Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-04-21 | CVE-1999-0490 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/5.0 MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | 7.5 |
| 1999-04-21 | CVE-1999-0488 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/4.0.1/5.0 Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | 7.5 |
| 1999-04-21 | CVE-1999-0466 | Unspecified vulnerability in Netbsd The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. | 7.2 |
| 1999-04-15 | CVE-1999-1244 | Unspecified vulnerability in Darren Reed Ipfilter IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file. | 7.2 |
| 1999-04-09 | CVE-1999-0287 | Unspecified vulnerability in Webcom CGI Guestbook Vulnerability in the Wguest CGI program. | 7.5 |
| 1999-04-05 | CVE-1999-0439 | Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. | 7.5 |
| 1999-03-30 | CVE-1999-0434 | XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | 7.5 |
| 1999-03-23 | CVE-1999-1397 | Remote Registry vulnerability in Microsoft Index Server 2.0 Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | 7.5 |
| 1999-03-23 | CVE-1999-1370 | Unspecified vulnerability in Microsoft Internet Explorer 5.0 The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | 7.2 |
| 1999-03-22 | CVE-1999-0428 | Remote Security vulnerability in SSLeay OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. | 7.5 |