Unknown · CVSS Not scored
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.
Published Sep 29, 1999 · Updated Mar 8, 2026
Medium · CVSS 5.4
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
Published Sep 29, 1999 · Updated Oct 20, 2025
Low · CVSS 3.5
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
Published Sep 29, 1999 · Updated Aug 27, 2025
High · CVSS 8.2
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
Published Sep 29, 1999 · Updated Aug 25, 2025
High · CVSS 7
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
Published Sep 29, 1999 · Updated Apr 9, 2025
Medium · CVSS 5.4
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
Published Sep 29, 1999 · Updated Apr 9, 2025
Unknown · CVSS Not scored
A DNS server allows zone transfers.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
An SNMP community name is the default (e.g. public), null, or missing.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
An SNMP community name is guessable.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.
Published Sep 29, 1999 · Updated Mar 17, 2025
Unknown · CVSS Not scored
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
Published Feb 4, 2000 · Updated Mar 17, 2025
Unknown · CVSS Not scored
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
Published Sep 29, 1999 · Updated Mar 17, 2025
Unknown · CVSS Not scored
Land IP denial of service.
Published Sep 29, 1999 · Updated Mar 17, 2025
High · CVSS 7.5
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
Published Sep 1, 2004 · Updated Jan 16, 2025
Critical · CVSS 9.8
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
Published Sep 29, 1999 · Updated Oct 29, 2024
High · CVSS 7.8
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
Published Sep 29, 1999 · Updated Oct 29, 2024
High · CVSS 8.4
root privileges via buffer overflow in ordist command on SGI IRIX systems.
Published Sep 29, 1999 · Updated Oct 29, 2024
High · CVSS 8.4
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
Published Sep 29, 1999 · Updated Oct 29, 2024
Unknown · CVSS Not scored
Buffer overflow in NLS (Natural Language Service).
Published Sep 29, 1999 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
Published Jun 15, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
Published Aug 30, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
Published Jan 15, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
Published Jul 5, 2007 · Updated Sep 16, 2024
Critical · CVSS 9.8
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
Published Apr 21, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
Published Dec 3, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
Published Jul 12, 2007 · Updated Sep 16, 2024
High · CVSS 8.4
Buffer overflow in xlock program allows local users to execute commands as root.
Published Sep 29, 1999 · Updated Sep 12, 2024
High · CVSS 7.3
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
Published Sep 29, 1999 · Updated Sep 12, 2024
Critical · CVSS 9.8
AnyForm CGI remote execution.
Published Sep 29, 1999 · Updated Aug 1, 2024
High · CVSS 8.4
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
Published Sep 29, 1999 · Updated Aug 1, 2024
High · CVSS 7.3
IRIX fam service allows an attacker to obtain a list of all files on the server.
Published Sep 29, 1999 · Updated Aug 1, 2024
High · CVSS 7.5
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
Published Sep 29, 1999 · Updated Aug 1, 2024
Critical · CVSS 9.8
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
Published Sep 29, 1999 · Updated Aug 1, 2024
High · CVSS 8.4
Solaris ufsrestore buffer overflow.
Published Sep 29, 1999 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.
Published Sep 12, 2001 · Updated Aug 1, 2024
High · CVSS 8.4
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
Published Sep 29, 1999 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of service (resource exhaustion) via a long (1) user name or (2) password.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
Published Mar 29, 2006 · Updated Aug 1, 2024