| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-1999-1549 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 1999 | Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | |
| CVE-1999-0468 | Hig | 0.53 | 8.2 | 0.02 | Apr 9, 1999 | Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |
| CVE-1999-1568 | Hig | 0.49 | 7.5 | 0.02 | Jan 1, 1999 | Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | |
| CVE-1999-0052 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 1998 | IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | |
| CVE-1999-1152 | Hig | 0.49 | 7.5 | 0.01 | Jun 3, 1998 | Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | |
| CVE-1999-0069 | Hig | 0.58 | 8.4 | 0.01 | Apr 29, 1998 | Solaris ufsrestore buffer overflow. | |
| CVE-1999-0012 | Hig | 0.46 | 7.0 | 0.01 | Feb 6, 1998 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |
| CVE-1999-0013 | Hig | 0.55 | 8.4 | 0.01 | Jan 22, 1998 | Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | |
| CVE-1999-0239 | Hig | 0.52 | 7.5 | 0.04 | Jan 1, 1998 | Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | |
| CVE-1999-0029 | Hig | 0.58 | 8.4 | 0.00 | Jul 16, 1997 | root privileges via buffer overflow in ordist command on SGI IRIX systems. | |
| CVE-1999-0059 | Hig | 0.48 | 7.3 | 0.01 | Jul 14, 1997 | IRIX fam service allows an attacker to obtain a list of all files on the server. | |
| CVE-1999-0036 | Hig | 0.58 | 8.4 | 0.01 | May 26, 1997 | IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | |
| CVE-1999-0039 | Hig | 0.52 | 7.3 | 0.21 | May 6, 1997 | webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. | |
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.00 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | |
| CVE-1999-0236 | Hig | 0.53 | 7.5 | 0.14 | Jan 1, 1997 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.00 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |
| CVE-1999-0084 | Hig | 0.55 | 8.4 | 0.00 | May 1, 1990 | Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. |
- risk 0.51cvss 7.8epss 0.00
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
- risk 0.53cvss 8.2epss 0.02
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
- risk 0.49cvss 7.5epss 0.02
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
- risk 0.49cvss 7.5epss 0.01
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
- risk 0.49cvss 7.5epss 0.01
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.
- risk 0.58cvss 8.4epss 0.01
Solaris ufsrestore buffer overflow.
- risk 0.46cvss 7.0epss 0.01
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
- risk 0.55cvss 8.4epss 0.01
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
- risk 0.52cvss 7.5epss 0.04
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
- risk 0.58cvss 8.4epss 0.00
root privileges via buffer overflow in ordist command on SGI IRIX systems.
- risk 0.48cvss 7.3epss 0.01
IRIX fam service allows an attacker to obtain a list of all files on the server.
- risk 0.58cvss 8.4epss 0.01
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
- risk 0.52cvss 7.3epss 0.21
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
- risk 0.58cvss 8.4epss 0.00
Buffer overflow in xlock program allows local users to execute commands as root.
- risk 0.53cvss 7.5epss 0.14
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
- risk 0.51cvss 7.8epss 0.00
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.55cvss 8.4epss 0.00
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.