Lista CVE - 2000 / Febbraio
Visualizzazione 101 - 200 di 377 CVE per Febbraio 2000 (Pagina 2 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-1999-0452 | 2000-02-04 | A service or application has a backdoor password that was placed there by the developer. |
| CVE-1999-0453 | 2000-02-04 | An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). |
| CVE-1999-0454 | 2000-02-04 | A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or... |
| CVE-1999-0455 | 2000-02-04 | The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
| CVE-1999-0459 | 2000-02-04 | Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot. |
| CVE-1999-0460 | 2000-02-04 | Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. |
| CVE-1999-0461 | 2000-02-04 | Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. |
| CVE-1999-0462 | 2000-02-04 | suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file... |
| CVE-1999-0465 | 2000-02-04 | Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. |
| CVE-1999-0467 | 2000-02-04 | The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. |
| CVE-1999-0469 | 2000-02-04 | Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. |
| CVE-1999-0476 | 2000-02-04 | A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. |
| CVE-1999-0477 | 2000-02-04 | The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
| CVE-1999-0480 | 2000-02-04 | Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. |
| CVE-1999-0486 | 2000-02-04 | Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. |
| CVE-1999-0488 | 2000-02-04 | Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. |
| CVE-1999-0489 | 2000-02-04 | MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| CVE-1999-0490 | 2000-02-04 | MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. |
| CVE-1999-0492 | 2000-02-04 | The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. |
| CVE-1999-0495 | 2000-02-04 | A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. |
| CVE-1999-0497 | 2000-02-04 | Anonymous FTP is enabled. |
| CVE-1999-0498 | 2000-02-04 | TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. |
| CVE-1999-0499 | 2000-02-04 | NETBIOS share information may be published through SNMP registry keys in NT. |
| CVE-1999-0501 | 2000-02-04 | A Unix account has a guessable password. |
| CVE-1999-0502 | 2000-02-04 | A Unix account has a default, null, blank, or missing password. |
| CVE-1999-0503 | 2000-02-04 | A Windows NT local user or administrator account has a guessable password. |
| CVE-1999-0504 | 2000-02-04 | A Windows NT local user or administrator account has a default, null, blank, or missing password. |
| CVE-1999-0505 | 2000-02-04 | A Windows NT domain user or administrator account has a guessable password. |
| CVE-1999-0506 | 2000-02-04 | A Windows NT domain user or administrator account has a default, null, blank, or missing password. |
| CVE-1999-0507 | 2000-02-04 | An account on a router, firewall, or other network device has a guessable password. |
| CVE-1999-0508 | 2000-02-04 | An account on a router, firewall, or other network device has a default, null, blank, or missing password. |
| CVE-1999-0509 | 2000-02-04 | Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
| CVE-1999-0510 | 2000-02-04 | A router or firewall allows source routed packets from arbitrary hosts. |
| CVE-1999-0511 | 2000-02-04 | IP forwarding is enabled on a machine which is not a router or firewall. |
| CVE-1999-0512 | 2000-02-04 | A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. |
| CVE-1999-0515 | 2000-02-04 | An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |
| CVE-1999-0518 | 2000-02-04 | A NETBIOS/SMB share password is guessable. |
| CVE-1999-0519 | 2000-02-04 | A NETBIOS/SMB share password is the default, null, or missing. |
| CVE-1999-0520 | 2000-02-04 | A system-critical NETBIOS/SMB share has inappropriate access control. |
| CVE-1999-0521 | 2000-02-04 | An NIS domain name is easily guessable. |
| CVE-1999-0522 | 2000-02-04 | The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate. |
| CVE-1999-0523 | 2000-02-04 | ICMP echo (ping) is allowed from arbitrary hosts. |
| CVE-1999-0525 | 2000-02-04 | IP traceroute is allowed from arbitrary hosts. |
| CVE-1999-0527 | 2000-02-04 | The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands... |
| CVE-1999-0528 | 2000-02-04 | A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. |
| CVE-1999-0529 | 2000-02-04 | A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. |
| CVE-1999-0530 | 2000-02-04 | A system is operating in "promiscuous" mode which allows it to perform packet sniffing. |
| CVE-1999-0533 | 2000-02-04 | A DNS server allows inverse queries. |
| CVE-1999-0534 | 2000-02-04 | A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security... |
| CVE-1999-0535 | 2000-02-04 | A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| CVE-1999-0537 | 2000-02-04 | A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| CVE-1999-0539 | 2000-02-04 | A trust relationship exists between two Unix hosts. |
| CVE-1999-0541 | 2000-02-04 | A password for accessing a WWW URL is guessable. |
| CVE-1999-0546 | 2000-02-04 | The Windows NT guest account is enabled. |
| CVE-1999-0547 | 2000-02-04 | An SSH server allows authentication through the .rhosts file. |
| CVE-1999-0548 | 2000-02-04 | A superfluous NFS server is running, but it is not importing or exporting any file systems. |
| CVE-1999-0549 | 2000-02-04 | Windows NT automatically logs in an administrator upon rebooting. |
| CVE-1999-0550 | 2000-02-04 | A router's routing tables can be obtained from arbitrary hosts. |
| CVE-1999-0554 | 2000-02-04 | NFS exports system-critical data to the world, e.g. / or a password file. |
| CVE-1999-0555 | 2000-02-04 | A Unix account with a name other than "root" has UID 0, i.e. root privileges. |
| CVE-1999-0556 | 2000-02-04 | Two or more Unix accounts have the same UID. |
| CVE-1999-0559 | 2000-02-04 | A system-critical Unix file or directory has inappropriate permissions. |
| CVE-1999-0560 | 2000-02-04 | A system-critical Windows NT file or directory has inappropriate permissions. |
| CVE-1999-0561 | 2000-02-04 | IIS has the #exec function enabled for Server Side Include (SSI) files. |
| CVE-1999-0562 | 2000-02-04 | The registry in Windows NT can be accessed remotely by users who are not administrators. |
| CVE-1999-0564 | 2000-02-04 | An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. |
| CVE-1999-0565 | 2000-02-04 | A Sendmail alias allows input to be piped to a program. |
| CVE-1999-0568 | 2000-02-04 | rpc.admind in Solaris is not running in a secure mode. |
| CVE-1999-0569 | 2000-02-04 | A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. |
| CVE-1999-0570 | 2000-02-04 | Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| CVE-1999-0571 | 2000-02-04 | A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. |
| CVE-1999-0572 | 2000-02-04 | .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. |
| CVE-1999-0575 | 2000-02-04 | A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and... |
| CVE-1999-0576 | 2000-02-04 | A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| CVE-1999-0577 | 2000-02-04 | A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| CVE-1999-0578 | 2000-02-04 | A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. |
| CVE-1999-0579 | 2000-02-04 | A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. |
| CVE-1999-0580 | 2000-02-04 | The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. |
| CVE-1999-0581 | 2000-02-04 | The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| CVE-1999-0582 | 2000-02-04 | A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| CVE-1999-0583 | 2000-02-04 | There is a one-way or two-way trust relationship between Windows NT domains. |
| CVE-1999-0584 | 2000-02-04 | A Windows NT file system is not NTFS. |
| CVE-1999-0585 | 2000-02-04 | A Windows NT administrator account has the default name of Administrator. |
| CVE-1999-0586 | 2000-02-04 | A network service is running on a nonstandard port. |
| CVE-1999-0587 | 2000-02-04 | A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. |
| CVE-1999-0588 | 2000-02-04 | A filter in a router or firewall allows unusual fragmented packets. |
| CVE-1999-0589 | 2000-02-04 | A system-critical Windows NT registry key has inappropriate permissions. |
| CVE-1999-0590 | 2000-02-04 | A system does not present an appropriate legal message or warning to a user who is accessing it. |
| CVE-1999-0591 | 2000-02-04 | An event log in Windows NT has inappropriate access permissions. |
| CVE-1999-0592 | 2000-02-04 | The Logon box of a Windows NT system displays the name of the last user who logged in. |
| CVE-1999-0593 | 2000-02-04 | The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| CVE-1999-0594 | 2000-02-04 | A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. |
| CVE-1999-0595 | 2000-02-04 | A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. |
| CVE-1999-0596 | 2000-02-04 | A Windows NT log file has an inappropriate maximum size or retention period. |
| CVE-1999-0597 | 2000-02-04 | A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. |
| CVE-1999-0598 | 2000-02-04 | A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. |
| CVE-1999-0599 | 2000-02-04 | A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. |
| CVE-1999-0600 | 2000-02-04 | A network intrusion detection system (IDS) does not verify the checksum on a packet. |
| CVE-1999-0601 | 2000-02-04 | A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. |
| CVE-1999-0602 | 2000-02-04 | A network intrusion detection system (IDS) does not properly reassemble fragmented packets. |