TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
CVE-1999-0497
Anonymous FTP is enabled.
CVE-1999-0496
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
CVE-1999-0495
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
CVE-1999-0494
Denial of service in WinGate proxy through a buffer overflow in POP3.
CVE-1999-0493
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
CVE-1999-0492
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
CVE-1999-0491
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-1999-0490
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
CVE-1999-0489
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.