Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2000-04-23 CVE-2000-0338 Improper Locking vulnerability in Concurrent Versions Software Project Concurrent Versions Software
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
5.5
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-04-12 CVE-2000-0258 Improper Input Validation vulnerability in Microsoft products
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
network
low complexity
microsoft CWE-20
7.5
1999-12-31 CVE-1999-1386 Link Following vulnerability in Perl
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
local
low complexity
perl CWE-59
5.5
1999-12-31 CVE-1999-1324 Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
network
low complexity
hp CWE-307
critical
9.8
1999-12-31 CVE-1999-1127 Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
network
low complexity
microsoft CWE-772
7.5
1999-11-16 CVE-1999-1549 Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
local
low complexity
lynx-project CWE-346
7.8
1999-03-01 CVE-1999-0426 Incorrect Default Permissions vulnerability in Suse Linux 6.0
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
network
low complexity
suse CWE-276
critical
9.8
1999-01-01 CVE-1999-1568 Off-by-one Error vulnerability in Ncftp Ncftpd Server
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
network
low complexity
ncftp CWE-193
7.5
1998-06-16 CVE-1999-0783 Link Following vulnerability in Freebsd 2.2
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
local
low complexity
freebsd CWE-59
5.5