CVE-1999-0819

Windows NT/2000 - Unauthenticated VRFY Command Enabled

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0819. PoCs published by Aviram Jenik.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in DeskPro version 1.1.0 and prior, affecting parameters like 'cat', 'article', and 'ticketid' in faq.php and view.php. It includes example URLs demonstrating the injection points but lacks executable exploit code.

Description

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aviram Jenik · textwebappsphp

https://www.exploit-db.com/exploits/23264

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in DeskPro version 1.1.0 and prior, affecting parameters like 'cat', 'article', and 'ticketid' in faq.php and view.php. It includes example URLs demonstrating the injection points but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DeskPro v1.1.0 and prior

No auth needed

Prerequisites: Access to the vulnerable DeskPro application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=94398141118586&w=2

Scores

EPSS 0.1605

EPSS Percentile 96.5%

Details

Status published

Products (2)

microsoft/windows_2000

microsoft/windows_nt 4.0

Published Dec 01, 1999

Tracked Since Feb 18, 2026