Launchpad.net

Launchpad CVE tracker

Search CVEs
274351274405 of 324655 results
CVE-1999-1415 (Candidate)
Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.
Created and modified .

CVE-1999-1412 (Candidate)
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
Created and modified .

CVE-1999-1404 (Candidate)
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
Created and modified .

CVE-1999-1403 (Candidate)
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
Created and modified .

CVE-1999-1396 (Candidate)
Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
Created and modified .

CVE-1999-1393 (Candidate)
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
Created and modified .

CVE-1999-1392 (Candidate)
Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.
Created and modified .

CVE-1999-1391 (Candidate)
Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
Created and modified .

CVE-1999-1390 (Candidate)
suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.
Created and modified .

CVE-1999-1388 (Candidate)
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
Created and modified .

CVE-1999-1377 (Candidate)
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
Created and modified .

CVE-1999-1367 (Candidate)
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
Created and modified .

CVE-1999-1364 (Candidate)
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
Created and modified .

CVE-1999-1319 (Candidate)
Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.
Created and modified .

CVE-1999-1315 (Candidate)
Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service.
Created and modified .

CVE-1999-1314 (Candidate)
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
Created and modified .

CVE-1999-1311 (Candidate)
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
Created and modified .

CVE-1999-1308 (Candidate)
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.
Created and modified .

CVE-1999-1307 (Candidate)
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
Created and modified .

CVE-1999-1306 (Candidate)
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
Created and modified .

CVE-1999-1305 (Candidate)
Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.
Created and modified .

CVE-1999-1304 (Candidate)
Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.
Created and modified .

CVE-1999-1303 (Candidate)
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.
Created and modified .

CVE-1999-1300 (Candidate)
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.
Created and modified .

CVE-1999-1196 (Candidate)
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
Created and modified .

CVE-1999-1190 (Candidate)
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
Created and modified .

CVE-1999-1180 (Candidate)
O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat.
Created and modified .

CVE-1999-1179 (Candidate)
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.
Created and modified .

CVE-1999-1174 (Candidate)
ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
Created and modified .

CVE-1999-1172 (Candidate)
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
Created and modified .

CVE-1999-1169 (Candidate)
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
Created and modified .

CVE-1999-1168 (Candidate)
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
Created and modified .

CVE-1999-1166 (Candidate)
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
Created and modified .

CVE-1999-1134 (Candidate)
Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.
Created and modified .

CVE-1999-1128 (Candidate)
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
Created and modified .

CVE-1999-1124 (Candidate)
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
Created and modified .

CVE-1999-1110 (Candidate)
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
Created and modified .

CVE-1999-1101 (Candidate)
Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges.
Created and modified .

CVE-1999-1070 (Candidate)
Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.
Created and modified .

CVE-1999-1053 (Candidate)
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Created and modified .

CVE-1999-1051 (Candidate)
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
Created and modified .

CVE-1999-1042 (Candidate)
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
Created and modified .

CVE-1999-1039 (Candidate)
Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise.
Created and modified .

CVE-1999-1012 (Candidate)
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
Created and modified .

CVE-1999-0926 (Candidate)
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
Created and modified .

CVE-1999-0792 (Candidate)
ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration.
Created and modified .

CVE-1999-0784 (Candidate)
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
Created and modified .

CVE-1999-0673 (Candidate)
Buffer overflow in ALMail32 POP3 client via From: or To: headers.
Created and modified .

CVE-1999-0298 (Candidate)
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
Created and modified .

CVE-1999-0187 (Candidate)
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Created and modified .

CVE-1999-0110 (Candidate)
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Created and modified .

CVE-1999-0088 (Candidate)
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
Created and modified .

CVE-1999-0020 (Candidate)
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Created and modified .

CVE-2001-1266 (Entry)
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
Created and modified .

CVE-1999-0248 (Entry)
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
Created and modified .

274351274405 of 324655 results
Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.