1999.tsv

CVE-1999-0001	2000-02-04	n/a	ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
CVE-1999-0002	1999-09-29	n/a	Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
CVE-1999-0003	1999-09-29	n/a	Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
CVE-1999-0004	2000-02-04	n/a	MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
CVE-1999-0005	1999-09-29	n/a	Arbitrary command execution via IMAP buffer overflow in authenticate command.
CVE-1999-0006	1999-09-29	n/a	Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
CVE-1999-0007	1999-09-29	n/a	Information from SSL-encrypted sessions via PKCS #1.
CVE-1999-0008	1999-09-29	n/a	Buffer overflow in NIS+, in Sun's rpc.nisd program.
CVE-1999-0009	1999-09-29	n/a	Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVE-1999-0010	1999-09-29	n/a	Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
CVE-1999-0011	1999-09-29	n/a	Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-1999-0014	1999-09-29	n/a	Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVE-1999-0015	2000-02-04	n/a	Teardrop IP denial of service.
CVE-1999-0016	1999-09-29	n/a	Land IP denial of service.
CVE-1999-0018	1999-09-29	n/a	Buffer overflow in statd allows root privileges.
CVE-1999-0019	1999-09-29	n/a	Delete or create a file via rpc.statd, due to invalid information.
CVE-1999-0021	1999-09-29	n/a	Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.
CVE-1999-0022	1999-09-29	n/a	Local user gains root privileges via buffer overflow in rdist, via expstr() function.
CVE-1999-0025	1999-09-29	n/a	root privileges via buffer overflow in df command on SGI IRIX systems.
CVE-1999-0031	2000-06-02	n/a	JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
CVE-1999-0032	1999-09-29	n/a	Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVE-1999-0036	1999-09-29	n/a	IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
CVE-1999-0039	1999-09-29	n/a	webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
CVE-1999-0044	1999-09-29	n/a	fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.
CVE-1999-0047	1999-09-29	n/a	MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
CVE-1999-0048	1999-09-29	n/a	Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
CVE-1999-0052	1999-09-29	n/a	IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
CVE-1999-0053	1999-09-29	n/a	TCP RST denial of service in FreeBSD.
CVE-1999-0054	1999-09-29	n/a	Sun's ftpd daemon can be subjected to a denial of service.
CVE-1999-0055	1999-09-29	n/a	Buffer overflows in Sun libnsl allow root access.
CVE-1999-0056	1999-09-29	n/a	Buffer overflow in Sun's ping program can give root access to local users.
CVE-1999-0057	1999-09-29	n/a	Vacation program allows command execution by remote users through a sendmail command.
CVE-1999-0058	1999-09-29	n/a	Buffer overflow in PHP cgi program, php.cgi allows shell access.
CVE-1999-0059	1999-09-29	n/a	IRIX fam service allows an attacker to obtain a list of all files on the server.
CVE-1999-0062	1999-09-29	n/a	The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
CVE-1999-0065	1999-09-29	n/a	Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
CVE-1999-0066	1999-09-29	n/a	AnyForm CGI remote execution.
CVE-1999-0067	1999-09-29	n/a	phf CGI program allows remote command execution through shell metacharacters.
CVE-1999-0068	1999-09-29	n/a	CGI PHP mylog script allows an attacker to read any file on the target server.
CVE-1999-0069	1999-09-29	n/a	Solaris ufsrestore buffer overflow.
CVE-1999-0070	1999-09-29	n/a	test-cgi program allows an attacker to list files on the server.
CVE-1999-0075	1999-09-29	n/a	PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
CVE-1999-0077	1999-09-29	n/a	Predictable TCP sequence numbers allow spoofing.
CVE-1999-0082	1999-09-29	n/a	CWD ~root command in ftpd allows root access.
CVE-1999-0084	1999-09-29	n/a	Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
CVE-1999-0085	1999-09-29	n/a	Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
CVE-1999-0087	1999-09-29	n/a	Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.
CVE-1999-0088	2000-02-04	n/a	IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
CVE-1999-0095	1999-09-29	n/a	The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
CVE-1999-0096	1999-09-29	n/a	Sendmail decode alias can be used to overwrite sensitive files.
CVE-1999-0101	2000-01-18	n/a	Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
CVE-1999-0103	1999-09-29	n/a	Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
CVE-1999-0104	2000-02-04	n/a	A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
CVE-1999-0108	1999-09-29	n/a	The printers program in IRIX has a buffer overflow that gives root access to local users.
CVE-1999-0109	1999-09-29	n/a	Buffer overflow in ffbconfig in Solaris 2.5.1.
CVE-1999-0112	1999-09-29	n/a	Buffer overflow in AIX dtterm program for the CDE.
CVE-1999-0113	1999-09-29	n/a	Some implementations of rlogin allow root access if given a -froot parameter.
CVE-1999-0115	2001-05-07	n/a	AIX bugfiler program allows local users to gain root access.
CVE-1999-0116	1999-09-29	n/a	Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
CVE-1999-0118	2000-06-02	n/a	AIX infod allows local users to gain root access through an X display.
CVE-1999-0120	1999-09-29	n/a	Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
CVE-1999-0125	1999-09-29	n/a	Buffer overflow in SGI IRIX mailx program.
CVE-1999-0126	1999-09-29	n/a	SGI IRIX buffer overflow in xterm and Xaw allows root access.
CVE-1999-0130	1999-09-29	n/a	Local users can start Sendmail in daemon mode and gain root privileges.
CVE-1999-0131	1999-09-29	n/a	Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-1999-0132	1999-09-29	n/a	Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
CVE-1999-0134	1999-09-29	n/a	vold in Solaris 2.x allows local users to gain root access.
CVE-1999-0139	1999-09-29	n/a	Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
CVE-1999-0141	1999-09-29	n/a	Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
CVE-1999-0144	2000-02-04	n/a	Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
CVE-1999-0145	2000-10-13	n/a	Sendmail WIZ command enabled, allowing root access.
CVE-1999-0146	1999-09-29	n/a	The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
CVE-1999-0148	1999-09-29	n/a	The handler CGI program in IRIX allows arbitrary command execution.
CVE-1999-0149	1999-09-29	n/a	The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.
CVE-1999-0153	1999-09-29	n/a	Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
CVE-1999-0157	1999-09-29	n/a	Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.
CVE-1999-0158	1999-09-29	n/a	Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.
CVE-1999-0160	1999-09-29	n/a	Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
CVE-1999-0161	1999-09-29	n/a	In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
CVE-1999-0164	1999-09-29	n/a	A race condition in the Solaris ps command allows an attacker to overwrite critical files.
CVE-1999-0178	1999-09-29	n/a	Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.
CVE-1999-0179	1999-09-29	n/a	Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
CVE-1999-0182	1999-09-29	n/a	Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
CVE-1999-0185	1999-09-29	n/a	In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
CVE-1999-0186	2000-02-04	n/a	In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
CVE-1999-0188	1999-09-29	n/a	The passwd command in Solaris can be subjected to a denial of service.
CVE-1999-0189	2000-03-22	n/a	Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
CVE-1999-0190	1999-09-29	n/a	Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
CVE-1999-0191	1999-09-29	n/a	IIS newdsn.exe CGI script allows remote users to overwrite files.
CVE-1999-0196	1999-09-29	n/a	websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).
CVE-1999-0199	2020-10-06	n/a	manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
CVE-1999-0209	1999-09-29	n/a	The SunView (SunTools) selection_svc facility allows remote users to read files.
CVE-1999-0210	2000-06-02	n/a	Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
CVE-1999-0211	1999-09-29	n/a	Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
CVE-1999-0212	2000-01-04	n/a	Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.
CVE-1999-0215	1999-09-29	n/a	Routed allows attackers to append data to files.
CVE-1999-0219	1999-09-29	n/a	Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
CVE-1999-0223	2001-05-07	n/a	Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
CVE-1999-0225	2000-06-02	n/a	Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
CVE-1999-0227	1999-09-29	n/a	Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
CVE-1999-0228	1999-09-29	n/a	Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
CVE-1999-0230	1999-09-29	n/a	Buffer overflow in Cisco 7xx routers through the telnet service.
CVE-1999-0233	2000-01-18	n/a	IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
CVE-1999-0239	1999-09-29	n/a	Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
CVE-1999-0247	2000-10-13	n/a	Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
CVE-1999-0248	2000-10-13	n/a	A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
CVE-1999-0250	2000-02-04	n/a	Denial of service in Qmail through long SMTP commands.
CVE-1999-0256	1999-09-29	n/a	Buffer overflow in War FTP allows remote execution of commands.
CVE-1999-0261	2000-02-04	n/a	Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.
CVE-1999-0262	1999-09-29	n/a	Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-1999-0263	1999-09-29	n/a	Solaris SUNWadmap can be exploited to obtain root access.
CVE-1999-0265	1999-09-29	n/a	ICMP redirect messages may crash or lock up a host.
CVE-1999-0266	1999-09-29	n/a	The info2www CGI script allows remote file access or remote command execution.
CVE-1999-0268	2001-05-07	n/a	MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
CVE-1999-0270	2000-01-18	n/a	Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.
CVE-1999-0278	1999-09-29	n/a	In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-1999-0283	2000-02-04	n/a	The Java Web Server would allow remote users to obtain the source code for CGI programs.
CVE-1999-0288	1999-09-29	n/a	The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
CVE-1999-0295	1999-09-29	n/a	Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
CVE-1999-0296	1999-09-29	n/a	Solaris volrmmount program allows attackers to read any file.
CVE-1999-0298	2000-02-04	n/a	ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
CVE-1999-0299	1999-09-29	n/a	Buffer overflow in FreeBSD lpd through long DNS hostnames.
CVE-1999-0300	1999-09-29	n/a	nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
CVE-1999-0301	1999-09-29	n/a	Buffer overflow in SunOS/Solaris ps command.
CVE-1999-0302	1999-09-29	n/a	SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
CVE-1999-0305	1999-09-29	n/a	The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
CVE-1999-0308	1999-09-29	n/a	HP-UX gwind program allows users to modify arbitrary files.
CVE-1999-0309	1999-09-29	n/a	HP-UX vgdisplay program gives root access to local users.
CVE-1999-0311	1999-09-29	n/a	fpkg2swpk in HP-UX allows local users to gain root access.
CVE-1999-0313	1999-09-29	n/a	disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
CVE-1999-0314	1999-09-29	n/a	ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
CVE-1999-0315	1999-09-29	n/a	Buffer overflow in Solaris fdformat command gives root access to local users.
CVE-1999-0320	1999-09-29	n/a	SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
CVE-1999-0322	2000-01-04	n/a	The open() function in FreeBSD allows local attackers to write to arbitrary files.
CVE-1999-0323	2000-06-02	n/a	FreeBSD mmap function allows users to modify append-only or immutable files.
CVE-1999-0324	1999-09-29	n/a	ppl program in HP-UX allows local users to create root files through symlinks.
CVE-1999-0325	1999-09-29	n/a	vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.
CVE-1999-0326	1999-09-29	n/a	Vulnerability in HP-UX mediainit program.
CVE-1999-0327	1999-09-29	n/a	SGI syserr program allows local users to corrupt files.
CVE-1999-0328	1999-09-29	n/a	SGI permissions program allows local users to gain root privileges.
CVE-1999-0329	1999-09-29	n/a	SGI mediad program allows local users to gain root access.
CVE-1999-0332	1999-09-29	n/a	Buffer overflow in NetMeeting allows denial of service and remote command execution.
CVE-1999-0344	1999-09-29	n/a	NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-1999-0346	1999-09-29	n/a	CGI PHP mlog script allows an attacker to read any file on the target server.
CVE-1999-0347	2000-02-04	n/a	Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
CVE-1999-0348	1999-09-29	n/a	IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
CVE-1999-0349	1999-09-29	n/a	A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
CVE-1999-0351	1999-09-29	n/a	FTP PASV "Pizza Thief" denial of service and unauthorized data access.  Attackers can steal data by connecting to a port that was intended for use by a client.
CVE-1999-0353	1999-09-29	n/a	rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
CVE-1999-0354	2000-02-04	n/a	Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content.  Also applies to Outlook when the client views a malicious email message.
CVE-1999-0358	2000-10-13	n/a	Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.
CVE-1999-0360	2000-02-04	n/a	MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
CVE-1999-0362	1999-09-29	n/a	WS_FTP server remote denial of service through cwd command.
CVE-1999-0363	1999-09-29	n/a	SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.
CVE-1999-0364	2000-02-04	n/a	Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
CVE-1999-0366	1999-09-29	n/a	In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-1999-0367	1999-09-29	n/a	NetBSD netstat command allows local users to access kernel memory.
CVE-1999-0369	1999-09-29	n/a	The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
CVE-1999-0370	2000-02-04	n/a	In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
CVE-1999-0372	1999-09-29	n/a	The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
CVE-1999-0376	1999-09-29	n/a	Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
CVE-1999-0377	1999-09-29	n/a	Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
CVE-1999-0378	2000-07-12	n/a	InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.
CVE-1999-0379	1999-09-29	n/a	Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
CVE-1999-0380	2002-03-09	n/a	SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.
CVE-1999-0381	2000-02-04	n/a	super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
CVE-1999-0382	1999-09-29	n/a	The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
CVE-1999-0383	1999-09-29	n/a	ACC Tigris allows public access without a login.
CVE-1999-0384	1999-09-29	n/a	The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
CVE-1999-0385	1999-09-29	n/a	The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVE-1999-0386	1999-09-29	n/a	Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
CVE-1999-0387	2000-07-12	n/a	A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
CVE-1999-0388	1999-09-29	n/a	DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
CVE-1999-0389	2000-02-04	n/a	Buffer overflow in the bootp server in the Debian Linux netstd package.
CVE-1999-0390	2000-03-22	n/a	Buffer overflow in Dosemu Slang library in Linux.
CVE-1999-0393	2000-10-13	n/a	Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
CVE-1999-0395	2000-10-13	n/a	A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.
CVE-1999-0400	2000-02-04	n/a	Denial of service in Linux 2.2.0 running the ldd command on a core file.
CVE-1999-0403	2000-10-13	n/a	A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
CVE-1999-0405	1999-09-29	n/a	A buffer overflow in lsof allows local users to obtain root privilege.
CVE-1999-0407	2000-06-02	n/a	By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
CVE-1999-0408	2000-01-04	n/a	Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
CVE-1999-0409	2000-01-04	n/a	Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.
CVE-1999-0410	1999-09-29	n/a	The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
CVE-1999-0412	1999-09-29	n/a	In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-1999-0413	1999-09-29	n/a	A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.
CVE-1999-0415	2000-07-12	n/a	The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.
CVE-1999-0416	2000-07-12	n/a	Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
CVE-1999-0417	1999-09-29	n/a	64 bit Solaris 7 procfs allows local users to perform a denial of service.
CVE-1999-0418	2001-09-12	n/a	Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
CVE-1999-0421	2000-01-04	n/a	During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
CVE-1999-0423	1999-09-29	n/a	Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.
CVE-1999-0428	2000-01-04	n/a	OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
CVE-1999-0429	2000-10-13	n/a	The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
CVE-1999-0430	1999-09-29	n/a	Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.
CVE-1999-0432	1999-09-29	n/a	ftp on HP-UX 11.00 allows local users to gain privileges.
CVE-1999-0434	2000-02-04	n/a	XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVE-1999-0436	1999-09-29	n/a	Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.
CVE-1999-0440	2000-10-13	n/a	The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-1999-0441	1999-09-29	n/a	Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
CVE-1999-0442	1999-09-29	n/a	Solaris ff.core allows local users to modify files.
CVE-1999-0443	2000-02-04	n/a	Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
CVE-1999-0445	1999-09-29	n/a	In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
CVE-1999-0446	1999-09-29	n/a	Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
CVE-1999-0447	1999-09-29	n/a	Local users can gain privileges using the debug utility in the MPE/iX operating system.
CVE-1999-0449	1999-09-29	n/a	The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
CVE-1999-0450	2000-02-04	n/a	In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVE-1999-0451	2000-02-04	n/a	Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
CVE-1999-0455	2000-02-04	n/a	The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
CVE-1999-0457	1999-09-29	n/a	Linux ftpwatch program allows local users to gain root privileges.
CVE-1999-0458	1999-09-29	n/a	L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.
CVE-1999-0460	2000-02-04	n/a	Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
CVE-1999-0462	2000-02-04	n/a	suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.
CVE-1999-0463	1999-09-29	n/a	Remote attackers can perform a denial of service using IRIX fcagent.
CVE-1999-0464	2000-06-02	n/a	Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
CVE-1999-0466	1999-09-29	n/a	The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
CVE-1999-0468	1999-09-29	n/a	Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
CVE-1999-0470	2000-01-04	n/a	A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
CVE-1999-0473	1999-09-29	n/a	The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
CVE-1999-0477	2000-02-04	n/a	The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
CVE-1999-0478	1999-09-29	n/a	Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.
CVE-1999-0479	1999-09-29	n/a	Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
CVE-1999-0481	1999-09-29	n/a	Denial of service in "poll" in OpenBSD.
CVE-1999-0482	1999-09-29	n/a	OpenBSD kernel crash through TSS handling, as caused by the crashme program.
CVE-1999-0483	1999-09-29	n/a	OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
CVE-1999-0484	1999-09-29	n/a	Buffer overflow in OpenBSD ping.
CVE-1999-0485	1999-09-29	n/a	Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
CVE-1999-0487	1999-09-29	n/a	The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
CVE-1999-0488	2000-02-04	n/a	Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
CVE-1999-0489	2000-02-04	n/a	MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
CVE-1999-0490	2000-02-04	n/a	MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
CVE-1999-0491	2000-06-02	n/a	The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-1999-0493	2000-06-02	n/a	rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
CVE-1999-0496	1999-09-29	n/a	A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
CVE-1999-0524	2000-02-04	n/a	ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-1999-0526	1999-09-29	n/a	An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
CVE-1999-0551	1999-09-29	n/a	HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.
CVE-1999-0562	2000-02-04	n/a	The registry in Windows NT can be accessed remotely by users who are not administrators.
CVE-1999-0593	2000-02-04	n/a	The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
CVE-1999-0604	2000-02-04	n/a	An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.
CVE-1999-0605	2000-02-04	n/a	An incorrect configuration of the Order Form 1.0 shopping cart  CGI program could disclose private information.
CVE-1999-0606	2000-02-04	n/a	An incorrect configuration of the EZMall 2000 shopping cart  CGI program "mall2000.cgi" could disclose private information.
CVE-1999-0607	2000-02-04	n/a	quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
CVE-1999-0608	2001-05-07	n/a	An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
CVE-1999-0609	2000-02-04	n/a	An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.
CVE-1999-0610	2000-02-04	n/a	An incorrect configuration of the Webcart CGI program could disclose private information.
CVE-1999-0635	2000-02-04	n/a	The echo service is running.
CVE-1999-0650	2000-02-04	n/a	The netstat service is running, which provides sensitive information to remote attackers.
CVE-1999-0656	2000-02-04	n/a	The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
CVE-1999-0661	2000-02-04	n/a	A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
CVE-1999-0668	2000-06-02	n/a	The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-0669	2000-02-04	n/a	The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-0670	2000-02-04	n/a	Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
CVE-1999-0671	2000-10-13	n/a	Buffer overflow in ToxSoft NextFTP client through CWD command.
CVE-1999-0672	2000-10-13	n/a	Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
CVE-1999-0673	2000-02-04	n/a	Buffer overflow in ALMail32 POP3 client via From: or To: headers.
CVE-1999-0674	2000-01-04	n/a	The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-1999-0675	2000-10-13	n/a	Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
CVE-1999-0676	2000-04-18	n/a	sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
CVE-1999-0677	2000-02-04	n/a	The WebRamp web administration utility has a default password.
CVE-1999-0678	2000-03-22	n/a	A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
CVE-1999-0679	2000-10-13	n/a	Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
CVE-1999-0680	2000-01-04	n/a	Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
CVE-1999-0681	2001-05-07	n/a	Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
CVE-1999-0682	2000-01-04	n/a	Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
CVE-1999-0683	2000-01-18	n/a	Denial of service in Gauntlet Firewall via a malformed ICMP packet.
CVE-1999-0685	2000-01-04	n/a	Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
CVE-1999-0686	2000-01-04	n/a	Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
CVE-1999-0687	2000-01-04	n/a	The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVE-1999-0688	2000-01-04	n/a	Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.
CVE-1999-0689	2000-01-04	n/a	The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVE-1999-0690	2000-01-04	n/a	HP CDE program includes the current directory in root's PATH variable.
CVE-1999-0691	2000-01-04	n/a	Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVE-1999-0692	2000-01-04	n/a	The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
CVE-1999-0693	2000-01-04	n/a	Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
CVE-1999-0694	2000-01-18	n/a	Denial of service in AIX ptrace system call allows local users to crash the system.
CVE-1999-0695	2000-01-04	n/a	The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.
CVE-1999-0696	2000-06-02	n/a	Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
CVE-1999-0697	2000-10-13	n/a	SCO Doctor allows local users to gain root privileges through a Tools option.
CVE-1999-0699	2000-01-04	n/a	The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.
CVE-1999-0700	2000-01-04	n/a	Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
CVE-1999-0701	2000-01-04	n/a	After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
CVE-1999-0702	2000-01-04	n/a	Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0703	2000-01-04	n/a	OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
CVE-1999-0704	2000-01-04	n/a	Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
CVE-1999-0705	2000-01-04	n/a	Buffer overflow in INN inews program.
CVE-1999-0706	2000-01-04	n/a	Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
CVE-1999-0707	2000-01-04	n/a	The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
CVE-1999-0708	2000-01-18	n/a	Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.
CVE-1999-0710	2000-01-04	n/a	The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
CVE-1999-0711	2000-04-18	n/a	The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
CVE-1999-0713	2000-01-04	n/a	The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVE-1999-0715	2000-01-04	n/a	Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
CVE-1999-0716	2000-01-04	n/a	Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
CVE-1999-0717	2000-01-04	n/a	A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
CVE-1999-0718	2004-09-01	n/a	IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
CVE-1999-0719	2000-06-02	n/a	The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
CVE-1999-0720	2000-04-18	n/a	The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
CVE-1999-0721	2000-01-04	n/a	Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
CVE-1999-0722	2000-01-04	n/a	The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
CVE-1999-0723	2000-01-04	n/a	The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
CVE-1999-0724	2000-01-04	n/a	Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
CVE-1999-0725	2000-01-04	n/a	When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
CVE-1999-0726	2000-01-04	n/a	An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
CVE-1999-0727	2000-03-22	n/a	A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
CVE-1999-0728	2000-01-04	n/a	A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
CVE-1999-0729	2001-05-07	n/a	Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.
CVE-1999-0731	2000-01-04	n/a	The KDE klock program allows local users to unlock a session using malformed input.
CVE-1999-0733	2000-03-22	n/a	Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
CVE-1999-0734	2000-01-18	n/a	A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.
CVE-1999-0735	2000-01-04	n/a	KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
CVE-1999-0736	2000-02-04	n/a	The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0737	2000-02-04	n/a	The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0738	2000-02-04	n/a	The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0739	2000-02-04	n/a	The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0740	2000-03-22	n/a	Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
CVE-1999-0741	2000-02-04	n/a	QMS CrownNet Unix Utilities for 2060 allows root to log on without a password.
CVE-1999-0742	2000-01-18	n/a	The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
CVE-1999-0743	2000-01-18	n/a	Trn allows local users to overwrite other users' files via symlinks.
CVE-1999-0744	2000-01-04	n/a	Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
CVE-1999-0745	2000-01-04	n/a	Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.
CVE-1999-0746	2000-03-22	n/a	A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.
CVE-1999-0747	2000-04-18	n/a	Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
CVE-1999-0749	2000-01-04	n/a	Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
CVE-1999-0750	2000-02-04	n/a	Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
CVE-1999-0751	2000-01-04	n/a	Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
CVE-1999-0753	2000-01-18	n/a	The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.
CVE-1999-0754	2000-06-02	n/a	The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
CVE-1999-0755	2000-01-04	n/a	Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
CVE-1999-0756	2001-09-18	n/a	ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
CVE-1999-0757	2001-02-14	n/a	The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
CVE-1999-0759	2000-10-13	n/a	Buffer overflow in FuseMAIL POP service via long USER and PASS commands.
CVE-1999-0760	2001-05-07	n/a	Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
CVE-1999-0761	2000-01-04	n/a	Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
CVE-1999-0763	2000-01-04	n/a	NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
CVE-1999-0764	2000-01-04	n/a	NetBSD allows ARP packets to overwrite static ARP entries.
CVE-1999-0765	2000-01-04	n/a	SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.
CVE-1999-0766	2000-01-04	n/a	The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
CVE-1999-0768	2000-01-18	n/a	Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
CVE-1999-0769	2000-01-04	n/a	Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVE-1999-0770	2000-01-18	n/a	Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
CVE-1999-0773	2000-04-18	n/a	Buffer overflow in Solaris lpset program allows local users to gain root access.
CVE-1999-0774	2000-01-04	n/a	Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.
CVE-1999-0776	2000-02-04	n/a	Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.
CVE-1999-0777	2000-01-04	n/a	IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
CVE-1999-0778	2000-03-22	n/a	Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.
CVE-1999-0779	2000-01-04	n/a	Denial of service in HP-UX SharedX recserv program.
CVE-1999-0780	2000-04-25	n/a	KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
CVE-1999-0781	2000-04-25	n/a	KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
CVE-1999-0782	2000-04-25	n/a	KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
CVE-1999-0783	2000-03-22	n/a	FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
CVE-1999-0784	2001-02-14	n/a	Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
CVE-1999-0785	2000-03-22	n/a	The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
CVE-1999-0786	2000-03-22	n/a	The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
CVE-1999-0787	2000-10-13	n/a	The SSH authentication agent follows symlinks via a UNIX domain socket.
CVE-1999-0788	2000-10-13	n/a	Arkiea nlservd allows remote attackers to conduct a denial of service.
CVE-1999-0789	2000-03-22	n/a	Buffer overflow in AIX ftpd in the libc library.
CVE-1999-0790	2000-04-18	n/a	A remote attacker can read information from a Netscape user's cache via JavaScript.
CVE-1999-0791	2000-10-13	n/a	Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.
CVE-1999-0792	2000-02-04	n/a	ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration.
CVE-1999-0793	2000-01-04	n/a	Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-1999-0794	2000-01-04	n/a	Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-1999-0796	2000-03-22	n/a	FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.
CVE-1999-0797	2000-03-22	n/a	NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
CVE-1999-0798	2000-02-04	n/a	Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE-1999-0800	2001-05-07	n/a	The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.
CVE-1999-0801	2002-03-09	n/a	BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
CVE-1999-0802	2000-01-04	n/a	Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.
CVE-1999-0803	2000-04-25	n/a	The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
CVE-1999-0804	2000-01-04	n/a	Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
CVE-1999-0805	2001-02-14	n/a	Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.
CVE-1999-0806	2000-03-22	n/a	Buffer overflow in Solaris dtprintinfo program.
CVE-1999-0808	2001-09-12	n/a	Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
CVE-1999-0811	2000-01-18	n/a	Buffer overflow in Samba smbd program via a malformed message command.
CVE-1999-0814	2000-01-04	n/a	Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.
CVE-1999-0815	2002-03-09	n/a	Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
CVE-1999-0816	2000-02-04	n/a	The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
CVE-1999-0818	2000-02-04	n/a	Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
CVE-1999-0819	2000-06-02	n/a	NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
CVE-1999-0820	2000-07-12	n/a	FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
CVE-1999-0821	2000-02-04	n/a	FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
CVE-1999-0822	2000-02-04	n/a	Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
CVE-1999-0823	2000-10-13	n/a	Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
CVE-1999-0824	2000-04-25	n/a	A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
CVE-1999-0825	2000-02-04	n/a	The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.
CVE-1999-0826	2000-10-13	n/a	Buffer overflow in FreeBSD angband allows local users to gain privileges.
CVE-1999-0828	2000-02-04	n/a	UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
CVE-1999-0831	2000-01-18	n/a	Denial of service in Linux syslogd via a large number of connections.
CVE-1999-0832	2000-06-02	n/a	Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
CVE-1999-0833	2000-01-04	n/a	Buffer overflow in BIND 8.2 via NXT records.
CVE-1999-0834	2000-01-18	n/a	Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
CVE-1999-0835	2000-01-04	n/a	Denial of service in BIND named via malformed SIG records.
CVE-1999-0836	2000-06-02	n/a	UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
CVE-1999-0837	2000-01-04	n/a	Denial of service in BIND by improperly closing TCP sessions via so_linger.
CVE-1999-0838	2000-06-02	n/a	Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
CVE-1999-0839	2000-01-04	n/a	Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
CVE-1999-0840	2000-02-04	n/a	Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
CVE-1999-0841	2000-02-04	n/a	Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
CVE-1999-0842	2000-06-02	n/a	Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0844	2000-02-04	n/a	Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
CVE-1999-0848	2000-01-04	n/a	Denial of service in BIND named via consuming more than "fdmax" file descriptors.
CVE-1999-0849	2000-01-04	n/a	Denial of service in BIND named via maxdname.
CVE-1999-0850	2000-02-04	n/a	The default permissions for Endymion MailMan allow local users to read email or modify files.
CVE-1999-0851	2000-01-04	n/a	Denial of service in BIND named via naptr.
CVE-1999-0852	2000-02-04	n/a	IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
CVE-1999-0853	2000-01-18	n/a	Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
CVE-1999-0854	2000-06-02	n/a	Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
CVE-1999-0855	2000-02-04	n/a	Buffer overflow in FreeBSD gdc program.
CVE-1999-0857	2000-02-04	n/a	FreeBSD gdc program allows local users to modify files via a symlink attack.
CVE-1999-0858	2000-01-04	n/a	Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
CVE-1999-0859	2000-06-02	n/a	Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
CVE-1999-0860	2000-02-04	n/a	Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
CVE-1999-0861	2000-01-04	n/a	Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-1999-0864	2000-06-02	n/a	UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
CVE-1999-0865	2000-06-02	n/a	Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
CVE-1999-0866	2000-06-02	n/a	Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
CVE-1999-0867	2000-01-04	n/a	Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-1999-0869	2000-01-04	n/a	Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-1999-0870	2000-01-04	n/a	Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.
CVE-1999-0871	2000-01-04	n/a	Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
CVE-1999-0872	2000-02-04	n/a	Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVE-1999-0873	2000-10-13	n/a	Buffer overflow in Skyfull mail server via MAIL FROM command.
CVE-1999-0874	2000-06-02	n/a	Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
CVE-1999-0875	2000-01-18	n/a	DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVE-1999-0876	2000-01-04	n/a	Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVE-1999-0877	2000-01-04	n/a	Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0878	2000-01-04	n/a	Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
CVE-1999-0881	2000-01-18	n/a	Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0883	2000-01-04	n/a	Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
CVE-1999-0884	2000-01-04	n/a	The Zeus web server administrative interface uses weak encryption for its passwords.
CVE-1999-0885	2000-02-04	n/a	Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
CVE-1999-0886	2000-01-04	n/a	The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
CVE-1999-0887	2000-01-04	n/a	FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.
CVE-1999-0888	2000-04-18	n/a	dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
CVE-1999-0889	2000-04-25	n/a	Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
CVE-1999-0890	2000-03-22	n/a	iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.
CVE-1999-0891	2000-01-04	n/a	The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-1999-0895	2000-04-25	n/a	Firewall-1 does not properly restrict access to LDAP attributes.
CVE-1999-0896	2000-03-22	n/a	Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
CVE-1999-0897	2000-04-25	n/a	iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0898	2000-01-18	n/a	Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
CVE-1999-0899	2000-01-18	n/a	The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVE-1999-0904	2000-10-13	n/a	Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.
CVE-1999-0905	2000-01-18	n/a	Denial of service in Axent Raptor firewall via malformed zero-length IP options.
CVE-1999-0906	2000-04-18	n/a	Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
CVE-1999-0908	2000-03-22	n/a	Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
CVE-1999-0909	2000-01-04	n/a	Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
CVE-1999-0910	2000-02-04	n/a	Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
CVE-1999-0911	2000-02-04	n/a	Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
CVE-1999-0912	2000-10-13	n/a	FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
CVE-1999-0913	2000-02-04	n/a	dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
CVE-1999-0914	2000-01-04	n/a	Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
CVE-1999-0915	2000-01-04	n/a	URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0917	2000-01-04	n/a	The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
CVE-1999-0918	2000-01-04	n/a	Denial of service in various Windows systems via malformed, fragmented IGMP packets.
CVE-1999-0919	2000-02-04	n/a	A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
CVE-1999-0920	2000-03-22	n/a	Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
CVE-1999-0921	2002-03-09	n/a	BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
CVE-1999-0922	2001-05-07	n/a	An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
CVE-1999-0923	2001-02-14	n/a	Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
CVE-1999-0924	2001-05-07	n/a	The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
CVE-1999-0925	2000-02-04	n/a	UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-1999-0926	2001-09-12	n/a	Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-1999-0927	2000-10-13	n/a	NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0928	2000-10-13	n/a	Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.
CVE-1999-0930	2002-03-09	n/a	wwwboard allows a remote attacker to delete message board articles via a malformed argument.
CVE-1999-0931	2000-03-22	n/a	Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.
CVE-1999-0932	2000-10-13	n/a	Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.
CVE-1999-0933	2000-01-04	n/a	TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0934	2000-01-04	n/a	classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
CVE-1999-0939	2000-01-04	n/a	Denial of service in Debian IRC Epic/epic4 client via a long string.
CVE-1999-0941	2000-02-04	n/a	Mutt mail client allows a remote attacker to execute commands via shell metacharacters.
CVE-1999-0943	2000-01-04	n/a	Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
CVE-1999-0945	2001-05-07	n/a	Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
CVE-1999-0946	2000-10-13	n/a	Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.
CVE-1999-0947	2000-01-04	n/a	AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
CVE-1999-0948	2000-02-04	n/a	Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
CVE-1999-0949	2000-02-04	n/a	Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
CVE-1999-0950	2000-04-25	n/a	Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via	a series of MKD and CWD commands that create nested directories.
CVE-1999-0951	2000-01-04	n/a	Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
CVE-1999-0952	2000-02-04	n/a	Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
CVE-1999-0954	2000-10-13	n/a	WWWBoard has a default username and default password.
CVE-1999-0958	2000-04-18	n/a	sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
CVE-1999-0959	2000-07-12	n/a	IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.
CVE-1999-0960	2000-01-04	n/a	IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.
CVE-1999-0961	2000-04-18	n/a	HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
CVE-1999-0962	2000-01-04	n/a	Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
CVE-1999-0963	2000-01-04	n/a	FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
CVE-1999-0964	2000-03-22	n/a	Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
CVE-1999-0968	2002-03-09	n/a	Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
CVE-1999-0969	2000-01-04	n/a	The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
CVE-1999-0970	2000-02-04	n/a	The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created.
CVE-1999-0971	2000-10-13	n/a	Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
CVE-1999-0972	2000-01-04	n/a	Buffer overflow in Xshipwars xsw program.
CVE-1999-0973	2000-01-04	n/a	Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
CVE-1999-0974	2000-01-04	n/a	Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
CVE-1999-0975	2000-01-04	n/a	The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
CVE-1999-0976	2000-06-02	n/a	Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
CVE-1999-0977	2000-01-04	n/a	Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
CVE-1999-0978	2000-01-04	n/a	htdig allows remote attackers to execute commands via filenames with shell metacharacters.
CVE-1999-0979	2000-01-04	n/a	The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
CVE-1999-0980	2000-01-04	n/a	Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
CVE-1999-0981	2000-01-04	n/a	Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-1999-0986	2000-01-04	n/a	The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
CVE-1999-0987	2000-01-04	n/a	Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
CVE-1999-0989	2000-01-04	n/a	Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
CVE-1999-0991	2000-01-04	n/a	Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.
CVE-1999-0992	2000-01-18	n/a	HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
CVE-1999-0994	2000-01-18	n/a	Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
CVE-1999-0995	2000-01-18	n/a	Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
CVE-1999-0996	2000-03-22	n/a	Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.
CVE-1999-0997	2000-04-25	n/a	wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVE-1999-0999	2000-01-18	n/a	Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
CVE-1999-1002	2000-02-04	n/a	Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
CVE-1999-1004	2000-10-13	n/a	Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
CVE-1999-1005	2000-04-25	n/a	Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
CVE-1999-1006	2000-02-04	n/a	Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
CVE-1999-1007	2000-04-25	n/a	Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
CVE-1999-1008	2000-04-18	n/a	xsoldier program allows local users to gain root access via a long argument.
CVE-1999-1010	2000-04-25	n/a	An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
CVE-1999-1011	2000-06-02	n/a	The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-1012	2001-09-12	n/a	SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
CVE-1999-1013	2001-09-12	n/a	named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.
CVE-1999-1014	2002-03-09	n/a	Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
CVE-1999-1015	2001-09-12	n/a	Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
CVE-1999-1016	2001-09-12	n/a	Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-1999-1017	2001-09-12	n/a	Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
CVE-1999-1018	2001-09-12	n/a	IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.
CVE-1999-1019	2002-03-09	n/a	SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.
CVE-1999-1020	2001-09-12	n/a	The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
CVE-1999-1021	2002-03-09	n/a	NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
CVE-1999-1022	2001-09-12	n/a	serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
CVE-1999-1023	2001-09-12	n/a	useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
CVE-1999-1024	2001-09-12	n/a	ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
CVE-1999-1025	2001-09-12	n/a	CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.
CVE-1999-1026	2001-09-12	n/a	aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
CVE-1999-1027	2002-03-09	n/a	Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.
CVE-1999-1028	2002-03-09	n/a	Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.
CVE-1999-1029	2001-09-12	n/a	SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
CVE-1999-1030	2001-09-12	n/a	counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation.
CVE-1999-1031	2001-09-12	n/a	counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument.
CVE-1999-1032	2002-03-09	n/a	Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
CVE-1999-1033	2001-09-12	n/a	Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
CVE-1999-1034	2002-03-09	n/a	Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.
CVE-1999-1035	2002-03-09	n/a	IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
CVE-1999-1036	2001-09-12	n/a	COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk.
CVE-1999-1037	2002-03-09	n/a	rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.
CVE-1999-1038	2001-09-12	n/a	Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable.
CVE-1999-1039	2001-09-12	n/a	Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise.
CVE-1999-1040	2001-09-12	n/a	Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.
CVE-1999-1041	2001-09-12	n/a	Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file.
CVE-1999-1042	2001-09-12	n/a	Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
CVE-1999-1043	2001-09-12	n/a	Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
CVE-1999-1044	2002-03-09	n/a	Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.
CVE-1999-1045	2002-03-09	n/a	pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
CVE-1999-1046	2001-09-12	n/a	Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
CVE-1999-1047	2002-03-09	n/a	When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.
CVE-1999-1048	2002-03-09	n/a	Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
CVE-1999-1049	2001-09-12	n/a	ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
CVE-1999-1050	2001-09-12	n/a	Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.
CVE-1999-1051	2001-09-12	n/a	Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
CVE-1999-1052	2001-09-12	n/a	Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
CVE-1999-1053	2001-09-12	n/a	guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-1999-1054	2001-09-12	n/a	The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command.
CVE-1999-1055	2002-03-09	n/a	Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
CVE-1999-1057	2002-03-09	n/a	VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
CVE-1999-1058	2001-09-12	n/a	Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands.
CVE-1999-1059	2002-03-09	n/a	Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
CVE-1999-1060	2001-09-12	n/a	Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
CVE-1999-1061	2001-09-12	n/a	HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.
CVE-1999-1062	2001-09-12	n/a	HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
CVE-1999-1063	2001-09-12	n/a	CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
CVE-1999-1064	2001-09-12	n/a	Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
CVE-1999-1065	2001-09-12	n/a	Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode.
CVE-1999-1066	2001-09-12	n/a	Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.
CVE-1999-1067	2001-09-12	n/a	SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.
CVE-1999-1068	2001-09-12	n/a	Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
CVE-1999-1069	2001-09-12	n/a	Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
CVE-1999-1070	2001-09-12	n/a	Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.
CVE-1999-1071	2001-09-12	n/a	Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.
CVE-1999-1072	2001-09-12	n/a	Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi.
CVE-1999-1073	2001-09-12	n/a	Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.
CVE-1999-1074	2002-03-09	n/a	Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
CVE-1999-1075	2001-09-12	n/a	inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
CVE-1999-1076	2001-09-12	n/a	Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
CVE-1999-1077	2001-09-12	n/a	Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
CVE-1999-1078	2001-09-12	n/a	WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.
CVE-1999-1079	2001-09-12	n/a	Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
CVE-1999-1080	2002-06-25	n/a	rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
CVE-1999-1081	2001-09-12	n/a	Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.
CVE-1999-1082	2001-09-12	n/a	Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.
CVE-1999-1083	2001-09-12	n/a	Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack.
CVE-1999-1084	2001-09-12	n/a	The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
CVE-1999-1085	2002-03-09	n/a	SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."
CVE-1999-1086	2001-09-12	n/a	Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls.
CVE-1999-1087	2002-03-09	n/a	Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
CVE-1999-1088	2001-09-12	n/a	Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.
CVE-1999-1089	2001-09-12	n/a	Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.
CVE-1999-1090	2002-03-09	n/a	The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
CVE-1999-1091	2001-09-12	n/a	UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack.
CVE-1999-1092	2001-09-12	n/a	tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file.
CVE-1999-1093	2002-03-09	n/a	Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
CVE-1999-1094	2002-03-09	n/a	Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
CVE-1999-1095	2001-09-12	n/a	sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.
CVE-1999-1096	2001-09-12	n/a	Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
CVE-1999-1097	2001-09-12	n/a	Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
CVE-1999-1098	2002-03-09	n/a	Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
CVE-1999-1099	2002-03-09	n/a	Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
CVE-1999-1100	2002-03-09	n/a	Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
CVE-1999-1101	2001-09-12	n/a	Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges.
CVE-1999-1102	2002-03-09	n/a	lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
CVE-1999-1103	2002-03-09	n/a	dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
CVE-1999-1104	2002-03-09	n/a	Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
CVE-1999-1105	2002-03-09	n/a	Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
CVE-1999-1106	2001-09-12	n/a	Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
CVE-1999-1107	2001-09-12	n/a	Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
CVE-1999-1109	2002-03-09	n/a	Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
CVE-1999-1110	2001-09-12	n/a	Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
CVE-1999-1111	2002-03-09	n/a	Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
CVE-1999-1112	2001-09-12	n/a	Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.
CVE-1999-1113	2001-09-12	n/a	Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port 106.
CVE-1999-1114	2002-03-09	n/a	Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
CVE-1999-1115	2002-03-09	n/a	Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
CVE-1999-1116	2002-03-09	n/a	Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
CVE-1999-1117	2002-03-09	n/a	lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
CVE-1999-1118	2002-03-09	n/a	ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
CVE-1999-1119	2002-03-09	n/a	FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
CVE-1999-1120	2002-03-09	n/a	netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.
CVE-1999-1121	2002-03-09	n/a	The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
CVE-1999-1122	2002-03-09	n/a	Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
CVE-1999-1123	2001-09-12	n/a	The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
CVE-1999-1124	2001-09-12	n/a	HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
CVE-1999-1125	2001-09-12	n/a	Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
CVE-1999-1126	2001-09-12	n/a	Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
CVE-1999-1127	2002-03-09	n/a	Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
CVE-1999-1128	2001-09-12	n/a	Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
CVE-1999-1129	2001-09-12	n/a	Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
CVE-1999-1130	2001-09-12	n/a	Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
CVE-1999-1131	2002-03-09	n/a	Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.
CVE-1999-1132	2002-03-09	n/a	Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
CVE-1999-1133	2001-09-12	n/a	HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
CVE-1999-1134	2001-09-12	n/a	Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.
CVE-1999-1135	2001-09-12	n/a	Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.
CVE-1999-1136	2002-03-09	n/a	Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
CVE-1999-1137	2002-03-09	n/a	The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
CVE-1999-1138	2002-03-09	n/a	SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
CVE-1999-1139	2002-03-09	n/a	Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
CVE-1999-1140	2002-03-09	n/a	Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.
CVE-1999-1141	2001-09-12	n/a	Ascom Timeplex router allows remote attackers to obtain sensitive information or conduct unauthorized activities by entering debug mode through a sequence of CTRL-D characters.
CVE-1999-1142	2002-03-09	n/a	SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
CVE-1999-1143	2002-03-09	n/a	Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.
CVE-1999-1144	2002-03-09	n/a	Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
CVE-1999-1145	2002-03-09	n/a	Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
CVE-1999-1146	2002-03-09	n/a	Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.
CVE-1999-1147	2002-03-09	n/a	Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.
CVE-1999-1148	2002-03-09	n/a	FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
CVE-1999-1149	2001-09-12	n/a	Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port.
CVE-1999-1150	2001-09-12	n/a	Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions.
CVE-1999-1151	2001-09-12	n/a	Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.
CVE-1999-1152	2001-09-12	n/a	Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.
CVE-1999-1153	2001-09-12	n/a	HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
CVE-1999-1154	2001-09-12	n/a	LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
CVE-1999-1155	2001-09-12	n/a	LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
CVE-1999-1156	2002-03-09	n/a	BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.
CVE-1999-1157	2002-03-09	n/a	Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
CVE-1999-1158	2001-09-12	n/a	Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.
CVE-1999-1159	2002-03-09	n/a	SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
CVE-1999-1160	2002-03-09	n/a	Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
CVE-1999-1161	2002-03-09	n/a	Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
CVE-1999-1162	2002-03-09	n/a	Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
CVE-1999-1163	2002-03-09	n/a	Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.
CVE-1999-1164	2001-09-12	n/a	Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
CVE-1999-1165	2001-09-12	n/a	GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
CVE-1999-1166	2001-09-12	n/a	Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
CVE-1999-1167	2002-03-09	n/a	Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
CVE-1999-1168	2001-09-12	n/a	install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
CVE-1999-1169	2001-09-12	n/a	nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
CVE-1999-1170	2001-09-12	n/a	IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1171	2001-09-12	n/a	IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1172	2001-09-12	n/a	By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
CVE-1999-1173	2001-09-12	n/a	Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
CVE-1999-1174	2001-09-12	n/a	ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
CVE-1999-1175	2002-03-09	n/a	Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
CVE-1999-1176	2001-09-12	n/a	Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script.
CVE-1999-1177	2002-03-09	n/a	Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.
CVE-1999-1178	2001-09-12	n/a	Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script.
CVE-1999-1179	2001-09-12	n/a	Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.
CVE-1999-1180	2001-09-12	n/a	O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.
CVE-1999-1181	2002-03-09	n/a	Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
CVE-1999-1182	2001-09-12	n/a	Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
CVE-1999-1183	2001-09-12	n/a	System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.
CVE-1999-1184	2001-09-12	n/a	Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable.
CVE-1999-1185	2001-09-12	n/a	Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
CVE-1999-1186	2001-09-12	n/a	rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
CVE-1999-1187	2001-09-12	n/a	Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
CVE-1999-1188	2002-03-09	n/a	mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
CVE-1999-1189	2004-09-01	n/a	Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
CVE-1999-1190	2001-09-12	n/a	Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
CVE-1999-1191	2002-03-09	n/a	Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVE-1999-1192	2002-03-09	n/a	Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVE-1999-1193	2002-03-09	n/a	The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
CVE-1999-1194	2002-03-09	n/a	chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
CVE-1999-1195	2001-09-12	n/a	NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly.
CVE-1999-1196	2001-09-12	n/a	Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
CVE-1999-1197	2002-03-09	n/a	TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
CVE-1999-1198	2002-03-09	n/a	BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
CVE-1999-1199	2004-09-01	n/a	Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
CVE-1999-1200	2001-09-12	n/a	Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command.
CVE-1999-1201	2004-09-01	n/a	Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
CVE-1999-1202	2001-09-12	n/a	StarTech (1) POP3 proxy server and (2) telnet server allows remote attackers to cause a denial of service via a long USER command.
CVE-1999-1203	2002-03-09	n/a	Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
CVE-1999-1204	2002-03-09	n/a	Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
CVE-1999-1205	2002-03-09	n/a	nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
CVE-1999-1206	2001-09-12	n/a	SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control.
CVE-1999-1207	2001-09-12	n/a	Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
CVE-1999-1208	2002-03-09	n/a	Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
CVE-1999-1209	2002-03-09	n/a	Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
CVE-1999-1210	2001-09-12	n/a	xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.
CVE-1999-1211	2001-09-12	n/a	Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.
CVE-1999-1212	2001-09-12	n/a	Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.
CVE-1999-1213	2001-09-12	n/a	Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service.
CVE-1999-1214	2002-03-09	n/a	The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
CVE-1999-1215	2002-03-09	n/a	LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
CVE-1999-1216	2001-09-12	n/a	Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
CVE-1999-1217	2004-09-01	n/a	The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
CVE-1999-1218	2001-09-12	n/a	Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files.
CVE-1999-1219	2001-09-12	n/a	Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command.
CVE-1999-1220	2001-09-12	n/a	Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.
CVE-1999-1221	2001-09-12	n/a	dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
CVE-1999-1222	2002-03-09	n/a	Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
CVE-1999-1223	2002-03-09	n/a	IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
CVE-1999-1224	2001-09-12	n/a	IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
CVE-1999-1225	2001-09-12	n/a	rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
CVE-1999-1226	2002-03-09	n/a	Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
CVE-1999-1227	2001-09-12	n/a	Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.
CVE-1999-1228	2001-09-12	n/a	Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
CVE-1999-1229	2001-09-12	n/a	Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
CVE-1999-1230	2001-09-12	n/a	Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
CVE-1999-1231	2001-09-12	n/a	ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
CVE-1999-1232	2001-09-12	n/a	Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.
CVE-1999-1233	2002-03-09	n/a	IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
CVE-1999-1234	2001-09-12	n/a	LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
CVE-1999-1235	2001-09-12	n/a	Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
CVE-1999-1236	2001-09-12	n/a	Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf.
CVE-1999-1237	2001-09-12	n/a	Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
CVE-1999-1238	2001-09-12	n/a	Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges.
CVE-1999-1239	2001-09-12	n/a	HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.
CVE-1999-1240	2001-09-12	n/a	Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message.
CVE-1999-1241	2001-09-12	n/a	Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
CVE-1999-1242	2001-09-12	n/a	Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.
CVE-1999-1243	2002-03-09	n/a	SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.
CVE-1999-1244	2001-09-12	n/a	IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file.
CVE-1999-1245	2001-09-12	n/a	vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information.
CVE-1999-1246	2002-03-09	n/a	Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
CVE-1999-1247	2001-09-12	n/a	Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.
CVE-1999-1248	2001-09-12	n/a	Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
CVE-1999-1249	2002-03-09	n/a	movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
CVE-1999-1250	2001-09-12	n/a	Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files.
CVE-1999-1251	2001-09-12	n/a	Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
CVE-1999-1252	2001-09-12	n/a	Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.
CVE-1999-1253	2001-09-12	n/a	Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
CVE-1999-1254	2001-09-12	n/a	Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
CVE-1999-1255	2001-09-12	n/a	Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter.
CVE-1999-1256	2001-09-12	n/a	Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file.
CVE-1999-1257	2001-09-12	n/a	Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).
CVE-1999-1258	2002-03-09	n/a	rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
CVE-1999-1259	2002-03-09	n/a	Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
CVE-1999-1260	2001-09-12	n/a	mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
CVE-1999-1261	2001-09-12	n/a	Buffer overflow in Rainbow Six Multiplayer allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long nickname (nick) command.
CVE-1999-1262	2002-03-09	n/a	Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.
CVE-1999-1263	2002-03-09	n/a	Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
CVE-1999-1264	2001-09-12	n/a	WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled.
CVE-1999-1265	2001-09-12	n/a	SMTP server in SLmail 3.1 and earlier allows remote attackers to cause a denial of service via malformed commands whose arguments begin with a "(" (parenthesis) character, such as (1) SEND, (2) VRFY, (3) EXPN, (4) MAIL FROM, (5) RCPT TO.
CVE-1999-1266	2001-09-12	n/a	rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.
CVE-1999-1267	2001-09-12	n/a	KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
CVE-1999-1268	2001-09-12	n/a	Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
CVE-1999-1269	2001-09-12	n/a	Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
CVE-1999-1270	2001-09-12	n/a	KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVE-1999-1271	2001-09-12	n/a	Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
CVE-1999-1272	2001-09-12	n/a	Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
CVE-1999-1273	2001-09-12	n/a	Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.
CVE-1999-1274	2001-09-12	n/a	iPass RoamServer 3.1 creates temporary files with world-writable permissions.
CVE-1999-1275	2001-09-12	n/a	Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.
CVE-1999-1276	2002-03-09	n/a	fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
CVE-1999-1277	2001-09-12	n/a	BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.
CVE-1999-1278	2001-09-12	n/a	nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl.
CVE-1999-1279	2002-03-09	n/a	An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
CVE-1999-1280	2001-09-12	n/a	Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.
CVE-1999-1281	2001-09-12	n/a	Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program.
CVE-1999-1282	2001-09-12	n/a	RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.
CVE-1999-1283	2001-09-12	n/a	Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.
CVE-1999-1284	2002-03-09	n/a	NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.
CVE-1999-1285	2001-09-12	n/a	Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
CVE-1999-1286	2001-09-12	n/a	addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file.
CVE-1999-1287	2001-09-12	n/a	Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface.
CVE-1999-1288	2002-03-09	n/a	Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
CVE-1999-1289	2001-09-12	n/a	ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
CVE-1999-1290	2002-03-09	n/a	Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.
CVE-1999-1291	2001-09-12	n/a	TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.
CVE-1999-1292	2001-09-12	n/a	Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL.
CVE-1999-1293	2001-09-12	n/a	mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVE-1999-1294	2002-03-09	n/a	Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
CVE-1999-1295	2001-09-12	n/a	Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS.
CVE-1999-1296	2001-09-12	n/a	Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
CVE-1999-1297	2002-03-09	n/a	cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
CVE-1999-1298	2002-03-09	n/a	Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
CVE-1999-1299	2001-09-12	n/a	rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
CVE-1999-1300	2001-09-12	n/a	Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.
CVE-1999-1301	2002-03-09	n/a	A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.
CVE-1999-1302	2001-09-12	n/a	Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access.
CVE-1999-1303	2001-09-12	n/a	Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.
CVE-1999-1304	2001-09-12	n/a	Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.
CVE-1999-1305	2001-09-12	n/a	Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.
CVE-1999-1306	2001-09-12	n/a	Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
CVE-1999-1307	2001-09-12	n/a	Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
CVE-1999-1308	2001-09-12	n/a	Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.
CVE-1999-1309	2002-03-09	n/a	Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.
CVE-1999-1311	2001-09-12	n/a	Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
CVE-1999-1312	2001-09-12	n/a	Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges.
CVE-1999-1313	2001-09-12	n/a	Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
CVE-1999-1314	2001-09-12	n/a	Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
CVE-1999-1315	2001-09-12	n/a	Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service.
CVE-1999-1316	2002-03-09	n/a	Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
CVE-1999-1317	2002-03-09	n/a	Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
CVE-1999-1318	2002-03-09	n/a	/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
CVE-1999-1319	2001-09-12	n/a	Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.
CVE-1999-1320	2002-03-09	n/a	Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
CVE-1999-1321	2002-03-09	n/a	Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
CVE-1999-1322	2001-09-12	n/a	The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
CVE-1999-1323	2001-09-12	n/a	Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
CVE-1999-1324	2002-03-09	n/a	VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
CVE-1999-1325	2002-03-09	n/a	SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
CVE-1999-1326	2002-03-09	n/a	wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
CVE-1999-1327	2002-03-09	n/a	Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
CVE-1999-1328	2002-03-09	n/a	linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
CVE-1999-1329	2002-03-09	n/a	Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
CVE-1999-1330	2002-03-09	n/a	The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
CVE-1999-1331	2002-03-09	n/a	netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
CVE-1999-1332	2002-03-09	n/a	gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
CVE-1999-1333	2002-03-09	n/a	automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
CVE-1999-1334	2001-09-12	n/a	Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command line argument.
CVE-1999-1335	2002-03-09	n/a	snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
CVE-1999-1336	2002-03-09	n/a	3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.
CVE-1999-1337	2003-04-02	n/a	FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
CVE-1999-1338	2001-09-12	n/a	Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.
CVE-1999-1339	2002-03-09	n/a	Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
CVE-1999-1340	2001-09-12	n/a	Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
CVE-1999-1341	2002-03-09	n/a	Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.
CVE-1999-1342	2001-09-12	n/a	ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port.
CVE-1999-1343	2001-09-12	n/a	HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters.
CVE-1999-1344	2001-09-12	n/a	Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file.
CVE-1999-1345	2001-09-12	n/a	Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred.
CVE-1999-1346	2001-09-12	n/a	PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.
CVE-1999-1347	2001-09-12	n/a	Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.
CVE-1999-1348	2001-09-12	n/a	Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
CVE-1999-1349	2001-09-12	n/a	NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111.
CVE-1999-1350	2001-09-12	n/a	ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse.
CVE-1999-1351	2002-03-09	n/a	Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.
CVE-1999-1352	2001-09-12	n/a	mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.
CVE-1999-1353	2001-09-12	n/a	Nosque MsgCore 2.14 stores passwords in cleartext: (1) the administrator password in the AdmPasswd registry key, and (2) user passwords in the Userbase.dbf data file, which could allow local users to gain privileges.
CVE-1999-1354	2001-09-12	n/a	E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG when logging is enabled.
CVE-1999-1355	2001-09-12	n/a	BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
CVE-1999-1356	2002-03-09	n/a	Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.
CVE-1999-1357	2001-09-12	n/a	Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
CVE-1999-1358	2002-03-09	n/a	When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
CVE-1999-1359	2002-03-09	n/a	When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
CVE-1999-1360	2002-03-09	n/a	Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
CVE-1999-1361	2001-09-12	n/a	Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
CVE-1999-1362	2002-06-25	n/a	Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
CVE-1999-1363	2002-03-09	n/a	Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
CVE-1999-1364	2001-09-12	n/a	Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
CVE-1999-1365	2004-09-01	n/a	Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
CVE-1999-1366	2001-09-12	n/a	Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
CVE-1999-1367	2001-09-12	n/a	Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
CVE-1999-1368	2001-09-12	n/a	AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
CVE-1999-1369	2001-09-12	n/a	Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
CVE-1999-1370	2001-09-12	n/a	The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.
CVE-1999-1371	2001-09-12	n/a	Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
CVE-1999-1372	2001-09-12	n/a	Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges.
CVE-1999-1373	2001-09-12	n/a	FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap.
CVE-1999-1374	2001-09-12	n/a	perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
CVE-1999-1375	2001-09-12	n/a	FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
CVE-1999-1376	2001-09-12	n/a	Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
CVE-1999-1377	2001-09-12	n/a	Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-1999-1378	2001-09-12	n/a	dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files.
CVE-1999-1379	2002-03-09	n/a	DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
CVE-1999-1380	2002-03-09	n/a	Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
CVE-1999-1381	2001-09-12	n/a	Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands.
CVE-1999-1382	2002-03-09	n/a	NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
CVE-1999-1383	2001-09-12	n/a	(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
CVE-1999-1384	2002-03-09	n/a	Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
CVE-1999-1385	2002-03-09	n/a	Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
CVE-1999-1386	2002-03-09	n/a	Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
CVE-1999-1387	2001-09-12	n/a	Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.
CVE-1999-1388	2001-09-12	n/a	passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
CVE-1999-1389	2001-09-12	n/a	US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.
CVE-1999-1390	2001-09-12	n/a	suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.
CVE-1999-1391	2001-09-12	n/a	Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
CVE-1999-1392	2001-09-12	n/a	Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.
CVE-1999-1393	2001-09-12	n/a	Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
CVE-1999-1394	2001-09-12	n/a	BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
CVE-1999-1395	2001-09-12	n/a	Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges.
CVE-1999-1396	2001-09-12	n/a	Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
CVE-1999-1397	2004-09-01	n/a	Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
CVE-1999-1398	2001-09-12	n/a	Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
CVE-1999-1399	2001-09-12	n/a	spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.
CVE-1999-1400	2001-09-12	n/a	The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
CVE-1999-1401	2001-09-12	n/a	Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook).
CVE-1999-1402	2002-03-09	n/a	The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
CVE-1999-1403	2001-09-12	n/a	IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
CVE-1999-1404	2001-09-12	n/a	IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
CVE-1999-1405	2001-09-12	n/a	snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
CVE-1999-1406	2001-09-12	n/a	dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
CVE-1999-1407	2002-03-09	n/a	ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
CVE-1999-1408	2001-09-12	n/a	Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
CVE-1999-1409	2002-03-09	n/a	The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
CVE-1999-1410	2001-09-12	n/a	addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
CVE-1999-1411	2002-03-09	n/a	The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
CVE-1999-1412	2001-09-12	n/a	A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
CVE-1999-1413	2001-09-12	n/a	Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.
CVE-1999-1414	2002-03-09	n/a	IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
CVE-1999-1415	2001-09-12	n/a	Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.
CVE-1999-1416	2001-09-12	n/a	AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length.
CVE-1999-1417	2001-09-12	n/a	Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged.
CVE-1999-1418	2001-09-12	n/a	ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").
CVE-1999-1419	2002-03-09	n/a	Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
CVE-1999-1420	2001-09-12	n/a	NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration.
CVE-1999-1421	2001-09-12	n/a	NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
CVE-1999-1422	2001-09-12	n/a	The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
CVE-1999-1423	2002-03-09	n/a	ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
CVE-1999-1424	2001-09-12	n/a	Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
CVE-1999-1425	2001-09-12	n/a	Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
CVE-1999-1426	2001-09-12	n/a	Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
CVE-1999-1427	2001-09-12	n/a	Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
CVE-1999-1428	2001-09-12	n/a	Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
CVE-1999-1429	2001-09-12	n/a	DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
CVE-1999-1430	2001-09-12	n/a	PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
CVE-1999-1431	2001-09-12	n/a	ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.
CVE-1999-1432	2002-03-09	n/a	Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
CVE-1999-1433	2002-03-09	n/a	HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
CVE-1999-1434	2001-09-12	n/a	login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.
CVE-1999-1435	2001-09-12	n/a	Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.
CVE-1999-1436	2001-09-12	n/a	Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter.
CVE-1999-1437	2002-03-09	n/a	ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.
CVE-1999-1438	2001-09-12	n/a	Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.
CVE-1999-1439	2001-09-12	n/a	gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
CVE-1999-1440	2001-09-12	n/a	Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.
CVE-1999-1441	2001-09-12	n/a	Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
CVE-1999-1442	2001-09-12	n/a	Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.
CVE-1999-1443	2001-09-12	n/a	Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using <CTRL><ALT><DEL> and kill the process using the task manager, (2) booting the system from a separate disk, or (3) interrupting certain processes that execute while the system is booting.
CVE-1999-1444	2001-09-12	n/a	genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.
CVE-1999-1445	2001-09-12	n/a	Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
CVE-1999-1446	2001-09-12	n/a	Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
CVE-1999-1447	2001-09-12	n/a	Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.
CVE-1999-1448	2001-09-12	n/a	Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault.
CVE-1999-1449	2001-09-12	n/a	SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
CVE-1999-1450	2001-09-12	n/a	Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
CVE-1999-1451	2001-09-12	n/a	The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVE-1999-1452	2002-03-09	n/a	GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
CVE-1999-1453	2001-09-12	n/a	Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
CVE-1999-1454	2001-09-12	n/a	Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
CVE-1999-1455	2002-03-09	n/a	RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
CVE-1999-1456	2002-03-09	n/a	thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
CVE-1999-1457	2001-09-12	n/a	Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function.
CVE-1999-1458	2001-09-12	n/a	Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.
CVE-1999-1459	2001-09-12	n/a	BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
CVE-1999-1460	2001-09-12	n/a	BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.
CVE-1999-1461	2001-09-12	n/a	inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.
CVE-1999-1462	2001-09-12	n/a	Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
CVE-1999-1463	2001-09-12	n/a	Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.
CVE-1999-1464	2001-09-12	n/a	Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
CVE-1999-1465	2001-09-12	n/a	Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862.
CVE-1999-1466	2001-09-12	n/a	Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
CVE-1999-1467	2001-09-12	n/a	Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.
CVE-1999-1468	2003-04-02	n/a	rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
CVE-1999-1469	2001-09-12	n/a	Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header.
CVE-1999-1470	2001-09-12	n/a	Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges.
CVE-1999-1471	2001-09-12	n/a	Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.
CVE-1999-1472	2002-03-09	n/a	Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
CVE-1999-1473	2002-03-09	n/a	When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
CVE-1999-1474	2001-09-12	n/a	PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
CVE-1999-1475	2001-09-12	n/a	ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
CVE-1999-1476	2002-03-09	n/a	A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
CVE-1999-1477	2001-09-12	n/a	Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
CVE-1999-1478	2002-03-09	n/a	The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVE-1999-1479	2001-09-12	n/a	The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-1999-1480	2001-09-12	n/a	(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
CVE-1999-1481	2002-03-09	n/a	Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
CVE-1999-1482	2001-09-12	n/a	SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes.
CVE-1999-1483	2001-09-12	n/a	Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
CVE-1999-1484	2001-09-12	n/a	Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
CVE-1999-1485	2001-09-12	n/a	nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
CVE-1999-1486	2004-09-01	n/a	sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
CVE-1999-1487	2001-09-12	n/a	Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
CVE-1999-1488	2002-03-09	n/a	sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.
CVE-1999-1489	2001-09-12	n/a	Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.
CVE-1999-1490	2003-04-02	n/a	xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.
CVE-1999-1491	2001-09-12	n/a	abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
CVE-1999-1492	2001-09-12	n/a	Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges.
CVE-1999-1493	2001-09-12	n/a	Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().
CVE-1999-1494	2002-03-09	n/a	colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
CVE-1999-1495	2001-09-12	n/a	xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
CVE-1999-1496	2001-09-12	n/a	Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
CVE-1999-1497	2001-09-12	n/a	Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
CVE-1999-1498	2001-09-12	n/a	Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file.
CVE-1999-1499	2001-09-12	n/a	named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
CVE-1999-1500	2001-09-12	n/a	Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments.
CVE-1999-1501	2001-09-12	n/a	(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.
CVE-1999-1502	2001-09-12	n/a	Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
CVE-1999-1503	2001-09-12	n/a	Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to cause a denial of service in nfrd (crash) via a TCP packet with a null header and data field.
CVE-1999-1504	2001-09-12	n/a	Stalker Internet Mail Server 1.6 allows a remote attacker to cause a denial of service (crash) via a long HELO command.
CVE-1999-1505	2001-09-12	n/a	Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.
CVE-1999-1506	2001-09-12	n/a	Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.
CVE-1999-1507	2002-03-09	n/a	Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
CVE-1999-1508	2001-09-12	n/a	Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.
CVE-1999-1509	2001-09-12	n/a	Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL.
CVE-1999-1510	2001-09-12	n/a	Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands.
CVE-1999-1511	2001-09-12	n/a	Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of service (crash) and possibly execute arbitrary commands via (1) a long PASS command in the POP3 service, (2) a long HELO command in the SMTP service, or (3) a long user name in the Control Service.
CVE-1999-1512	2002-03-09	n/a	The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
CVE-1999-1513	2001-09-12	n/a	Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
CVE-1999-1514	2001-09-12	n/a	Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
CVE-1999-1515	2001-09-12	n/a	A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds.
CVE-1999-1516	2001-09-12	n/a	A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string.
CVE-1999-1517	2001-09-12	n/a	runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
CVE-1999-1518	2001-09-12	n/a	Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
CVE-1999-1519	2001-09-12	n/a	Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of service (resource exhaustion) via a long (1) user name or (2) password.
CVE-1999-1520	2004-09-01	n/a	A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
CVE-1999-1521	2001-09-12	n/a	Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server.
CVE-1999-1522	2001-09-12	n/a	Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
CVE-1999-1523	2001-09-12	n/a	Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
CVE-1999-1524	2001-09-12	n/a	FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port.
CVE-1999-1525	2001-09-12	n/a	Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie.
CVE-1999-1526	2001-09-12	n/a	Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
CVE-1999-1527	2001-09-12	n/a	Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.
CVE-1999-1528	2001-09-12	n/a	ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session.
CVE-1999-1529	2001-09-12	n/a	A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.
CVE-1999-1530	2002-03-09	n/a	cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
CVE-1999-1531	2002-03-09	n/a	Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.
CVE-1999-1532	2001-09-12	n/a	Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
CVE-1999-1533	2001-09-12	n/a	Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service.
CVE-1999-1534	2001-09-12	n/a	Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable.
CVE-1999-1535	2002-03-09	n/a	Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.
CVE-1999-1536	2001-09-12	n/a	.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file.
CVE-1999-1537	2004-09-01	n/a	IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
CVE-1999-1538	2001-09-12	n/a	When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-1999-1539	2001-09-12	n/a	Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password.
CVE-1999-1540	2001-09-12	n/a	shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
CVE-1999-1541	2001-09-12	n/a	shell-lock in Cactus Software Shell Lock allows local users to read or modify decoded shell files before they are executed, via a symlink attack on a temporary file.
CVE-1999-1542	2002-03-09	n/a	RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.
CVE-1999-1543	2001-09-12	n/a	MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
CVE-1999-1544	2001-09-12	n/a	Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
CVE-1999-1545	2001-09-12	n/a	Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
CVE-1999-1546	2001-09-12	n/a	netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
CVE-1999-1547	2001-09-12	n/a	Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
CVE-1999-1548	2001-09-12	n/a	Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.
CVE-1999-1549	2001-09-12	n/a	Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
CVE-1999-1550	2002-03-09	n/a	bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.
CVE-1999-1551	2001-09-12	n/a	Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
CVE-1999-1552	2001-09-12	n/a	dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.
CVE-1999-1553	2001-09-12	n/a	Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote attackers to execute arbitrary commands via a long subject line.
CVE-1999-1554	2001-09-12	n/a	/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
CVE-1999-1555	2001-09-12	n/a	Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with "EVERYONE FULL CONTROL" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll.
CVE-1999-1556	2004-09-01	n/a	Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
CVE-1999-1557	2001-09-12	n/a	Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
CVE-1999-1558	2001-09-12	n/a	Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
CVE-1999-1559	2001-09-12	n/a	Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
CVE-1999-1560	2001-09-12	n/a	Vulnerability in a script in Texas A&M University (TAMU) Tiger allows local users to execute arbitrary commands as the Tiger user, usually root.
CVE-1999-1561	2001-09-12	n/a	Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
CVE-1999-1562	2001-09-12	n/a	gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file.
CVE-1999-1563	2001-09-12	n/a	Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.
CVE-1999-1564	2001-09-12	n/a	FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
CVE-1999-1565	2002-03-09	n/a	Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-1999-1566	2001-09-12	n/a	Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.
CVE-1999-1567	2001-09-12	n/a	Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data.
CVE-1999-1568	2004-09-01	n/a	Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
CVE-1999-1569	2002-08-31	n/a	Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
CVE-1999-1570	2002-08-31	n/a	Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
CVE-1999-1571	2002-10-15	n/a	Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570.
CVE-1999-1572	2005-01-29	n/a	cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
CVE-1999-1573	2005-04-21	n/a	Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
CVE-1999-1574	2005-04-21	n/a	Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
CVE-1999-1575	2005-04-21	n/a	The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
CVE-1999-1576	2005-04-21	n/a	Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.
CVE-1999-1577	2005-04-21	n/a	Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
CVE-1999-1578	2005-04-21	n/a	Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
CVE-1999-1579	2005-04-21	n/a	The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
CVE-1999-1580	2005-04-21	n/a	SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
CVE-1999-1581	2005-04-21	n/a	Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
CVE-1999-1582	2005-04-21	n/a	By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
CVE-1999-1583	2005-04-21	n/a	Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.
CVE-1999-1584	2005-08-30	n/a	Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
CVE-1999-1585	2005-08-30	n/a	The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
CVE-1999-1586	2005-08-30	n/a	loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
CVE-1999-1587	2006-03-28	n/a	/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
CVE-1999-1588	2006-04-21	n/a	Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
CVE-1999-1589	2006-06-15	n/a	Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
CVE-1999-1590	2006-12-03	n/a	Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
CVE-1999-1591	2007-07-05	n/a	Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVE-1999-1592	2007-07-12	n/a	Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact.  NOTE: this might overlap CVE-1999-0129.
CVE-1999-1593	2009-01-14	n/a	Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server.  NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.