CVE Database - 1999

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.