| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-1999-0123 |
|
|
|
1995-12-01 |
2008-09-05 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in Linux mailx command allows local users to read user files. |
|
2 |
CVE-1999-0141 |
|
|
Exec Code |
1996-03-29 |
2008-09-09 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. |
|
3 |
CVE-1999-0401 |
|
|
|
1999-01-01 |
2008-09-09 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
|
4 |
CVE-1999-0703 |
|
|
|
1999-08-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
|
5 |
CVE-1999-0825 |
|
|
|
1999-12-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail. |
|
6 |
CVE-1999-0828 |
|
|
|
1999-12-02 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission. |
|
7 |
CVE-1999-0850 |
|
|
|
1999-12-02 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The default permissions for Endymion MailMan allow local users to read email or modify files. |
|
8 |
CVE-1999-0885 |
|
|
Exec Code |
1999-11-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. |
|
9 |
CVE-1999-1224 |
|
|
|
1997-10-08 |
2017-12-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. |
|
10 |
CVE-1999-1300 |
|
|
|
1999-12-31 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration. |
|
11 |
CVE-1999-1366 |
|
|
|
1999-05-15 |
2016-10-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. |
|
12 |
CVE-1999-1498 |
|
|
|
1998-04-06 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file. |
|
13 |
CVE-1999-1530 |
|
|
|
1999-11-08 |
2016-10-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. |
|
14 |
CVE-1999-1590 |
|
|
Dir. Trav. |
1999-12-31 |
2008-09-05 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021. |
|
15 |
CVE-2000-0090 |
|
|
DoS |
2000-01-17 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
|
16 |
CVE-2000-0121 |
|
|
|
2000-02-01 |
2018-10-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. |
|
17 |
CVE-2000-0270 |
|
|
|
2000-04-18 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |
|
18 |
CVE-2000-0379 |
|
|
|
2000-05-16 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. |
|
19 |
CVE-2000-0409 |
|
|
|
2000-05-10 |
2008-09-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. |
|
20 |
CVE-2000-0472 |
|
|
Exec Code Overflow |
2000-02-06 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. |
|
21 |
CVE-2000-0487 |
|
|
|
2000-06-01 |
2018-10-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. |
|
22 |
CVE-2000-0578 |
|
|
|
2000-06-21 |
2008-09-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. |
|
23 |
CVE-2000-0579 |
|
|
|
2000-06-21 |
2008-09-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. |
|
24 |
CVE-2000-0667 |
|
|
DoS |
2000-07-27 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. |
|
25 |
CVE-2000-0799 |
|
|
+Priv |
2000-10-20 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file. |
|
26 |
CVE-2000-0802 |
|
|
|
2000-10-20 |
2016-10-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR. |
|
27 |
CVE-2000-0880 |
|
|
|
2000-11-14 |
2017-12-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. |
|
28 |
CVE-2000-1096 |
|
|
Exec Code |
2001-01-09 |
2018-05-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. |
|
29 |
CVE-2000-1127 |
|
|
|
2001-01-09 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. |
|
30 |
CVE-2000-1156 |
|
|
|
2001-01-09 |
2017-12-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. |
|
31 |
CVE-2000-1162 |
|
|
|
2001-01-09 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. |
|
32 |
CVE-2000-1246 |
119 |
|
DoS Overflow |
2010-04-05 |
2010-04-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. |
|
33 |
CVE-2001-0131 |
59 |
|
|
2001-03-12 |
2020-10-09 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. |
|
34 |
CVE-2001-0259 |
|
|
|
2001-06-02 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. |
|
35 |
CVE-2001-0317 |
|
|
+Priv |
2001-05-03 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. |
|
36 |
CVE-2001-0430 |
|
|
|
2001-07-02 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. |
|
37 |
CVE-2001-0627 |
|
|
|
2001-08-22 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack. |
|
38 |
CVE-2001-0806 |
|
|
|
2001-12-06 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. |
|
39 |
CVE-2001-0946 |
|
|
DoS |
2001-12-04 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. |
|
40 |
CVE-2001-1059 |
|
|
|
2001-07-30 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. |
|
41 |
CVE-2001-1079 |
|
|
DoS |
2002-02-13 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. |
|
42 |
CVE-2001-1085 |
|
|
|
2001-07-05 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
43 |
CVE-2001-1258 |
|
|
|
2001-07-21 |
2011-03-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. |
|
44 |
CVE-2001-1322 |
|
|
|
2001-07-10 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. |
|
45 |
CVE-2001-1349 |
|
|
DoS +Priv |
2001-05-28 |
2008-09-05 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. |
|
46 |
CVE-2001-1395 |
|
|
|
2001-04-17 |
2016-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. |
|
47 |
CVE-2001-1396 |
|
|
|
2001-04-17 |
2016-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. |
|
48 |
CVE-2001-1409 |
|
|
|
2003-07-24 |
2010-05-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. |
|
49 |
CVE-2001-1519 |
|
|
|
2001-12-31 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. |
|
50 |
CVE-2002-0044 |
|
|
|
2002-01-31 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. |
