linux:5.2::i386 cpe:/o:redhat:linux:4.0 cpe:/o:slackware:slackware_linux:3.4 cpe:/o:slackware:slackware_linux:4.0 cpe:/o:redhat:linux:5.0 cpe:/o:slackware:slackware_linux:3.9 CVE-1999-0192 1997-10-18T00:00:00.000-04:00 2008-09-09T08:33:59.647-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. cpe:/a:ascend:cascadeview_ux:1.0 CVE-1999-0193 1997-12-01T00:00:00.000-05:00 2008-09-09T08:33:59.710-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option. CVE-1999-0194 1999-05-01T00:00:00.000-04:00 2008-09-09T08:33:59.773-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in in.comsat allows attackers to generate messages. cpe:/o:sgi:irix cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0195 1997-07-01T00:00:00.000-04:00 2008-09-09T08:33:59.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. cpe:/a:webgais_development_team:webgais:1.0 CVE-1999-0196 1997-07-08T00:00:00.000-04:00 2008-09-09T08:33:59.913-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 2077 OSVDB 237 websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). CVE-1999-0197 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 finger 0@host on some systems may print information on some user accounts. CVE-1999-0198 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 finger .@host on some systems may print information on some user accounts. CVE-1999-0200 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. cpe:/a:ftp:ftp CVE-1999-0201 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.197-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. cpe:/a:university_of_washington:wu-ftpd:2.4.1 CVE-1999-0202 1997-01-01T00:00:00.000-05:00 2010-03-26T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. cpe:/a:eric_allman:sendmail:8.6.10 CVE-1999-0203 1995-08-17T00:00:00.000-04:00 2008-09-09T08:34:00.710-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. cpe:/a:eric_allman:sendmail:8.6.9 CVE-1999-0204 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.773-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. cpe:/a:eric_allman:sendmail:8.6.12 cpe:/a:eric_allman:sendmail:8.6.11 CVE-1999-0205 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Sendmail 8.6.11 and 8.6.12. cpe:/a:eric_allman:sendmail:8.8.1 cpe:/a:eric_allman:sendmail:8.8 CVE-1999-0206 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:00.913-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. cpe:/a:great_circle_associates:majordomo:1.90 cpe:/a:great_circle_associates:majordomo:1.91 CVE-1999-0207 1994-06-09T00:00:00.000-04:00 2008-09-09T08:34:00.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:3 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.0 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:3.2 cpe:/o:nec:ews-ux_v cpe:/o:nec:up-ux_v cpe:/o:nec:asl_ux_4800 cpe:/o:sgi:irix:4 CVE-1999-0208 1995-12-12T00:00:00.000-05:00 2008-09-09T08:34:01.057-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0 cpe:/o:sun:sunos:3.5 cpe:/o:sun:sunos:4.0.2 cpe:/o:sun:sunos:4.0.1 CVE-1999-0209 1990-08-14T00:00:00.000-04:00 2008-09-09T08:34:01.117-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 8 The SunView (SunTools) selection_svc facility allows remote users to read files. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0210 1997-11-26T00:00:00.000-05:00 2008-09-09T08:34:01.197-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-99-05 HP HPSBUX9910-104 BID 235 BUGTRAQ 19990103 SUN almost has a clue! (automountd) BUGTRAQ 19971126 Solaris 2.5.1 automountd exploit (fwd) Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. cpe:/o:sun:sunos:4.1.3c cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:2.0 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1.2 CVE-1999-0211 1994-02-14T00:00:00.000-05:00 2008-09-09T08:34:01.257-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 24 Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. cpe:/o:sun:sunos cpe:/o:sun:solaris:2.0 CVE-1999-0212 1998-04-29T00:00:00.000-04:00 2008-09-09T08:34:01.337-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CIAC I-048 Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.5.1 CVE-1999-0213 1998-07-15T00:00:00.000-04:00 2008-09-09T08:34:01.397-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.1.2 CVE-1999-0214 1992-07-21T00:00:00.000-04:00 2008-09-09T08:34:01.507-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service by sending forged ICMP unreachable packets. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:3 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:5 cpe:/o:sgi:irix:4 cpe:/o:sgi:irix:6.1 CVE-1999-0215 1998-10-26T00:00:00.000-05:00 2008-09-09T08:34:01.633-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CIAC J-012 SGI 19981004-01-PX Routed allows attackers to append data to files. cpe:/a:gnu:inet:5.01 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:hp:hp-ux:10 CVE-1999-0216 1997-11-01T00:00:00.000-05:00 2008-09-09T08:34:01.727-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service of inetd on Linux through SYN and RST packets. cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1psr_a cpe:/o:sun:sunos:4.1.3a1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.0.3c CVE-1999-0217 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:01.790-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. cpe:/h:livingston_portmaster:portmaster CVE-1999-0218 1995-10-01T00:00:00.000-04:00 2008-09-09T08:34:01.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Livingston portmaster machines could be rebooted via a series of commands. cpe:/a:cat_soft:serv-u:2.5 CVE-1999-0219 1997-07-01T00:00:00.000-04:00 2008-09-09T08:34:01.930-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF ftp-servu(205) BID 269 NTBUGTRAQ 19990504 Re: Buffer overflows in FTP Serv-U 2.5 NTBUGTRAQ 19990503 Buffer overflows in FTP Serv-U 2.5 Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. CVE-1999-0220 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Attackers can do a denial of service of IRC by crashing the server. cpe:/h:lucent:ascend_routers CVE-1999-0221 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:02.057-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service of Ascend routers through port 150 (remote administration). cpe:/h:cisco:router CVE-1999-0222 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:02.133-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. cpe:/o:sun:solaris:2.4 CVE-1999-0223 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:02.197-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 1878 CONFIRM http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. cpe:/o:microsoft:windows_nt:4.0:sp5 cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0224 1999-07-23T00:00:00.000-04:00 2008-09-09T08:34:02.257-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Windows NT messenger service through a long username. cpe:/o:microsoft:windows_nt:4.0 CVE-1999-0225 1998-02-14T00:00:00.000-05:00 2008-09-09T08:34:02.523-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 NAI 19980214 Windows NT Logon Denial of Service MSKB Q180963 Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. CVE-1999-0226 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. cpe:/o:microsoft:windows_nt:4.0 CVE-1999-0227 1997-06-01T00:00:00.000-04:00 2008-09-09T08:34:02.663-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q154087 Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0228 1997-02-07T00:00:00.000-05:00 2008-09-09T08:34:02.727-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q162567 Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. cpe:/a:microsoft:internet_information_server CVE-1999-0229 1999-05-12T00:00:00.000-04:00 2008-09-09T08:34:02.790-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Windows NT IIS server using ..\.. cpe:/o:cisco:ios:4.1.1 cpe:/o:cisco:ios:4.1.2 cpe:/o:cisco:ios:4.1 CVE-1999-0230 1997-12-15T00:00:00.000-05:00 2008-09-09T08:34:02.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 1102 Buffer overflow in Cisco 7xx routers through the telnet service. cpe:/a:seattle_lab_software:slmail:2.6 CVE-1999-0231 1999-01-01T00:00:00.000-05:00 2008-09-05T16:16:46.843-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access. CVE-1999-0232 1995-02-01T00:00:00.000-05:00 2008-09-09T08:34:03.007-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. cpe:/a:microsoft:internet_information_server:1.0 CVE-1999-0233 1996-02-25T00:00:00.000-05:00 2010-12-30T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MSKB Q155056 MSKB Q148188 IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. cpe:/o:caldera:openlinux cpe:/o:redhat:linux:3.0.3 cpe:/o:sgi:irix cpe:/o:suse:suse_linux:4.2 cpe:/o:yggdrasil:linux CVE-1999-0234 1996-10-08T00:00:00.000-04:00 2008-09-09T08:34:03.147-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Bash treats any character with a value of 255 as a command separator. cpe:/a:ncsa:ncsa_web_server:1.4.1 cpe:/a:ncsa:ncsa_web_server:1.4 cpe:/a:ncsa:ncsa_web_server:1.3 CVE-1999-0235 1995-02-17T00:00:00.000-05:00 2008-09-09T08:34:03.210-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. cpe:/a:apache:http_server cpe:/a:ncsa:servers CVE-1999-0236 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:03.273-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. cpe:/a:webcom:cgi_guestbook CVE-1999-0237 1997-09-01T00:00:00.000-04:00 2008-09-09T08:34:03.353-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Remote execution of arbitrary commands through Guestbook CGI program. cpe:/a:php:php:1.0 cpe:/a:php:php:2.0b10 cpe:/a:php:php:2.0 CVE-1999-0238 1997-08-01T00:00:00.000-04:00 2008-09-09T08:34:03.413-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 php.cgi allows attackers to read any file on the system. cpe:/a:netscape:fasttrack_server:3.01 CVE-1999-0239 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:03.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 122 Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. CVE-1999-0240 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sgi:irix cpe:/o:sun:solaris:7.0::x86 cpe:/a:xfree86_project:x11r6 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.5.1::x86 CVE-1999-0241 1995-11-01T00:00:00.000-05:00 2008-09-09T08:34:03.617-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. cpe:/o:slackware:slackware_linux CVE-1999-0242 1995-03-01T00:00:00.000-05:00 2008-09-09T08:34:03.680-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords. CVE-1999-0243 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Linux cfingerd could be exploited to gain root access. cpe:/a:livingston:radius:1.x CVE-1999-0244 1997-12-01T00:00:00.000-05:00 2008-09-09T08:34:03.820-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0245 1995-09-07T00:00:00.000-04:00 2008-09-09T08:34:03.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". cpe:/o:hp:hp-ux CVE-1999-0246 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:03.960-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP Remote Watch allows a remote user to gain root access. cpe:/a:isc:inn:1.5.1 cpe:/a:isc:inn:1.5 cpe:/a:isc:inn:1.4unoff4 cpe:/a:isc:inn:1.4unoff3 cpe:/a:isc:inn:1.4sec2 cpe:/a:isc:inn:1.4sec cpe:/a:isc:inn:1.4 CVE-1999-0247 1997-07-21T00:00:00.000-04:00 2008-09-09T08:34:04.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 1443 NAI 19970721 INN news server vulnerabilities Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. cpe:/a:ssh:ssh:1.2.27 CVE-1999-0248 1999-01-01T00:00:00.000-05:00 2008-09-05T16:16:49.157-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CONFIRM http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 MISC http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_nt CVE-1999-0249 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:04.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Windows NT RSHSVC program allows remote users to execute arbitrary commands. cpe:/a:dan_bernstein:qmail:1.01 CVE-1999-0250 1997-07-01T00:00:00.000-04:00 2008-09-09T08:34:04.353-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MISC http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html MISC http://cr.yp.to/qmail/venema.html BUGTRAQ 19970612 qmail-dos-2.c, another denial of service attack Denial of service in Qmail through long SMTP commands. cpe:/a:talkd:talkd CVE-1999-0251 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:04.413-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in talk program allows remote attackers to disrupt a user's display. cpe:/a:lsoft:listserv CVE-1999-0252 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:08.337-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in listserv allows arbitrary command execution. cpe:/a:microsoft:internet_information_server:1.0 cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:2.0 CVE-1999-0253 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:08.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. cpe:/o:sun:solaris:2.6 CVE-1999-0254 1998-11-02T00:00:00.000-05:00 2008-09-09T08:34:08.460-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. CVE-1999-0255 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in ircd allows arbitrary command execution. cpe:/o:microsoft:windows_95 cpe:/a:jgaa:warftpd:1.66 cpe:/o:microsoft:windows_nt CVE-1999-0256 1998-02-01T00:00:00.000-05:00 2008-09-09T08:34:08.603-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 875 Buffer overflow in War FTP allows remote execution of commands. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0257 1998-04-01T00:00:00.000-05:00 2008-09-09T08:34:08.663-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Nestea variation of teardrop IP fragmentation denial of service. cpe:/o:microsoft:windows_95 cpe:/o:microsoft:windows_nt CVE-1999-0258 1998-02-13T00:00:00.000-05:00 2008-09-09T08:34:08.743-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Bonk variation of teardrop IP fragmentation denial of service. cpe:/a:infodrom:cfingerd:1.2.2 CVE-1999-0259 1997-05-23T00:00:00.000-04:00 2008-09-09T08:34:08.807-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 cfingerd lists all users on a system via search.**@target. cpe:/a:renaud_deraison:jj CVE-1999-0260 1996-12-24T00:00:00.000-05:00 2008-09-09T08:34:08.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The jj CGI program allows command execution via shell metacharacters. CVE-1999-0261 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:08.947-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MISC http://www.insecure.org/sploits/netmanage.chameleon.overflows.html Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. cpe:/a:renaud_deraison:faxsurvey CVE-1999-0262 1998-08-04T00:00:00.000-04:00 2008-09-09T08:34:09.007-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XF http-cgi-faxsurvey(1532) BID 2056 Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. cpe:/o:sun:solaris:2.6:hw5 cpe:/o:sun:solaris:2.6:hw3 cpe:/o:sun:solaris:2.6:hw3:x86 cpe:/o:sun:solaris:2.6:hw5:x86 CVE-1999-0263 1998-07-16T00:00:00.000-04:00 2008-09-09T08:34:09.070-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00173 Solaris SUNWadmap can be exploited to obtain root access. cpe:/a:miva:htmlscript CVE-1999-0264 1998-01-27T00:00:00.000-05:00 2008-09-09T08:34:09.147-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 htmlscript CGI program allows remote read access to files. cpe:/o:microware:os-9 cpe:/o:novell:netware:3.12 CVE-1999-0265 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.210-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q154174 ICMP redirect messages may crash or lock up a host. cpe:/a:roar_smith:info2www CVE-1999-0266 1998-03-01T00:00:00.000-05:00 2008-09-09T08:34:09.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 1995 The info2www CGI script allows remote file access or remote command execution. cpe:/a:ncsa:ncsa_httpd:1.3 CVE-1999-0267 1997-09-23T00:00:00.000-04:00 2008-09-09T08:34:09.353-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. cpe:/a:metainfo:metaweb CVE-1999-0268 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.413-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 3969 OSVDB 110 MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. cpe:/a:netscape:enterprise_server CVE-1999-0269 1998-08-01T00:00:00.000-04:00 2008-09-09T08:34:09.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Netscape Enterprise servers may list files through the PageServices query. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.4 CVE-1999-0270 1998-04-03T00:00:00.000-05:00 2011-03-07T21:00:25.437-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF sgi-pfdispaly(810) BID 64 OSVDB 134 CIAC I-041 SGI 19980401-01-P Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. CVE-1999-0271 1998-01-15T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Progressive Networks Real Video server (pnserver) can be crashed remotely. cpe:/a:slmail:slmail:3.0.2421 CVE-1999-0272 1997-10-01T00:00:00.000-04:00 2008-09-09T08:34:09.680-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Slmail v2.5 through the POP3 port. cpe:/o:sun:solaris:2.5.1 CVE-1999-0273 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.757-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service through Solaris 2.5.1 telnet by sending ^D characters. cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0274 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.820-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. cpe:/o:microsoft:windows_nt CVE-1999-0275 1997-06-10T00:00:00.000-04:00 2008-09-09T08:34:09.883-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. cpe:/a:hughes:msql:2.0.1 cpe:/a:hughes:msql:2.0. CVE-1999-0276 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS mSQL v2.0.1 and below allows remote execution through a buffer overflow. cpe:/o:sun:solaris:2.0 CVE-1999-0277 1996-10-28T00:00:00.000-05:00 2008-09-09T08:34:10.023-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The WorkMan program can be used to overwrite any file to get root access. cpe:/a:microsoft:internet_information_server:3.0 cpe:/o:microsoft:windows_nt:4.0 cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0278 1998-06-01T00:00:00.000-04:00 2008-09-09T08:34:10.103-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MS MS98-003 In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. cpe:/a:excite:ews:1.1 CVE-1999-0279 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:10.180-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. cpe:/a:microsoft:ie:3.0.1 cpe:/a:microsoft:ie:3.0 CVE-1999-0280 1997-04-01T00:00:00.000-05:00 2008-09-09T08:34:10.243-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Remote command execution in Microsoft Internet Explorer using .lnk and .url files. cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:2.0 CVE-1999-0281 1997-06-01T00:00:00.000-04:00 2008-09-09T08:34:10.307-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in IIS using long URLs. CVE-1999-0282 1997-09-23T00:00:00.000-04:00 2008-09-09T08:34:13.757-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-1999-0283 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19970716 Viewable .jhtml source with JavaWebServer The Java Web Server would allow remote users to obtain the source code for CGI programs. cpe:/a:ibm:lotus_domino_mail_server cpe:/a:microsoft:exchange_server:5.0 cpe:/a:microsoft:exchange_server:4.0 CVE-1999-0284 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:13.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. cpe:/o:microsoft:windows_nt CVE-1999-0285 1999-01-01T00:00:00.000-05:00 2008-09-05T16:16:54.203-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. CVE-1999-0286 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. cpe:/a:webcom:cgi_guestbook CVE-1999-0287 1999-04-09T00:00:00.000-04:00 2008-09-09T08:34:14.103-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS Vulnerability in the Wguest CGI program. cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0288 1998-08-01T00:00:00.000-04:00 2008-09-09T08:34:14.197-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF nt-winsupd-fix(1233) MISC http://safenetworks.com/Windows/wins.html The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. cpe:/a:apache:http_server CVE-1999-0289 1999-12-12T00:00:00.000-05:00 2008-09-05T16:16:54.733-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. cpe:/a:qbik:wingate CVE-1999-0290 1998-02-21T00:00:00.000-05:00 2008-09-09T08:34:14.337-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. cpe:/a:qbik:wingate CVE-1999-0291 1999-02-01T00:00:00.000-05:00 2008-09-09T08:34:14.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0292 1997-04-01T00:00:00.000-05:00 2008-09-09T08:34:14.460-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service through Winpopup using large user names. cpe:/o:cisco:ios CVE-1999-0293 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:14.540-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS AAA authentication on Cisco systems allows attackers to execute commands without authorization. cpe:/a:microsoft:wins CVE-1999-0294 1997-10-01T00:00:00.000-04:00 2008-09-09T08:34:14.603-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 All records in a WINS database can be deleted through SNMP for a denial of service. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0295 1997-10-01T00:00:00.000-04:00 2008-09-09T08:34:14.663-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00157 Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.6::x86 CVE-1999-0296 1998-02-01T00:00:00.000-05:00 2008-09-09T08:34:14.743-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00162 Solaris volrmmount program allows attackers to read any file. cpe:/o:redhat:linux cpe:/o:netbsd:netbsd:2.0.4 cpe:/o:freebsd:freebsd:2.1.0 cpe:/a:paul_vixie:vixie_cron:3.0 cpe:/o:bsdi:bsd_os:2.1 CVE-1999-0297 1996-12-12T00:00:00.000-05:00 2008-09-09T08:34:14.807-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. cpe:/o:slackware:slackware_linux:2.2 cpe:/o:slackware:slackware_linux:2.1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:sunos:4.1.3 cpe:/o:slackware:slackware_linux:2.3 CVE-1999-0298 1997-02-05T00:00:00.000-05:00 2008-09-09T08:34:14.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS NAI 19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. cpe:/o:freebsd:freebsd:6.2:stable CVE-1999-0299 1997-03-05T00:00:00.000-05:00 2008-09-05T16:16:56.250-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 6093 Buffer overflow in FreeBSD lpd through long DNS hostnames. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0300 1997-10-01T00:00:00.000-04:00 2008-09-09T08:34:15.007-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00155 nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0301 1997-08-01T00:00:00.000-04:00 2008-09-09T08:34:15.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00149 Buffer overflow in SunOS/Solaris ps command. cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.5.1 CVE-1999-0302 1998-09-01T00:00:00.000-04:00 2008-09-09T08:34:15.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00176 SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:1.1.3:u1 cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:sun:solaris:2.0 cpe:/o:sun:solaris:1.1.2 cpe:/o:sun:solaris:2.2 cpe:/o:openbsd:openbsd:2.2 cpe:/o:sun:solaris:2.3 cpe:/o:digital:osf_1:1.1 cpe:/o:sun:solaris:2.5.1 cpe:/o:openbsd:openbsd:2.1 cpe:/o:sun:solaris:1.1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:1.1.4 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:::x86 cpe:/o:netbsd:netbsd:1.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:1.2 cpe:/o:sun:solaris:1.1.4::jl CVE-1999-0303 1998-05-21T00:00:00.000-04:00 2008-09-09T08:34:15.807-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. cpe:/o:netbsd:netbsd:2.0.4 cpe:/o:openbsd:openbsd:2.2 cpe:/o:bsdi:bsd_os:3.0 cpe:/o:freebsd:freebsd:2.2 CVE-1999-0304 1998-02-01T00:00:00.000-05:00 2008-09-09T08:34:15.867-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS mmap function in BSD allows local attackers in the kmem group to modify memory through devices. cpe:/o:openbsd:openbsd:2.0 cpe:/o:openbsd:openbsd:2.1 cpe:/o:freebsd:freebsd:2.2.5 cpe:/o:openbsd:openbsd:2.2 cpe:/o:freebsd:freebsd:2.2 cpe:/o:bsdi:bsd_os CVE-1999-0305 1998-02-01T00:00:00.000-05:00 2008-09-09T08:34:15.947-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF bsd-sourceroute(736) OSVDB 11502 MISC http://www.openbsd.org/advisories/sourceroute.txt The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. cpe:/o:hp:vvos:10.24 CVE-1999-0306 1997-11-04T00:00:00.000-05:00 2008-09-09T08:34:16.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 buffer overflow in HP xlock program. cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:10.00 CVE-1999-0307 2000-12-20T00:00:00.000-05:00 2008-09-09T08:34:16.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in HP-UX cstm program allows local users to gain root privileges. cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-0308 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:16.197-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9410-018 HP-UX gwind program allows users to modify arbitrary files. cpe:/o:hp:hp-ux:10.24 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.01 CVE-1999-0309 1997-02-01T00:00:00.000-05:00 2008-09-09T08:34:16.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9702-056 HP-UX vgdisplay program gives root access to local users. cpe:/a:ssh:ssh:1.2.25 CVE-1999-0310 1998-09-01T00:00:00.000-04:00 2008-09-09T08:34:16.353-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SSH 1.2.25 on HP-UX allows access to new user accounts. cpe:/o:hp:hp-ux:10 CVE-1999-0311 1996-11-01T00:00:00.000-05:00 2008-09-09T08:34:16.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9612-042 fpkg2swpk in HP-UX allows local users to gain root access. cpe:/o:hp:hp-ux CVE-1999-0312 1993-01-13T00:00:00.000-05:00 2008-09-09T08:34:16.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP ypbind allows attackers with root privileges to modify NIS data. cpe:/o:sgi:irix:6.4::s2mp CVE-1999-0313 1998-07-01T00:00:00.000-04:00 2008-09-09T08:34:16.557-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF sgi-disk-bandwidth(1441) BID 214 MISC http://www.securityfocus.com/bid/213/exploit OSVDB 936 SGI 19980701-01-P disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. cpe:/o:sgi:irix:6.4 CVE-1999-0314 1998-07-01T00:00:00.000-04:00 2008-09-09T08:34:16.617-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF sgi-ioconfig(1199) MISC http://www.securityfocus.com/bid/213/exploit BID 213 OSVDB 6788 SGI 19980701-01-P ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:7.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0315 1997-04-01T00:00:00.000-05:00 2008-09-09T08:34:16.697-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00138 Buffer overflow in Solaris fdformat command gives root access to local users. cpe:/a:sam_lantinga:splitvt:1.6.3 CVE-1999-0316 1995-12-01T00:00:00.000-05:00 2008-09-09T08:34:16.757-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Linux splitvt command gives root access to local users. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0317 1999-11-25T00:00:00.000-05:00 2008-09-09T08:34:16.837-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Linux su command gives root access to local users. cpe:/o:sun:solaris:8.0 cpe:/o:sun:solaris:2.6 cpe:/o:hp:hp-ux:11 cpe:/o:sun:solaris:7.0 cpe:/o:redhat:linux:6.0 cpe:/o:ibm:aix:4 cpe:/o:sun:solaris:2.5.1 CVE-1999-0318 1997-03-01T00:00:00.000-05:00 2008-09-09T08:34:16.897-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. CVE-1999-0319 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:16.960-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. cpe:/o:sun:sunos:4.1.3u1 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:sunos:4.1.4 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0320 1998-03-01T00:00:00.000-05:00 2008-09-09T08:34:17.040-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. cpe:/o:sun:solaris CVE-1999-0321 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:17.103-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Solaris kcms_configure command allows local users to gain root access. cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:freebsd:freebsd:2.2 CVE-1999-0322 1997-10-29T00:00:00.000-05:00 2008-09-09T08:34:17.163-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 6092 The open() function in FreeBSD allows local attackers to write to arbitrary files. cpe:/o:netbsd:netbsd:2.0.4 cpe:/o:openbsd:openbsd:2.2 cpe:/o:bsdi:bsd_os:3.0 cpe:/o:freebsd:freebsd:2.2 CVE-1999-0323 1998-02-20T00:00:00.000-05:00 2008-09-09T08:34:17.353-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS NETBSD 1998-003 FreeBSD mmap function allows users to modify append-only or immutable files. cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:9 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.01 CVE-1999-0324 1996-09-01T00:00:00.000-04:00 2008-09-09T08:34:17.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9702-053 ppl program in HP-UX allows local users to create root files through symlinks. cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-0325 1995-12-01T00:00:00.000-05:00 2008-09-09T08:34:17.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9406-013 vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. cpe:/o:hp:hp-ux:10.30 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:9 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 CVE-1999-0326 1997-10-01T00:00:00.000-04:00 2008-09-09T08:34:17.557-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9710-071 Vulnerability in HP-UX mediainit program. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.4 CVE-1999-0327 1997-11-01T00:00:00.000-05:00 2008-09-09T08:34:17.617-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SGI 19971103-01-PX SGI syserr program allows local users to corrupt files. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:5.3::xfs cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:6.1 CVE-1999-0328 1997-11-01T00:00:00.000-05:00 2008-09-09T08:34:17.697-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19971103-01-PX SGI permissions program allows local users to gain root privileges. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:5.3::xfs cpe:/o:sgi:irix:6.1 CVE-1999-0329 1998-06-01T00:00:00.000-04:00 2008-09-09T08:34:17.757-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19980602-01-PX SGI mediad program allows local users to gain root access. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0330 1998-03-01T00:00:00.000-05:00 2008-09-09T08:34:17.820-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Linux bdash game has a buffer overflow that allows local users to gain root access. cpe:/a:microsoft:ie:4.0 cpe:/a:microsoft:ie:3.0.2 cpe:/a:microsoft:ie:4.0.1 CVE-1999-0331 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:17.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS Buffer overflow in Internet Explorer 4.0(1). cpe:/a:microsoft:netmeeting:2.1 CVE-1999-0332 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:17.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS MSKB Q184346 Buffer overflow in NetMeeting allows denial of service and remote command execution. cpe:/o:hp:hp-ux CVE-1999-0333 1998-08-01T00:00:00.000-04:00 2008-09-09T08:34:18.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. cpe:/o:sun:solaris:2.0 cpe:/o:sun:solaris:::x86 CVE-1999-0334 1993-12-16T00:00:00.000-05:00 2008-09-09T08:34:18.117-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. cpe:/o:bsdi:bsd_os:2.1 cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0335 1996-08-01T00:00:00.000-04:00 2008-09-09T08:34:18.180-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. cpe:/o:hp:hp-ux:10 CVE-1999-0336 1996-11-01T00:00:00.000-05:00 2008-09-09T08:34:18.243-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in mstm in HP-UX allows local users to gain root access. cpe:/o:ibm:aix:2.2.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:1.3 cpe:/o:ibm:aix:1.2.1 CVE-1999-0337 1994-06-03T00:00:00.000-04:00 2008-09-09T08:34:18.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2.4 CVE-1999-0338 1994-02-24T00:00:00.000-05:00 2008-09-09T08:34:18.383-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIX Licensed Program Product performance tools allow local users to gain root access. cpe:/o:sun:solaris:2.5.1::ppc cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0339 1998-08-01T00:00:00.000-04:00 2008-09-09T08:34:18.460-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. cpe:/o:slackware:slackware_linux:3.4 CVE-1999-0340 1997-12-01T00:00:00.000-05:00 2008-09-09T08:34:18.523-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Linux Slackware crond program allows local users to gain root access. cpe:/o:slackware:slackware_linux:2.2 cpe:/o:slackware:slackware_linux:2.1 cpe:/o:debian:debian_linux:1.3.1 cpe:/o:slackware:slackware_linux:2.3 CVE-1999-0341 1998-01-01T00:00:00.000-05:00 2008-09-09T08:34:18.587-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. cpe:/a:pam:pam:0.64 CVE-1999-0342 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:18.663-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Linux PAM modules allow local users to gain root access using temporary files. cpe:/a:palace:palace_client CVE-1999-0343 1998-10-02T00:00:00.000-04:00 2008-09-09T08:34:18.727-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS A malicious Palace server can force a client to execute arbitrary programs. cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:3.5.1 CVE-1999-0344 1998-08-01T00:00:00.000-04:00 2008-09-09T08:34:18.790-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS MSKB Q190288 MS MS98-009 NT users can gain debug-level access on a system process using the Sechole exploit. cpe:/o:sun:sunos cpe:/o:sco:open_desktop:3 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:internet_faststart:1.1 cpe:/o:freebsd:freebsd:1.0 cpe:/o:sco:openserver:5 cpe:/h:ibm:sng:2.1 cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/h:ibm:sng:2.2 cpe:/o:freebsd:freebsd:1.1 cpe:/o:freebsd:freebsd:1.1.5.1 cpe:/o:freebsd:freebsd:1.2 CVE-1999-0345 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:18.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. cpe:/a:php:php_fi CVE-1999-0346 1997-10-16T00:00:00.000-04:00 2008-09-09T08:34:18.930-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 713 OSVDB 3397 CGI PHP mlog script allows an attacker to read any file on the target server. CVE-1999-0347 1999-01-26T00:00:00.000-05:00 2005-11-02T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 NTBUGTRAQ 19990126 Javascript ecurity bug in Internet Explorer BUGTRAQ 19990126 Javascript ecurity bug in Internet Explorer Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0348 1999-01-27T00:00:00.000-05:00 2008-09-09T08:34:19.070-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q197003 OSVDB 930 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0349 1999-01-27T00:00:00.000-05:00 2008-09-09T08:34:19.493-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS EEYE IIS Remote FTP Exploit/DoS Attack MSKB Q188348 MS MS99-003 A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. cpe:/a:rational_software:clearcase:3.2 CVE-1999-0350 1999-02-08T00:00:00.000-05:00 2008-09-09T08:34:19.570-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. cpe:/a:ftp:ftp_pasv CVE-1999-0351 1999-02-01T00:00:00.000-05:00 2008-09-05T16:17:03.967-04:00 6.4 NETWORK LOW NONE PARTIAL NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF pasv-pizza-thief-dos(3389) MISC http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. CVE-1999-0352 1999-01-25T00:00:00.000-05:00 2008-09-09T08:34:24.353-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption. cpe:/o:hp:hp-ux:11.00 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.01 CVE-1999-0353 1999-02-10T00:00:00.000-05:00 2008-09-09T08:34:24.413-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9902-091 CIAC J-026 rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. cpe:/a:microsoft:ie:5.0 cpe:/a:microsoft:ie:4.0 cpe:/a:microsoft:word:97 CVE-1999-0354 1999-11-01T00:00:00.000-05:00 2008-09-09T08:34:24.493-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS MS MS99-002 Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. cpe:/a:ca:controlit:4.5 CVE-1999-0355 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:24.557-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. CVE-1999-0356 1999-01-25T00:00:00.000-05:00 2008-09-09T08:34:24.617-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book. cpe:/o:microsoft:windows_98::gold CVE-1999-0357 1999-01-25T00:00:00.000-05:00 2008-09-09T08:34:24.697-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. cpe:/o:digital:unix:4.0c cpe:/o:digital:unix:4.0b cpe:/o:digital:unix:4.0a cpe:/o:digital:unix:4.0e cpe:/o:digital:unix:4.0 cpe:/o:digital:unix:4.0d CVE-1999-0358 1999-02-01T00:00:00.000-05:00 2008-09-09T08:34:24.757-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19990125 Digital Unix 4.0 exploitable buffer overflows CIAC J-027 Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. cpe:/a:marc_schaefer:ptylogin CVE-1999-0359 2001-03-12T00:00:00.000-05:00 2008-09-09T08:34:24.820-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. cpe:/a:microsoft:site_server:2.0 CVE-1999-0360 1999-01-30T00:00:00.000-05:00 2008-09-05T16:17:05.140-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990130 Security Advisory for Internet Information Server 4 with Site MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. CVE-1999-0361 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging. cpe:/a:ipswitch:ws_ftp_server:1.0.2eval cpe:/a:ipswitch:ws_ftp_server:1.0.1eval CVE-1999-0362 1999-02-02T00:00:00.000-05:00 2008-09-09T08:34:25.023-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 217 EEYE AD02021999 WS_FTP server remote denial of service through cwd command. cpe:/a:plp:line_printer_control cpe:/o:suse:suse_linux:5.2 CVE-1999-0363 1999-02-02T00:00:00.000-05:00 2008-09-09T08:34:25.103-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 328 SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. cpe:/a:microsoft:access:97 cpe:/a:fms_inc.:total_vb_sourcebook:6.0 CVE-1999-0364 1999-01-01T00:00:00.000-05:00 2008-09-05T16:17:05.670-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990204 Microsoft Access 97 Stores Database Password as Plaintext Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. cpe:/a:metainfo:sendmail:2.5 cpe:/a:metainfo:sendmail:2.0 cpe:/a:metainfo:metaip:3.1 CVE-1999-0365 1999-02-04T00:00:00.000-05:00 2008-09-09T08:34:25.243-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. cpe:/o:microsoft:windows_nt:4.0:sp4 CVE-1999-0366 1999-02-08T00:00:00.000-05:00 2008-09-09T08:34:25.307-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS MSKB Q214840 MS MS99-004 In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. cpe:/o:netbsd:netbsd:2.0.4 CVE-1999-0367 1999-02-09T00:00:00.000-05:00 2008-09-09T08:34:25.367-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 7571 NetBSD netstat command allows local users to access kernel memory. cpe:/o:sco:openserver:5.0.5 cpe:/o:slackware:slackware_linux:3.5 cpe:/o:sco:openserver:5.0 cpe:/o:sco:openserver:5.0.3 cpe:/o:redhat:linux:5.1 cpe:/o:slackware:slackware_linux:3.6 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9 cpe:/o:sco:unixware:7.0 cpe:/o:caldera:openlinux:1.3 cpe:/o:sco:unixware:7.0.1 cpe:/o:debian:debian_linux:2.0 cpe:/o:slackware:slackware_linux:3.4 cpe:/o:redhat:linux:5.0 cpe:/o:sco:openserver:5.0.2 cpe:/o:sco:openserver:5.0.4 cpe:/a:proftpd_project:proftpd:1.2_pre1 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18 CVE-1999-0368 1999-02-09T00:00:00.000-05:00 2008-09-09T08:34:25.447-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:1.1.3:u1 cpe:/o:sun:solaris:1.1.2 cpe:/o:sun:solaris:2.0 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:solaris:1.1 cpe:/o:sun:solaris:1.1.4 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:1.1.4::jl cpe:/o:sun:solaris:1.2 CVE-1999-0369 1997-02-01T00:00:00.000-05:00 2008-09-09T08:34:25.507-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00183 The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:7.0::x86 cpe:/o:sun:solaris:7.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0370 1999-02-10T00:00:00.000-05:00 2008-09-09T08:34:25.570-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 165 In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. cpe:/a:university_of_kansas:lynx:2.7.1 CVE-1999-0371 1999-02-11T00:00:00.000-05:00 2008-09-09T08:34:25.647-04:00 1.2 LOCAL HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Lynx allows a local user to overwrite sensitive files through /tmp symlinks. cpe:/o:microsoft:windows_2000 cpe:/a:microsoft:backoffice:4.0 cpe:/o:microsoft:windows_nt CVE-1999-0372 1999-02-12T00:00:00.000-05:00 2008-09-09T08:34:25.710-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q217004 MS MS99-005 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. cpe:/o:debian:debian_linux:2.0 CVE-1999-0373 1999-02-01T00:00:00.000-05:00 2008-09-09T08:34:25.773-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. cpe:/o:debian:debian_linux:2.0 CVE-1999-0374 1999-02-16T00:00:00.000-05:00 2008-09-09T08:34:25.853-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Debian GNU/Linux cfengine package is susceptible to a symlink attack. cpe:/a:network_flight_recorder:network_flight_recorder:2.0.3 CVE-1999-0375 1999-02-16T00:00:00.000-05:00 2008-09-09T08:34:25.913-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:3.5.1 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0376 1999-02-20T00:00:00.000-05:00 2008-09-09T08:34:25.977-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS MS MS99-006 Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. cpe:/o:unix:unix CVE-1999-0377 1999-02-22T00:00:00.000-05:00 2008-09-09T08:34:26.057-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. cpe:/a:trend_micro:interscan_viruswall CVE-1999-0378 1999-02-22T00:00:00.000-05:00 2008-09-09T08:34:26.117-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 6167 InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. cpe:/a:microsoft:backoffice_resource_kit:2.0 CVE-1999-0379 1999-02-22T00:00:00.000-05:00 2008-09-09T08:34:26.180-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 498 OSVDB 1019 MS MS99-007 Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. cpe:/a:seattle_lab_software:slmail:3.0.2421 CVE-1999-0380 1999-02-25T00:00:00.000-05:00 2008-09-09T08:34:26.257-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF slmail-ras-ntfs-bypass(5392) BID 497 NTBUGTRAQ SLmail 3.2 Build 3113 (Web Administration Security Fix) NTBUGTRAQ 199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service BUGTRAQ 19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. cpe:/o:debian:debian_linux:2.0 cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0381 1999-02-26T00:00:00.000-05:00 2008-09-09T08:34:26.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 342 BUGTRAQ 19990225 SUPER buffer overflow super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. cpe:/o:microsoft:windows_nt:3.5.1:sp4 cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:3.5.1:sp3 cpe:/o:microsoft:windows_nt:3.5.1:sp2 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_nt:3.5.1:sp5 cpe:/o:microsoft:windows_nt:3.5.1:sp1 CVE-1999-0382 1999-03-12T00:00:00.000-05:00 2008-09-09T08:34:26.397-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MS MS99-008 The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. cpe:/a:acc:tigris:10.5.8 CVE-1999-0383 1999-02-02T00:00:00.000-05:00 2008-09-09T08:34:26.460-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 183 OSVDB 267 ACC Tigris allows public access without a login. cpe:/o:microsoft:windows_2000 cpe:/a:microsoft:office:98::mac cpe:/a:microsoft:visual_basic:5.0 cpe:/a:microsoft:project:98 cpe:/a:microsoft:outlook:98 cpe:/o:microsoft:windows_nt CVE-1999-0384 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:26.523-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS MS MS99-001 The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. cpe:/a:microsoft:exchange_server:5.5 CVE-1999-0385 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:26.603-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MS MS99-009 The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. cpe:/a:microsoft:personal_web_server:4.0 cpe:/a:microsoft:frontpage CVE-1999-0386 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:26.663-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 111 MS MS99-010 Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. cpe:/o:microsoft:windows_95 cpe:/o:microsoft:windows_98::gold CVE-1999-0387 1999-11-29T00:00:00.000-05:00 2008-09-09T00:00:00.000-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 829 MS MS99-052 MSKB Q168115 A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. cpe:/a:datalynx:suguard:1.0 CVE-1999-0388 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:26.807-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 3186 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. cpe:/o:debian:debian_linux:2.0 cpe:/o:debian:debian_linux:1.1 cpe:/o:debian:debian_linux:1.3 cpe:/o:debian:debian_linux:1.3.1 cpe:/o:debian:debian_linux:1.2 CVE-1999-0389 1999-01-03T00:00:00.000-05:00 2008-09-09T08:34:26.883-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 324 Buffer overflow in the bootp server in the Debian Linux netstd package. cpe:/o:redhat:linux:5.1 cpe:/o:redhat:linux:4.2 cpe:/o:redhat:linux:4.1 cpe:/o:redhat:linux:5.2::i386 cpe:/o:suse:suse_linux:5.1 cpe:/o:redhat:linux:5.0 cpe:/o:suse:suse_linux:5.0 cpe:/o:redhat:linux:4.0 CVE-1999-0390 1999-01-04T00:00:00.000-05:00 2008-09-09T08:34:27.087-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 187 CALDERA CSSA-1999-006.1 Buffer overflow in Dosemu Slang library in Linux. cpe:/o:microsoft:windows_nt:4.0:sp5 cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:3.5.1:sp2 cpe:/o:microsoft:windows_nt:3.5.1:sp3 cpe:/o:microsoft:windows_nt:3.5.1:sp5 cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_nt:3.5.1:sp4 cpe:/a:microsoft:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_nt:3.5.1:sp1 CVE-1999-0391 1999-01-05T00:00:00.000-05:00 2008-09-09T08:34:27.147-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. cpe:/a:thomas_boutell:cgic_library:1.05 CVE-1999-0392 1999-01-10T00:00:00.000-05:00 2008-09-09T08:34:27.227-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in Thomas Boutell's cgic library version up to 1.05. cpe:/a:eric_allman:sendmail:8.8 cpe:/a:eric_allman:sendmail:8.9.2 CVE-1999-0393 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:27.290-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990121 Sendmail 8.8.x/8.9.x bugware Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. CVE-1999-0394 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 DPEC Online Courseware allows an attacker to change another user's password without knowing the original password. cpe:/a:backweb_technologies:backweb_polite_agent_protocol CVE-1999-0395 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:27.430-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ISS 19990118 Vulnerability in the BackWeb Polite Agent Protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. cpe:/o:openbsd:openbsd:2.4 cpe:/o:netbsd:netbsd:2.0.4 CVE-1999-0396 1999-02-17T00:00:00.000-05:00 2008-09-09T08:34:27.523-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. CVE-1999-0397 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext. cpe:/a:ssh:ssh2:2.0.11 cpe:/a:ssh:ssh:1.2.27 CVE-1999-0398 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:27.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. cpe:/a:khaled_mardam-bey:mirc:5.5 CVE-1999-0399 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:27.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. cpe:/o:linux:linux_kernel:2.2.0 CVE-1999-0400 1999-01-26T00:00:00.000-05:00 2008-09-05T16:17:11.140-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 344 Denial of service in Linux 2.2.0 running the ldd command on a core file. cpe:/o:linux:linux_kernel:2.2.1 CVE-1999-0401 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:27.867-04:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. cpe:/a:gnu:wget:1.5.3 CVE-1999-0402 1999-01-02T00:00:00.000-05:00 2008-09-09T08:34:29.727-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. cpe:/h:cyrix:linux CVE-1999-0403 1999-02-01T00:00:00.000-05:00 2008-09-09T08:34:29.807-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990204 Cyrix bug: freeze in hell, badboy A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. cpe:/a:smartmax_software:mailmax CVE-1999-0404 1999-02-14T00:00:00.000-05:00 2008-09-09T08:34:29.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. cpe:/o:freebsd:freebsd:2.2.5 cpe:/o:freebsd:freebsd:2.1.7.1 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:suse:suse_linux:4.3 cpe:/o:freebsd:freebsd:2.2.4 cpe:/o:freebsd:freebsd:3.2 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:suse:suse_linux:4.4 cpe:/o:suse:suse_linux:5.3 cpe:/o:suse:suse_linux:4.2 cpe:/o:suse:suse_linux:5.0 cpe:/o:freebsd:freebsd:2.2.8 cpe:/o:freebsd:freebsd:3.1 cpe:/o:debian:debian_linux:2.0.5 cpe:/o:freebsd:freebsd:2.2.6 cpe:/o:freebsd:freebsd:3.0 cpe:/o:redhat:linux:5.2::i386 cpe:/o:freebsd:freebsd:2.2.3 cpe:/o:suse:suse_linux:6.1 cpe:/o:debian:debian_linux:2.0 cpe:/o:suse:suse_linux:4.4.1 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.0 cpe:/o:suse:suse_linux:6.0 cpe:/o:freebsd:freebsd:2.2.2 cpe:/o:suse:suse_linux:5.1 cpe:/o:suse:suse_linux:5.2 CVE-1999-0405 1999-02-18T00:00:00.000-05:00 2008-09-09T08:34:29.930-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 3163 A buffer overflow in lsof allows local users to obtain root privilege. cpe:/o:digital:unix CVE-1999-0406 1999-02-19T00:00:00.000-05:00 2008-09-09T08:34:30.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege. cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0407 1999-02-09T00:00:00.000-05:00 2008-09-05T16:17:12.187-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990209 Re: IIS4 allows proxied password attacks over NetBIOS BUGTRAQ 19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. cpe:/a:sun:cobalt_raq CVE-1999-0408 1999-02-25T00:00:00.000-05:00 2008-09-09T08:34:30.163-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. cpe:/o:suse:suse_linux:3.5 cpe:/o:suse:suse_linux:5.2 CVE-1999-0409 1999-03-04T00:00:00.000-05:00 2008-09-09T08:34:30.243-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. cpe:/o:sun:solaris:2.6::x86 CVE-1999-0410 1999-03-05T00:00:00.000-05:00 2008-09-09T08:34:30.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. cpe:/o:sco:openserver:5 cpe:/o:sco:openserver:3.0 CVE-1999-0411 1999-03-07T00:00:00.000-05:00 2008-09-09T08:34:30.383-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access. cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:2.0 cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0412 1999-02-19T00:00:00.000-05:00 2008-09-09T08:34:30.447-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:6.5 CVE-1999-0413 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:30.523-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19990301-01-PX A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. cpe:/o:linux:linux_kernel:2.0.35 cpe:/o:linux:linux_kernel:2.0.36 cpe:/o:linux:linux_kernel:2.0.37 cpe:/o:linux:linux_kernel:2.0.30 CVE-1999-0414 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:30.587-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. cpe:/h:cisco:cisco_7xx_routers:4.2 cpe:/h:cisco:cisco_7xx_routers:3.2 CVE-1999-0415 1999-03-11T00:00:00.000-05:00 2008-09-09T08:34:30.647-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CISCO 19990311 Cisco 7xx TCP and HTTP Vulnerabilities CIAC J-034 The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. cpe:/h:cisco:cisco_7xx_routers CVE-1999-0416 1999-03-11T00:00:00.000-05:00 2008-09-09T08:34:30.743-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CISCO 19990311 Cisco 7xx TCP and HTTP Vulnerabilities CIAC J-034 Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. cpe:/o:sun:solaris:7.0 CVE-1999-0417 1999-03-09T00:00:00.000-05:00 2008-09-09T08:34:30.807-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 448 OSVDB 1001 64 bit Solaris 7 procfs allows local users to perform a denial of service. CVE-1999-0418 1999-03-08T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 6.4 NETWORK LOW NONE PARTIAL NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990308 SMTP server account probing Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection. CVE-1999-0419 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:30.947-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. cpe:/a:netbsd:umapfs CVE-1999-0420 1999-03-17T00:00:00.000-05:00 2008-09-09T08:34:31.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. cpe:/o:slackware:slackware_linux:3.6 CVE-1999-0421 1999-03-17T00:00:00.000-05:00 2008-09-09T08:34:31.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 338 OSVDB 981 During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. cpe:/o:netbsd:netbsd:1.3.3 CVE-1999-0422 1999-03-17T00:00:00.000-05:00 2008-09-09T08:34:31.147-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. cpe:/o:hp:hp-ux CVE-1999-0423 1994-06-01T00:00:00.000-04:00 2008-09-09T08:34:31.210-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9903-093 Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. cpe:/a:netscape:communicator:4.5 CVE-1999-0424 1999-03-18T00:00:00.000-05:00 2008-09-09T08:34:31.273-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. cpe:/a:netscape:communicator:4.5 CVE-1999-0425 1999-03-18T00:00:00.000-05:00 2008-09-09T08:34:31.337-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. cpe:/o:suse:suse_linux:6.0 CVE-1999-0426 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:31.413-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. cpe:/a:qualcomm:eudora_light:3.0 cpe:/a:qualcomm:eudora:4.3 cpe:/a:qualcomm:eudora_pro:1.00 cpe:/a:qualcomm:eudora:4.2 CVE-1999-0427 2000-05-01T00:00:00.000-04:00 2008-09-09T08:34:31.477-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names. cpe:/a:ssleay:ssleay cpe:/a:openssl:openssl CVE-1999-0428 1999-03-22T00:00:00.000-05:00 2008-09-09T08:34:31.540-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 3936 OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. cpe:/a:ibm:lotus_notes:4.5 CVE-1999-0429 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:31.617-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 19990326 Re: Lotus Notes security advisory BUGTRAQ 19990326 Lotus Notes Encryption Bug BUGTRAQ 19990324 Re: LNotes encryption BUGTRAQ 19990323 The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. cpe:/a:cisco:catalyst_5xxx_supervisor_software:2.1.502 cpe:/a:cisco:catalyst_5xxx_supervisor_software:2.1.501 cpe:/a:cisco:catalyst_29xx_supervisor_software:2.1.5 cpe:/a:cisco:catalyst_5xxx_supervisor_software:2.1.5 cpe:/a:cisco:catalyst_29xx_supervisor_software:2.1.501 cpe:/a:cisco:catalyst_12xx_supervisor_software:4.29 cpe:/a:cisco:catalyst_5xxx_supervisor_software:1.0 cpe:/a:cisco:catalyst_29xx_supervisor_software:2.1.502 cpe:/a:cisco:catalyst_29xx_supervisor_software:1.0 CVE-1999-0430 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:31.680-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 1103 Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload. cpe:/o:linux:linux_kernel:2.2.16 cpe:/o:linux:linux_kernel:2.2.15:pre16 cpe:/o:linux:linux_kernel:2.2.0 cpe:/o:linux:linux_kernel:2.2.3 cpe:/o:linux:linux_kernel:2.2.14 cpe:/o:linux:linux_kernel:2.2.15_pre20 cpe:/o:linux:linux_kernel:2.2.12 cpe:/o:linux:linux_kernel:2.2.10 cpe:/o:linux:linux_kernel:2.2.16:pre6 cpe:/o:linux:linux_kernel:2.2.15 cpe:/o:linux:linux_kernel:2.2.13 cpe:/o:linux:linux_kernel:2.1.89 CVE-1999-0431 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:31.757-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. cpe:/o:hp:hp-ux:11.00 CVE-1999-0432 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:31.820-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9903-094 ftp on HP-UX 11.00 allows local users to gain privileges. cpe:/o:slackware:slackware_linux:3.5 cpe:/o:slackware:slackware_linux:3.3 cpe:/o:redhat:linux:5.1 cpe:/o:slackware:slackware_linux:3.6 cpe:/o:redhat:linux:5.2::i386 cpe:/o:netbsd:netbsd:1.3.2 cpe:/o:suse:suse_linux:6.1 cpe:/o:netbsd:netbsd:1.3.3 cpe:/o:slackware:slackware_linux:3.4 cpe:/a:xfree86_project:x11r6:3.3.3 cpe:/o:slackware:slackware_linux:4.0 cpe:/o:suse:suse_linux:6.0 cpe:/o:suse:suse_linux:5.1 cpe:/o:suse:suse_linux:5.2 CVE-1999-0433 1999-03-21T00:00:00.000-05:00 2008-09-09T08:34:31.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. cpe:/o:netbsd:netbsd:1.3.3 cpe:/o:debian:debian_linux:2.0 cpe:/o:caldera:openlinux:1.2 cpe:/o:debian:debian_linux:2.0:r5 cpe:/o:redhat:linux:5.1 cpe:/o:suse:suse_linux:5.3 cpe:/o:debian:debian_linux:2.1 CVE-1999-0434 1999-03-30T00:00:00.000-05:00 2008-09-09T08:34:31.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 359 XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. cpe:/o:hp:hp-ux:11.00 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.01 CVE-1999-0435 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:32.040-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM. cpe:/o:hp:hp-ux:11.00 cpe:/a:hp:desms cpe:/o:hp:hp-ux:10.20 CVE-1999-0436 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:32.117-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9903-095 Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. cpe:/h:ramp_networks:webramp CVE-1999-0437 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:32.180-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. cpe:/h:ramp_networks:webramp_m3:1.0 cpe:/h:ramp_networks:webramp_200i:1.0 CVE-1999-0438 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:32.243-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. cpe:/o:caldera:openlinux cpe:/a:procmail:procmail:3.12 CVE-1999-0439 1999-04-05T00:00:00.000-04:00 2008-09-09T08:34:32.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. cpe:/a:netscape:navigator:4.03 cpe:/a:netscape:navigator:4.05 cpe:/a:sun:java cpe:/a:netscape:navigator:4.0 cpe:/a:netscape:communicator:4.5 cpe:/a:netscape:navigator:4.02 cpe:/a:netscape:navigator:4.08 cpe:/a:netscape:navigator:4.04 cpe:/a:netscape:navigator:4.61 cpe:/a:netscape:navigator:4.01 cpe:/a:netscape:navigator:4.06 cpe:/a:netscape:navigator:4.07 cpe:/a:netscape:navigator:4.5 CVE-1999-0440 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:32.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://java.sun.com/pr/1999/03/pr990329-01.html BID 1939 BUGTRAQ 19990405 Security Hole in Java 2 (and JDK 1.1.x) The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. cpe:/a:qbik:wingate:3.0 CVE-1999-0441 1999-02-22T00:00:00.000-05:00 2008-09-09T08:34:32.460-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 509 EEYE AD02221999 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.6 cpe:/o:sun:solaris:7.0::x86 cpe:/o:sun:solaris:7.0 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5.1 CVE-1999-0442 1999-01-07T00:00:00.000-05:00 2008-09-09T08:34:32.523-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 327 Solaris ff.core allows local users to modify files. cpe:/a:bmc:patrol_agent:3.2.3 CVE-1999-0443 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:32.603-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19990409 Patrol security bugs Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password. cpe:/o:microsoft:windows_95 cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_nt CVE-1999-0444 1999-04-12T00:00:00.000-04:00 2008-09-09T08:34:32.663-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. cpe:/o:cisco:ios:12.0%281%29w cpe:/o:cisco:ios:12.0%282%29xd cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.0%281%29xa3 cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0%282%29xc cpe:/o:cisco:ios:12.0%281%29xe cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.0%282%29xg cpe:/o:cisco:ios:12.0db cpe:/o:cisco:ios:12.0%282%29xf cpe:/o:cisco:ios:12.0%281%29xb CVE-1999-0445 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:32.757-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 1104 In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. cpe:/o:netbsd:netbsd:1.3.3 cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:netbsd:netbsd:1.3.2 CVE-1999-0446 1999-04-12T00:00:00.000-04:00 2008-09-09T08:34:32.837-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 7051 Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. cpe:/o:hp:mpe_ix CVE-1999-0447 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:32.897-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBMP9904-006 Local users can gain privileges using the debug utility in the MPE/iX operating system. cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0448 1999-01-01T00:00:00.000-05:00 2008-09-09T08:34:32.977-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. cpe:/a:microsoft:internet_information_server:4.0 CVE-1999-0449 1999-01-26T00:00:00.000-05:00 2008-09-09T08:34:33.040-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 193 OSVDB 4 OSVDB 3 OSVDB 2 The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:2.0 cpe:/a:microsoft:internet_information_server:4.0 cpe:/a:microsoft:internet_information_server:5.0 CVE-1999-0450 1999-01-26T00:00:00.000-05:00 2009-06-24T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 194 In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). cpe:/o:linux:linux_kernel:2.2.0 cpe:/o:linux:linux_kernel:2.0 CVE-1999-0451 1999-01-19T00:00:00.000-05:00 2008-09-05T16:17:18.560-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 343 Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. CVE-1999-0452 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A service or application has a backdoor password that was placed there by the developer. cpe:/h:cisco:router CVE-1999-0453 1999-01-01T00:00:00.000-05:00 2008-09-05T16:17:18.810-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). CVE-1999-0454 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. cpe:/a:allaire:coldfusion_server:4.0 CVE-1999-0455 1999-12-25T00:00:00.000-05:00 2008-09-09T08:34:36.197-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 115 The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. cpe:/o:debian:debian_linux:2.0 cpe:/o:debian:debian_linux:1.3 cpe:/o:debian:debian_linux:1.3.1 CVE-1999-0457 1999-01-17T00:00:00.000-05:00 2008-09-09T08:34:36.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 317 Linux ftpwatch program allows local users to gain root privileges. cpe:/a:l0pht:l0phtcrack:2.5 CVE-1999-0458 1999-01-06T00:00:00.000-05:00 2008-09-09T08:34:36.337-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 915 L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. CVE-1999-0459 1999-02-01T00:00:00.000-05:00 2008-09-09T08:34:36.397-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot. cpe:/o:linux:linux_kernel:2.1 cpe:/o:linux:linux_kernel:2.0 cpe:/o:linux:linux_kernel:2.3.0 CVE-1999-0460 1999-02-19T00:00:00.000-05:00 2008-09-05T16:17:19.560-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 312 Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. cpe:/o:sgi:irix cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0461 1999-01-28T00:00:00.000-05:00 2008-09-09T08:34:36.540-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. cpe:/o:suse:suse_linux:5.3 CVE-1999-0462 1999-03-17T00:00:00.000-05:00 2008-09-09T08:34:36.603-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 339 suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk. cpe:/a:l0pht:l0phtcrack:2.5 CVE-1999-0463 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:36.680-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SGI 19981201-01-PX Remote attackers can perform a denial of service using IRIX fcagent. cpe:/a:tripwire:tripwire:1.2 CVE-1999-0464 1999-01-04T00:00:00.000-05:00 2008-09-05T16:17:20.123-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CONFIRM http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2 OSVDB 6609 BUGTRAQ 19990104 Tripwire mess.. Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. CVE-1999-0465 1999-01-01T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. cpe:/o:netbsd:netbsd:1.3.3 cpe:/o:netbsd:netbsd:1.3.1 cpe:/o:netbsd:netbsd:1.3.2 cpe:/o:netbsd:netbsd:1.3 CVE-1999-0466 1999-04-21T00:00:00.000-04:00 2008-09-09T08:34:36.883-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 905 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. cpe:/a:webcom:cgi_guestbook CVE-1999-0467 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:36.947-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. cpe:/a:microsoft:ie:5.0 CVE-1999-0468 1999-04-09T00:00:00.000-04:00 2008-09-09T08:34:37.023-04:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MS MS99-012 Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. cpe:/a:microsoft:ie:5.0 CVE-1999-0469 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:37.087-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. cpe:/o:novell:netware:4.0 CVE-1999-0470 1999-04-09T00:00:00.000-04:00 2008-09-09T08:34:37.147-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 482 A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. cpe:/a:winroute:winroute CVE-1999-0471 1999-04-09T00:00:00.000-04:00 2008-09-09T08:34:37.227-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. cpe:/h:network_appliance:netcache cpe:/a:snmp:snmp CVE-1999-0472 1999-04-07T00:00:00.000-04:00 2008-09-09T08:34:37.290-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. cpe:/a:andrew_tridgell:rsync:2.3.1 CVE-1999-0473 1999-04-07T00:00:00.000-04:00 2008-09-09T08:34:37.353-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 145 The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. cpe:/a:mirabilis:icq:99a_2.13build1700 CVE-1999-0474 1999-04-05T00:00:00.000-04:00 2008-09-09T08:34:37.430-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. cpe:/a:procmail:procmail CVE-1999-0475 1999-04-05T00:00:00.000-04:00 2008-09-09T08:34:37.493-04:00 1.2 LOCAL HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. cpe:/o:sco:openserver CVE-1999-0476 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:37.570-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. cpe:/a:allaire:coldfusion_server:4.0 cpe:/a:allaire:coldfusion_server:2.0 cpe:/a:allaire:coldfusion_server:3.01 cpe:/a:allaire:coldfusion_server:3.0 cpe:/a:allaire:coldfusion_server:3.11 cpe:/a:allaire:coldfusion_server:3.12 CVE-1999-0477 1999-12-25T00:00:00.000-05:00 2008-09-05T16:17:21.920-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 115 The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. cpe:/a:sendmail:sendmail:8.9.2 CVE-1999-0478 1998-12-01T00:00:00.000-05:00 2008-09-09T08:34:37.710-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9904-097 Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. cpe:/a:netscape:enterprise_server:3.6 cpe:/o:hp:hp-ux:10.24 CVE-1999-0479 1999-03-01T00:00:00.000-05:00 2008-09-09T08:34:37.773-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9903-092 Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. cpe:/a:midnight_commander:midnight_commander:4 CVE-1999-0480 1999-04-01T00:00:00.000-05:00 2008-09-09T08:34:37.837-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. cpe:/o:openbsd:openbsd:2.4 CVE-1999-0481 1999-03-22T00:00:00.000-05:00 2008-09-09T08:34:37.913-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 7556 Denial of service in "poll" in OpenBSD. cpe:/o:openbsd:openbsd CVE-1999-0482 1999-03-21T00:00:00.000-05:00 2008-09-09T08:34:37.977-04:00