L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.
CVE-1999-0457
Linux ftpwatch program allows local users to gain root privileges.
CVE-1999-0455
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
CVE-1999-0454
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
CVE-1999-0453
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP).
CVE-1999-0452
A service or application has a backdoor password that was placed there by the developer.
CVE-1999-0451
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVE-1999-0449
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
CVE-1999-0448
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.