|
|
Buffer overflow in NFS mountd gives root access to remote attackers,
mostly in Linux systems.
Reference: SGI:19981006-01-I
Execute commands as root via buffer overflow in Tooltalk database
server (rpc.ttdbserverd)
Reference: NAI:NAI-29
Arbitrary command execution via IMAP buffer overflow in authenticate
command.
Reference: CERT:CA-98.09.imapd
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows
remote attackers to gain root access using a long PASS command.
Reference: CERT:CA-98.08.qpopper_vul
Information from SSL-encrypted sessions via PKCS #1
Reference: CERT:CA-98.07.PKCS
Buffer overflow in NIS+, in Sun's rpc.nisd program
Reference: CERT:CA-98.06.nisd
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
Reference: SGI:19980603-01-PX
Denial of Service vulnerability in BIND 8 Releases via maliciously
formatted DNS messages.
Reference: CERT:CA-98.05.bind_problems
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases
via CNAME record and zone transfer.
Reference: CERT:CA-98.05.bind_problems
Some web servers under Microsoft Windows allow remote attackers
to bypass access restrictions for files with long file names.
Reference: CERT:CA-98.04.Win32.WebServers
Stolen credentials from SSH clients via ssh-agent program, allowing
other local users to access remote accounts belonging to the
ssh-agent user.
Reference: CERT:CA-98.03.ssh-agent
Unauthorized privileged access or denial of service via dtappgather
program in CDE.
Reference: HP:HPSBUX9801-075
Land IP denial of service
Reference: CERT:CA-97.28.Teardrop_Land
FTP servers can allow an attacker to connect to arbitrary ports on
machines other than the FTP client, aka FTP bounce.
Reference: CERT:CA-97.27.FTP_bounce
Buffer overflow in statd allows root privileges.
Reference: CERT:CA-97.26.statd
Delete or create a file via rpc.statd, due to invalid information.
Reference: CERT:CA-96.09.rpc.statd
Arbitrary command execution via buffer overflow in Count.cgi
(wwwcount) cgi-bin program.
Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
Local user gains root privileges via buffer overflow in rdist, via
expstr() function.
Reference: CERT:CA-97.23.rdist
Local user gains root privileges via buffer overflow in rdist, via
lookup() function.
Reference: CERT:CA-96.14.rdist_vul
DNS cache poisoning via BIND, by predictable query IDs.
Reference: CERT:CA-97.22.bind
root privileges via buffer overflow in df command on SGI IRIX
systems.
Reference: CERT:CA-97.21.sgi_buffer_overflow
root privileges via buffer overflow in pset command on SGI IRIX
systems.
Reference: CERT:CA-97.21.sgi_buffer_overflow
root privileges via buffer overflow in eject command on SGI IRIX
systems.
Reference: CERT:CA-97.21.sgi_buffer_overflow
root privileges via buffer overflow in login/scheme command on SGI
IRIX systems.
Reference: CERT:CA-97.21.sgi_buffer_overflow
root privileges via buffer overflow in ordist command on SGI IRIX
systems.
Reference: CERT:CA-97.21.sgi_buffer_overflow
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and
4.x, allows remote attackers to monitor a user's web activities, aka
the Bell Labs vulnerability.
Reference: CERT:CA-97.20.javascript
Buffer overflow in BSD-based lpr package allows local users to gain
root privileges.
Reference: CERT:CA-97.19.bsdlp
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x
Reference: CERT:CA-97.17.sperl
Race condition in signal handling routine in ftpd, allowing read/write
arbitrary files.
Reference: XF:ftp-ftpd
IRIX login program with a nonzero LOCKOUT parameter allows creation or
damage to files.
Reference: CERT:CA-97.15.sgi_login
Arbitrary command execution via metamail package using message
headers, when user processes attacker's message using metamail.
Reference: CERT:CA-97.14.metamail
Buffer overflow in xlock program allows local users to execute
commands as root.
Reference: CERT:CA-97.13.xlock
Arbitrary command execution using webdist CGI program in IRIX.
Reference: CERT:CA-97.12.webdist
Buffer overflow in Xt library of X Windowing System allows local
users to execute commands with root privileges.
Reference: CERT:CA-97.11.libXt
Buffer overflow in NLS (Natural Language Service)
Reference: CERT:CA-97.10.nls
Buffer overflow in University of Washington's implementation of
IMAP and POP servers.
Reference: NAI:NAI-21
Command execution via shell metachars in INN daemon (innd) 1.5
using "newgroup" and "rmgroup" control messages, and others.
Reference: CERT:CA-97.08.innd
fsdump command in IRIX allows local users to obtain root access
by modifying sensitive files.
Reference: SGI:19970301-01-P
List of arbitrary files on Web host via nph-test-cgi script
Reference: CERT:CA-97.07.nph-test-cgi_script
Buffer overflow of rlogin program using TERM environmental variable.
Reference: CERT:CA-97.06.rlogin-term
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
Reference: CERT:CA-97.05.sendmail
Talkd, when given corrupt DNS information, can be used to execute
arbitrary commands with root privileges.
Reference: CERT:CA-97.04.talkd
Csetup under IRIX allows arbitrary file creation or overwriting.
Reference: XF:sgi-csetup
Buffer overflow in HP-UX newgrp program
Reference: CERT:CA-97.02.hp_newgrp
Arbitrary file creation and program execution using FLEXlm
LicenseManager, from versions 4.0 to 5.0, in IRIX.
Reference: XF:sgi-licensemanager
IP fragmentation denial of service in FreeBSD allows a remote attacker
to cause a crash.
Reference: FREEBSD:FreeBSD-SA-98:08
TCP RST denial of service in FreeBSD
Reference: FREEBSD:FreeBSD-SA-98:07
Sun's ftpd daemon can be subjected to a denial of service.
Reference: SUN:00171
Buffer overflows in Sun libnsl allow root access.
Reference: SUN:00172
Buffer overflow in Sun's ping program can give root access to local users.
Reference: SUN:00174
Vacation program allows command execution by remote users through
a sendmail command.
Reference: NAI:NAI-19
Buffer overflow in PHP cgi program, php.cgi allows shell access.
Reference: NAI:NAI-12
IRIX fam service allows an attacker to obtain a list of all files
on the server.
Reference: NAI:NAI-16
Attackers can cause a denial of service in Ascend MAX and Pipeline
routers with a malformed packet to the discard port, which is used by
the Java Configurator tool.
Reference: NAI:NAI-26
The chpass command in OpenBSD allows a local user to gain root access
through file descriptor leakage.
Reference: XF:openbsd-chpass
Cisco IOS 12.0 and other versions can be crashed by malicious UDP
packets to the syslog port.
Reference: AUSCERT:ESB-98.197
Buffer overflow in AIX lquerylv program gives root access to local users.
Reference: BUGTRAQ:May28,1997
Multiple buffer overflows in how dtmail handles attachments allows a
remote attacker to execute commands.
Reference: SUN:00181
AnyForm CGI remote execution
Reference: BUGTRAQ:Jul31,1995
CGI phf program allows remote command execution through shell
metacharacters.
Reference: CERT:CA-96.06.cgi_example_code
CGI PHP mylog script allows an attacker to read any file on the
target server.
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Solaris ufsrestore buffer overflow.
Reference: SUN:00169
test-cgi program allows an attacker to list files on the server
Reference: XF:http-cgi-test
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
Reference: XF:http-apache-cookie
Buffer overflow in AIX xdat gives root access to local users.
Reference: ERS:ERS-SVA-E01-1997:004.1
Telnet allows a remote client to specify environment variables including
LD_LIBRARY_PATH, allowing an attacker to bypass the normal system
libraries and gain root access.
Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability
Listening TCP ports are sequentially allocated, allowing spoofing
attacks.
Reference: XF:seqport
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV
command after specifying a username and password.
Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd
Predictable TCP sequence numbers allow spoofing.
Reference: XF:tcp-seq-predict
Remote attackers can cause a denial of service in FTP by issuing
multiple PASV commands, causing the server to run out of available
ports.
Reference: XF:ftp-pasv-dos
wu-ftp FTP server allows root access via "site exec" command.
Reference: CERT:CA-95:16.wu-ftpd.vul
wu-ftp allows files to be overwritten via the rnfr command.
Reference: XF:ftp-rnfr
CWD ~root command in ftpd allows root access.
Reference: XF:ftp-cwd
getcwd() file descriptor leak in FTP
Reference: XF:cwdleak
NFS mknod bug
Reference: XF:nfs-mknod
rwhod buffer overflow in AIX
Reference: BUGTRAQ:Aug21,1996
Denial of service in AIX telnet can freeze a system and prevent
users from accessing the server.
Reference: XF:ibm-telnetdos
Buffer overflow in AIX rcp command allows local users to obtain
root access.
Reference: ERS:ERS-SVA-E01-1997:005.1
Buffer overflow in AIX writesrv command allows local users to obtain
root access.
Reference: ERS:ERS-SVA-E01-1997:005.1
AIX nslookup command allows local users to obtain root access by not
dropping privileges correctly.
Reference: ERS:ERS-SVA-E01-1997:008.1
AIX piodmgrsu command allows local users to gain additional
group privileges.
Reference: ERS:ERS-SVA-E01-1997:007.1
The debug command in Sendmail is enabled, allowing attackers to
execute commands as root.
Reference: CERT:CA-88.01
Sendmail decode alias can be used to overwrite sensitive files
Reference: CERT:CA-93.16
The AIX FTP client can be forced to execute commands from a malicious
server through shell metacharacters (e.g. a pipe character).
Reference: ERS:ERS-SVA-E01-1997:009.1
Buffer overflow in syslog utility allows local or remote attackers to
gain root privileges.
Reference: CERT:CA-95.13.syslog.vul
Remote access in AIX innd 1.5.1, using control messages.
Reference: ERS:ERS-SVA-E01-1997:002.1
Buffer overflow in AIX and Solaris "gethostbyname" library call allows
root access through corrupt DNS host names.
Reference: ERS:ERS-SVA-E01-1997:001.1
Buffer overflow in SLmail 3.x allows attackers to execute commands
using a large FROM line.
Reference: XF:slmail-fromheader-overflow
Echo and chargen, or other combinations of UDP services, can be used
in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
Reference: CERT:CA-96.01.UDP_service_denial
The printers program in IRIX has a buffer overflow that gives root
access to local users.
Reference: BUGTRAQ:another day, another buffer overflow...
Buffer overflow in ffbconfig in Solaris 2.5.1
Reference: SUN:00140
RIP v1 is susceptible to spoofing.
Reference: XF:rip
Buffer overflow in AIX dtterm program for the CDE
Reference: BUGTRAQ:May20,1997
Some implementations of rlogin allow root access if given a
-froot parameter.
Reference: CERT:CA-94.09.bin.login.vulnerability
AIX bugfiler program allows local users to gain root access.
Reference: BUGTRAQ:19970909 AIX bugfiler
Denial of service when an attacker sends many SYN packets to create
multiple connections without ever sending an ACK to complete the
connection, aka SYN flood.
Reference: CERT:CA-96.21.tcp_syn.flooding
AIX passwd allows local users to gain root access.
Reference: XF:ibm-passwd
AIX infod allows local users to gain root access through an X display.
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Sun/Solaris utmp file allows local users to gain root access if it
is writable by users other than root.
Reference: SUN:00126
Buffer overflow in AIX lchangelv gives root access.
Reference: BUGTRAQ:Jul21,1999
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow
an intruder to read any files that can be accessed by the gopher
daemon.
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Buffer overflow in SGI IRIX mailx program.
Reference: XF:sgi-mailx-bo
SGI IRIX buffer overflow in xterm and Xaw allows root access.
Reference: CERT:VB-98.04.xterm.Xaw
Oversized ICMP ping packets can result in a denial of service,
aka Ping o' Death.
Reference: XF:ping-death
Sendmail allows local users to write to a file and gain group
permissions via a .forward or :include: file.
Reference: CERT:CA-96.25.sendmail_groups
Local users can start Sendmail in daemon mode and gain root privileges.
Reference: CERT:CA-96.24.sendmail.daemon.mode
Buffer overflow and denial of service in Sendmail 8.7.5 and
earlier through GECOS field gives root access to local users.
Reference: CERT:CA-96.20.sendmail_vul
Expreserve, used in vi and ex, allows local users to overwrite
arbitrary files and gain root access.
Reference: XF:expreserve
fm_fls license server for Adobe Framemaker allows local users to
overwrite arbitrary files and gain root access.
Reference: CERT:CA-96.18.fm_fls
vold in Solaris 2.x allows local users to gain root access.
Reference: XF:sol-voldtmp
admintool in Solaris allows a local user to write to arbitrary files
and gain root access.
Reference: XF:sun-admintool
Kodak Color Management System (KCMS) on Solaris allows a local user to
write to arbitrary files and gain root access.
Reference: XF:sol-KCMSvuln
The dip program on many Linux systems allows local users to gain root
access via a buffer overflow.
Reference: XF:linux-dipbo
The suidperl and sperl program do not give up root privileges when
changing UIDs back to the original users, allowing root access.
Reference: CERT:CA-96.12.suidperl_vul
Buffer overflow in Solaris x86 mkcookie allows local users to
obtain root access.
Reference: XF:sol-mkcookie
Java Bytecode Verifier allows malicious applets to execute
arbitrary commands as the user of the applet.
Reference: XF:http-java-applet
The Java Applet Security Manager implementation in Netscape Navigator
2.0 and Java Developer's Kit 1.0 allows an applet to connect to
arbitrary hosts.
Reference: CERT:CA-96.05.java_applet_security_mgr
Kerberos 4 key servers allow a user to masquerade as another by
breaking and generating session keys.
Reference: CERT:CA-96.03.kerberos_4_key_server
Sendmail WIZ command enabled, allowing root access.
Reference: CERT:CA-1990-11
The campas CGI program provided with some NCSA web servers allows an
attacker to read arbitrary files.
Reference: BUGTRAQ:Jul15,1997
The aglimpse CGI program of the Glimpse package allows remote
execution of arbitrary commands
Reference: XF:http-cgi-glimpse
The handler CGI program in IRIX allows arbitrary command execution.
Reference: SGI:19970501-02-PX
The wrap CGI program in IRIX allows remote attackers to view
arbitrary directory listings via a .. (dot dot) attack.
Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
The Perl fingerd program allows arbitrary command execution from
remote users.
Reference: XF:perl-fingerd
The SATAN session key may be disclosed if the user points the web
browser to other sites, possibly allowing root access.
Reference: CERT:CA-95.07a.REVISED.satan.vul
The DG/UX finger daemon allows remote command execution through shell
metacharacters.
Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability
Windows 95/NT out of band (OOB) data denial of service through NETBIOS
port, aka WinNuke.
Reference: XF:win-oob
The ghostscript command with the -dSAFER option allows remote
attackers to execute commands.
Reference: XF:gscript-dsafer
Cisco PIX firewall and CBAC IP fragmentation attack results in a
denial of service.
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to
connect to port 8080 on the PFM server and retrieve any file whose
name and location is known.
Reference: CISCO:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Attackers can crash a Cisco IOS router or device, provided they can
get to an interactive prompt (such as a login). This applies to some
IOS 9.x, 10.x, and 11.x releases.
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP
authentication to establish unauthorized PPP connections.
Reference: CISCO:http://www.cisco.com/warp/public/770/chapvuln-pub.shtml
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended
IP access control list could bypass filtering.
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
The "established" keyword in some Cisco IOS software allowed
an attacker to bypass filtering.
Reference: CISCO:http://www.cisco.com/warp/public/707/2.html
A race condition in the Solaris ps command allows an attacker to
overwrite critical files.
Reference: XF:sol-pstmprace
NFS allows users to use a "cd .." command to access other directories
besides the exported file system.
Reference: XF:nfs-cd
In SunOS, NFS file handles could be guessed, giving unauthorized
access to the exported file system.
Reference: XF:nfs-guess
The portmapper may act as a proxy and redirect service requests from
an attacker, making the request appear to come from the local host,
possibly bypassing authentication that would otherwise have taken
place. For example, NFS file systems could be mounted through the
portmapper despite export restrictions.
Reference: XF:nfs-portmap
Remote attackers can mount an NFS file system in Ultrix or OSF, even
if it is denied on the access list.
Reference: XF:nfs-ultrix
FormMail CGI program allows remote execution of commands.
Reference: XF:http-cgi-formmail-exe
FormMail CGI program can be used by web servers other than the
host server that the program resides on.
Reference: XF:http-cgi-formmail-use
The view-source CGI program allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Reference: BUGTRAQ:19970208 view-source
The convert.bas program in the Novell web server allows a remote
attackers to read any file on the system that is internally accessible
by the web server.
Reference: XF:http-nov-convert
The Webgais program allows a remote user to execute arbitrary
commands.
Reference: BUGTRAQ:Jul10,1997
The uploader program in the WebSite web server allows a remote
attacker to execute arbitrary programs.
Reference: XF:http-website-uploader
The win-c-sample program in the WebSite web server has a buffer
overflow that allows remote execution of commands.
Reference: XF:http-website-winsample
Windows NT crashes or locks up when a Samba client executes a "cd .."
command on a file share.
Reference: MSKB:Q140818
in.rshd allows users to login with a NULL username and execute commands.
Reference: XF:rsh-null
The wall daemon can be used for denial of service, social engineering
attacks, or to execute remote commands.
Reference: XF:walld
Samba has a buffer overflow which allows a remote attacker to obtain
root access by specifying a long password.
Reference: CIAC:H-110
Linux implementations of TFTP would allow access to files outside the
restricted directory.
Reference: XF:linux-tftp
When compiled with the -DALLOW_UPDATES option, bind allows dynamic
updates to the DNS server, allowing for malicious modification of DNS
records.
Reference: XF:dns-updates
In SunOS or Solaris, a remote user could connect from an FTP server's
data port to an rlogin server on a host that trusts the FTP server,
allowing remote command execution.
Reference: SUN:00156
The passwd command in Solaris can be subjected to a denial of service.
Reference: SUN:00182
Solaris rpcbind listens on a high numbered UDP port, which may not be
filtered since the standard port number is 111.
Reference: NAI:NAI-15
Solaris rpcbind can be exploited to overwrite arbitrary files and gain
root access.
Reference: SUN:00167
IIS newdsn.exe CGI script allows remote users to overwrite files.
Reference: XF:http-cgi-newdsn
Buffer overflow in telnet daemon tgetent routing allows remote
attackers to gain root access via the TERMCAP environmental variable.
Reference: SNI:SNI-20
Denial of service in in.comsat allows attackers to generate messages.
Reference: XF:comsat
The websendmail program in the Webgais program allows a remote user to
access arbitrary files.
Reference: XF:http-webgais-smail
A quote cwd command on FTP servers can reveal the full path of the
home directory of the "ftp" user.
Reference: XF:ftp-home
The GNU tar command, when used in FTP sessions, may allow an attacker
to execute arbitrary commands.
Reference: XF:ftp-exectar
In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.
Reference: CERT:CA-95.08
Sendmail 8.6.9 allows remote attackers to execute root commands, using
ident.
Reference: XF:ident-bo
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
Reference: XF:sendmail-mime-bo
Remote attacker can execute commands through Majordomo using the
Reply-To field and a "lists" command.
Reference: XF:majordomo-exe
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
Reference: XF:rpc-update
The SunView (SunTools) selection_svc facility allows remote users to
read files.
Reference: XF:selsvc
Automount daemon automountd allows local or remote users to gain
privileges via shell metacharacters.
Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)
Extra long export lists over 256 characters in some mount daemons
allows NFS directories to be mounted by anyone.
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability
Solaris rpc.mountd generates error messages that allow a remote
attacker to determine what files are on the server.
Reference: SUN:00168
Denial of service by sending forged ICMP unreachable packets.
Reference: XF:icmp-unreachable
Routed allows attackers to append data to files.
Reference: SGI:19981004-01-PX
Malicious option settings in UDP packets could force a reboot in SunOS
4.1.3 systems.
Reference: XF:udp-bomb
Livingston portmaster machines could be rebooted via a series
of commands.
Reference: XF:portmaster-reboot
Buffer overflow in Serv-U FTP server when user performs a cwd to a
directory with a long name.
Reference: XF:ftp-servu
Denial of service of Ascend routers through port 150 (remote
administration).
Reference: XF:ascend-150-kill
Solaris syslogd crashes when receiving a message from a host that
doesn't have an inverse DNS entry.
Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4
Denial of service in Windows NT messenger service through a long
username.
Reference: XF:nt-messenger
Windows NT 4.0 allows remote attackers to cause a denial of service
via a malformed SMB logon request in which the actual data size does
not match the specified size.
Reference: NAI:19980214 Windows NT Logon Denial of Service
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT
allows a denial of service.
Reference: MSKB:Q154087
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
Reference: XF:nt-rpc-ver
Buffer overflow in Cisco 7xx routers through the telnet service.
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
IIS allows users to execute arbitrary commands using .bat or .cmd
files.
Reference: MSKB:Q148188
Bash treats any character with a value of 255 as a command separator.
Reference: XF:bash-cmd
ScriptAlias directory in NCSA and Apache httpd allowed attackers to
read CGI programs.
Reference: XF:http-scriptalias
Remote execution of arbitrary commands through Guestbook CGI program.
Reference: XF:http-cgi-guestbook
Netscape FastTrack Web server lists files when a lowercase "get"
command is used instead of an uppercase GET.
Reference: XF:fastrack-get-directory-list
Livingston RADIUS code has a buffer overflow which can allow remote
execution of commands as root.
Reference: NAI:NAI-23
Some configurations of NIS+ in Linux allowed attackers
to log in as the user "+"
Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix
Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.
Reference: NAI:19970721 INN news server vulnerabilities
A race condition in the authentication agent mechanism of sshd 1.2.17
allows an attacker to steal another user's credentials.
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
Denial of service in talk program allows remote attackers to
disrupt a user's display.
Reference: XF:talkd-flash
Buffer overflow in listserv allows arbitrary command execution.
Reference: XF:smtp-listserv
Buffer overflow in War FTP allows remote execution of commands.
Reference: XF:war-ftpd
cfingerd lists all users on a system via search.**@target.
Reference: BUGTRAQ:19970523 cfingerd vulnerability
The jj CGI program allows command execution via shell metacharacters.
Reference: BUGTRAQ:19961224 jj cgi
faxsurvey CGI script on Linux allows remote command execution via
shell metacharacters.
Reference: XF:http-cgi-faxsurvey
Solaris SUNWadmap can be exploited to obtain root access.
Reference: SUN:00173
htmlscript CGI program allows remote read access to files.
Reference: XF:http-htmlscript-file-access
ICMP redirect messages may crash or lock up a host.
Reference: MSKB:Q154174
The info2www CGI script allows remote file access or remote
command execution.
Reference: XF:http-cgi-info2www
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
Reference: XF:http-port
MetaInfo MetaWeb web server allows users to upload and execute scripts.
Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products
Netscape Enterprise servers may list files through the PageServices query.
Reference: XF:netscape-server-pageservices
pfdispaly CGI program for SGI's Performer API Search Tool allows read
access to files.
Reference: SGI:19980401-01-P
Denial of service in Slmail v2.5 through the POP3 port.
Reference: XF:slmail-username-bo
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
Reference: XF:sun-telnet-kill
Denial of service in Windows NT DNS servers through malicious packet
which contains a response to a query that wasn't made.
Reference: NAI:NAI-5
Denial of service in Windows NT DNS servers by flooding port 53 with
too many characters.
Reference: XF:nt-dnscrash
mSQL v2.0.1 and below allows remote execution through a buffer overflow.
Reference: XF:msql-debug-bo
The WorkMan program can be used to overwrite any file to get root access.
Reference: XF:workman
In IIS, remote attackers can obtain source code for ASP files by appending
"::$DATA" to the URL.
Reference: MS:MS98-003
Excite for Web Servers (EWS) allows remote command execution via
shell metacharacters.
Reference: CERT:VB-98.01.excite
Remote command execution in Microsoft Internet Explorer using .lnk and
.url files.
Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4
Denial of service in IIS using long URLs.
Reference: XF:http-iis-longurl
Denial of service in WINS with malformed data to port 137 (NETBIOS
Name Service).
Reference: XF:nt-winsupd-fix
The Apache web server for Win32 may provide access to restricted
files when a . (dot) is appended to a requested URL.
The WinGate telnet proxy allows remote attackers to cause a denial of
service via a large number of connections to localhost.
Reference: BUGTRAQ:19980221 WinGate DoS
The WinGate proxy is installed without a password, which allows
remote attackers to redirect connections without authentication.
Reference: XF:wingate-unpassworded
Denial of service through Winpopup using large user names.
Reference: XF:nt-winpopup
AAA authentication on Cisco systems allows attackers to execute
commands without authorization.
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
All records in a WINS database can be deleted through SNMP for
a denial of service.
Reference: XF:nt-wins-snmp2
Solaris sysdef command allows local users to read kernel memory,
potentially leading to root privileges.
Reference: XF:sun-sysdef
Solaris volrmmount program allows attackers to read any file.
Reference: SUN:00162
Buffer overflow in Vixie Cron library up to version 3.0 allows local
users to obtain root access via a long environmental variable.
Reference: NAI:NAI-3
Buffer overflow in FreeBSD lpd through long DNS hostnames.
Reference: NAI:NAI-9
nis_cachemgr for Solaris NIS+ allows attackers to add malicious
NIS+ servers.
Reference: SUN:00155
Buffer overflow in SunOS/Solaris ps command.
Reference: SUN:00149
SunOS/Solaris FTP clients can be forced to execute arbitrary commands
from a malicious FTP server.
Reference: SUN:00176
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
Reference: XF:bnu-uucpd-bo
mmap function in BSD allows local attackers in the kmem group to
modify memory through devices.
Reference: XF:bsd-mmap
BSD sysctl control does not properly restrict source routing.
Reference: XF:bsd-sourceroute
HP-UX gwind program allows users to modify arbitrary files.
Reference: HP:HPSBUX9410-018
HP-UX vgdisplay program gives root access to local users.
Reference: HP:HPSBUX9702-056
SSH 1.2.25 on HP-UX allows access to new user accounts.
Reference: XF:ssh-1225
fpkg2swpk in HP-UX allows local users to gain root access.
Reference: XF:hpux-fpkg2swpk
HP ypbind allows attackers with root privileges to modify NIS data.
Reference: XF:nis-ypbind
IRIX disk_bandwidth program allows local users to gain root access
using relative pathnames.
Reference: XF:sgi-disk-bandwidth
IRIX ioconfig program allows local users to gain root access
using relative pathnames.
Reference: XF:sgi-ioconfig
Buffer overflow in Solaris fdformat command gives root access to local
users.
Reference: XF:fdformat-bo
Buffer overflow in Linux splitvt command gives root access to local
users.
Reference: XF:linux-splitvt
Buffer overflow in xmcd 2.0p12 allows local users to gain access
through an environmental variable.
Reference: BUGTRAQ:19961125 Security Problems in XMCD
SunOS rpc.cmsd allows attackers to obtain root access by overwriting
arbitrary files.
Reference: SUN:00166
Buffer overflow in Solaris kcms_configure command allows local users
to gain root access.
Reference: XF:sun-kcms-configure-bo
The open() function in FreeBSD allows local attackers to write
to arbitrary files.
Reference: FREEBSD:FreeBSD-SA-97:05
FreeBSD mmap function allows users to modify append-only or immutable
files.
Reference: FREEBSD:FreeBSD-SA-98:04
ppl program in HP-UX allows local users to create root files through
symlinks.
Reference: HP:HPSBUX9702-053
vhe_u_mnt program in HP-UX allows local users to create root files through
symlinks.
Reference: XF:hp-vhe
Vulnerability in HP-UX mediainit program.
Reference: HP:HPSBUX9710-071
SGI syserr program allows local users to corrupt files.
Reference: SGI:19971103-01-PX
SGI permissions program allows local users to gain root privileges.
Reference: SGI:19971103-01-PX
SGI mediad program allows local users to gain root access.
Reference: SGI:19980602-01-PX
Buffer overflow in NetMeeting allows denial of service and remote
command execution.
Reference: XF:nt-netmeeting
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local
user with physical access to obtain root access.
Reference: XF:sol-startup
Buffer overflow in BSD and linux lpr command allows local users to
execute commands as root through the classification option.
Reference: XF:lpr-bsd-lprbo
AIX batch queue (bsh) allows local and remote users to gain additional
privileges when network printing is enabled.
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
AIX Licensed Program Product performance tools allow local users to
gain root access.
Reference: XF:ibm-perf-tools
Buffer overflow in the libauth library in Solaris allows local users
to gain additional privileges, possibly root access.
Reference: XF:sol-sun-libauth
Buffer overflow in Linux Slackware crond program allows local users
to gain root access.
Reference: KSRT:005
Buffer overflow in the Linux mail program "deliver" allows local users
to gain root access.
Reference: KSRT:006
Linux PAM modules allow local users to gain root access using
temporary files.
Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam
A malicious Palace server can force a client to execute arbitrary
programs.
Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd)
NT users can gain debug-level access on a system process using the
Sechole exploit.
Reference: MS:MS98-009
CGI PHP mlog script allows an attacker to read any file on the target
server.
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
IIS ASP caching problem releases sensitive information when two
virtual servers share the same physical directory.
Reference: NTBUGTRAQ:Jan27,1999
A buffer overflow in the FTP list (ls) command in IIS allows remote
attackers to conduct a denial of service and, in some cases, execute
arbitrary commands.
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Race condition in the db_loader program in ClearCase gives local
users root access by setting SUID bits.
Reference: L0PHT:Feb8,1999
FTP PASV "Pizza Thief" denial of service and unauthorized data
access. Attackers can steal data by connecting to a port that was
intended for use by a client.
Reference: INFOWAR:01
rpc.pcnfsd in HP gives remote root access by changing the permissions
on the main printer spool directory.
Reference: HP:HPSBUX9902-091
Local or remote users can force ControlIT 4.5 to reboot or force a
user to log out, resulting in a denial of service.
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Denial of service in Windows systems using malformed oshare packets.
Reference: BUGTRAQ:Jan25,1999
Digital Unix 4.0 has a buffer overflow in the inc program of the mh
package.
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
WS_FTP server remote denial of service through cwd command.
Reference: EEYE:AD02021999
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root
compromise.
Reference: BUGTRAQ:Feb02,1999
The metamail package allows remote command execution using shell
metacharacters that are not quoted in a mailcap entry.
Reference: BUGTRAQ:Feb04,1999
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to
network shares using a blank password, through a problem with a null
NT hash value.
Reference: MS:MS99-004
NetBSD netstat command allows local users to access kernel memory.
Reference: NETBSD:1999-002
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to
remote root access, a.k.a. palmetto.
Reference: NETECT:palmetto.ftpd
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer
overflow which can gain root access.
Reference: SUN:00183
Lynx allows a local user to overwrite sensitive files through /tmp
symlinks.
Reference: BUGTRAQ:Feb11,1999
The installer for BackOffice Server includes account names and
passwords in a setup file (reboot.ini) which is not deleted.
Reference: MS:MS99-005
Buffer overflow in the "Super" utility in Debian Linux and other
operating systems allows local users to execute commands as root.
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux
Debian Linux cfengine package is susceptible to a symlink attack.
Reference: DEBIAN:19990215
Buffer overflow in webd in Network Flight Recorder (NFR)
2.0.2-Research allows remote attackers to execute commands.
Reference: NAI:February 16, 1999
Local users in Windows NT can obtain administrator privileges by
changing the KnownDLLs list to reference malicious programs.
Reference: MS:MS99-006
Process table attack in Unix systems allows a remote attacker to
perform a denial of service by filling a machine's process tables
through multiple connections to network services.
Reference: BUGTRAQ:Feb22,1999
InterScan VirusWall for Solaris doesn't scan files for viruses when
a single HTTP request includes two GET commands.
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Microsoft Taskpads feature allows remote web sites to execute commands
on the visiting user's machine.
Reference: BUGTRAQ:Feb22,1999
SLMail 3.1 and 3.2 allows local users to access any file in the NTFS
file system when the Remote Administration Service (RAS) is enabled by
setting a user's Finger File to point to the target file, then running
finger on the user.
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
The screen saver in Windows NT does not verify that its security
context has been changed properly, allowing attackers to run programs
with elevated privileges.
Reference: MS:MS99-008
ACC Tigris allows public access without a login.
Reference: BUGTRAQ:Feb02,1999
The Forms 2.0 ActiveX control (included with Visual Basic for
Applications 5.0) can be used to read text from a user's
clipboard when the user accesses documents with ActiveX content.
Reference: XF:forms-vuln-patch
The LDAP bind function in Exchange 5.5 has a buffer overflow that
allows a remote attacker to conduct a denial of service or execute
commands.
Reference: MS:MS99-009
Microsoft Personal Web Server and FrontPage Personal Web Server in
some Windows systems allows a remote attacker to read files on the
server by using a nonstandard URL.
Reference: MS:MS99-010
A legacy credential caching mechanism used in Windows 95 and Windows
98 systems allows attackers to read plaintext network passwords.
Reference: MS:MS99-052
DataLynx suGuard trusts the PATH environment variable to execute the
ps command, allowing local users to execute commands as root.
Reference: XF:datalynx-suguard-relative-paths
Buffer overflow in Dosemu Slang library in Linux.
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
The cryptographic challenge of SMB authentication in Windows 95 and
Windows 98 can be reused, allowing an attacker to replay the response and
impersonate a user.
Reference: L0PHT:Jan. 5, 1999
Buffer overflow in Thomas Boutell's cgic library version up to 1.05.
Reference: BUGTRAQ:Jan10,1999
Remote attackers can cause a denial of service in Sendmail 8.8.x and
8.9.2 by sending messages with a large number of headers.
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
A race condition in the BackWeb Polite Agent Protocol allows an
attacker to spoof a BackWeb server.
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
A race condition between the select() and accept() calls in NetBSD TCP
servers allows remote attackers to cause a denial of service.
Reference: NETBSD:1999-001
wget 1.5.3 follows symlinks to change permissions of the target file
instead of the symlink itself.
Reference: BUGTRAQ:Feb2,1999
A bug in Cyrix CPUs on Linux allows local users to perform a denial
of service.
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Buffer overflow in the Mail-Max SMTP server for Windows systems allows
remote command execution.
Reference: BUGTRAQ:Feb14,1999
A buffer overflow in lsof allows local users to obtain root
privilege.
Reference: HERT:002
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains
files that can be used as proxies for brute force password attacks, or
to identify valid users on the system.
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Files created from interactive shell sessions in Cobalt RaQ
microservers (e.g. .bash_history) are world readable, and thus are
accessible from the web server.
Reference: BUGTRAQ:19990225 Cobalt root exploit
Buffer overflow in gnuplot in Linux version 3.5 allows local users to
obtain root access.
Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow
The cancel command in Solaris 2.6 (i386) has a buffer overflow that
allows local users to obtain root access.
Reference: BUGTRAQ:Mar5,1999
In IIS and other web servers, an attacker can attack commands as
SYSTEM if the server is running as SYSTEM and loading an ISAPI
extension.
Reference: BUGTRAQ:Feb19,1999
A buffer overflow in the SGI X server allows local users to gain root
access through the X server font path.
Reference: SGI:19990301-01-PX
In Linux before version 2.0.36, remote attackers can spoof a TCP
connection and pass data to the application layer before fully
establishing the connection.
Reference: NAI:Linux Blind TCP Spoofing
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
by default, which allows remote attackers to change the router's
configuration.
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Vulnerability in Cisco 7xx series routers allows a remote attacker to
cause a system reload via a TCP connection to the router's TELNET
port.
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
64 bit Solaris 7 procfs allows local users to perform a denial of
service.
Reference: BUGTRAQ:Mar9,1999
umapfs allows local users to gain root privileges by changing their
uid through a malicious mount_umap program.
Reference: NETBSD:1999-006
During a reboot after an installation of Linux Slackware 3.6, a remote
attacker can obtain root access by logging in to the root account
without a password.
Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations
In some cases, NetBSD 1.3.3 mount allows local users to execute
programs in some file systems that have the "noexec" flag set.
Reference: NETBSD:1999-007
Vulnerability in hpterm on HP-UX 10.20 allows local users to gain
additional privileges.
Reference: HP:HPSBUX9903-093
talkback in Netscape 4.5 allows a local user to overwrite
arbitrary files of another user whose Netscape crashes.
Reference: SUSE:Mar18,1999
talkback in Netscape 4.5 allows a local user to kill an arbitrary
process of another user whose Netscape crashes.
Reference: SUSE:Mar18,1999
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and
bypass access controls.
Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert
The Lotus Notes 4.5 client may send a copy of encrypted mail in the
clear across the network if the user does not set the "Encrypt Saved
Mail" preference.
Reference: BUGTRAQ:19990323
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software
allows remote attackers to perform a denial of service by forcing the
supervisor module to reload.
Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches
ftp on HP-UX 11.00 allows local users to gain privileges.
Reference: HP:HPSBUX9903-094
XFree86 startx command is vulnerable to a symlink attack, allowing local
users to create files in restricted directories, possibly allowing
them to gain privileges or cause a denial of service.
Reference: SUSE:Mar28,1999
Domain Enterprise Server Management System (DESMS) in HP-UX allows
local users to gain privileges.
Reference: HP:HPSBUX9903-095
Remote attackers can perform a denial of service in WebRamp systems by
sending a malicious string to the HTTP port.
Reference: ISS:WebRamp Denial of Service Attacks
Remote attackers can perform a denial of service in WebRamp systems by
sending a malicious UDP packet to port 5353, changing its IP address.
Reference: ISS:WebRamp Denial of Service Attacks
Buffer overflow in procmail before version 3.12 allows remote or local
attackers to execute commands via expansions in the procmailrc
configuration file.
Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes
The byte code verifier component of the Java Virtual Machine (JVM)
allows remote execution through malicious web pages.
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Remote attackers can perform a denial of service in WinGate machines
using a buffer overflow in the Winsock Redirector Service.
Reference: EEYE:AD02221999
Solaris ff.core allows local users to modify files.
Reference: BUGTRAQ:Jan7,1999
In Cisco routers under some versions of IOS 12.0 running NAT, some
packets may not be filtered by input access list filters.
Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT
Local users can perform a denial of service in NetBSD 1.3.3 and
earlier versions by creating an unusual symbolic link with the ln
command, triggering a bug in VFS.
Reference: NETBSD:1999-008
Local users can gain privileges using the debug utility in the MPE/iX
operating system.
Reference: HP:HPSBMP9904-006
IIS 4.0 and Apache log HTTP request methods, regardless of how long
they are, allowing a remote attacker to hide the URL they really
request.
Reference: XF:iis-http-request-logging
Denial of service in IIS 4 with scripts from the ExAir sample site.
Reference: BUGTRAQ:Jan26,1999
Linux ftpwatch program allows local users to gain root privileges.
Reference: BUGTRAQ:Jan17,1999
L0phtcrack 2.5 used temporary files in the system TEMP directory which
could contain password information.
Reference: BUGTRAQ:Jan6,1999
Remote attackers can perform a denial of service using IRIX fcagent.
Reference: SGI:19981201-01-PX
Local users can perform a denial of service in Tripwire 1.2 and
earlier using long filenames.
Reference: BUGTRAQ:19990104 Tripwire mess..
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier
allows a local user to read or write arbitrary files on the disk
associated with that device.
Reference: NETBSD:1999-009
Internet Explorer 5.0 allows a remote server to read arbitrary files
on the client's file system using the Microsoft Scriptlet Component.
Reference: MS:MS99-012
A weak encryption algorithm is used for passwords in Novell
Remote.NLM, allowing them to be easily decrypted.
Reference: XF:netware-remotenlm-passwords
The remote proxy server in Winroute allows a remote attacker to
reconfigure the proxy without authentication through the "cancel"
button.
Reference: XF:winroute-config
The SNMP default community name "public" is not properly removed in
NetApps C630 Netcache, even if the administrator tries to disable it.
Reference: XF:netcache-snmp
The rsync command before rsync 2.3.1 may inadvertently change the
permissions of the client's working directory to the permissions of
the directory being transferred.
Reference: CALDERA:CSSA-1999:010.0
The ICQ Webserver allows remote attackers to use .. to access
arbitrary files outside of the user's personal directory.
Reference: XF:icq-webserver-read
A race condition in how procmail handles .procmailrc files allows
a local user to read arbitrary files available to the user who is
running procmail.
Reference: XF:procmail-race
Denial of service in HP-UX sendmail 8.8.6 related to accepting
connections.
Reference: HP:HPSBUX9904-097
Denial of service Netscape Enterprise Server with VirtualVault on
HP-UX VVOS systems.
Reference: HP:HPSBUX9903-092
Denial of service in "poll" in OpenBSD.
Reference: OPENBSD:Mar22,1999
OpenBSD kernel crash through TSS handling, as caused by the crashme
program.
Reference: OPENBSD:Mar21,1999
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
Reference: OPENBSD:Feb25,1999
Buffer overflow in OpenBSD ping.
Reference: OPENBSD:Feb23,1999
Remote attackers can cause a system crash through ipintr() in ipq in
OpenBSD.
Reference: OPENBSD:Feb19,1999
The DHTML Edit ActiveX control in Internet Explorer allows remote
attackers to read arbitrary files.
Reference: MS:MS99-011
The prompt parsing in bash allows a local user to execute commands as
another user by creating a directory with the name of the command
to execute.
Reference: BUGTRAQ:19990420 Bash Bug
rpc.statd allows remote attackers to forward RPC calls to the local
operating system via the SM_MON and SM_NOTIFY commands, which in turn
could be used to remotely exploit other bugs such as in automountd.
Reference: CERT:CA-99-05
Denial of service in WinGate proxy through a buffer overflow in
POP3.
Reference: XF:wingate-pop3-user-bo
A Windows NT 4.0 user can gain administrative rights by forcing
NtOpenProcessToken to succeed regardless of the user's permissions,
aka GetAdmin.
Reference: MSKB:Q146965
ICMP messages to broadcast addresses are allowed, allowing for a
Smurf attack that can cause a denial of service.
Reference: CERT:CA-98.01.smurf
UDP messages to broadcast addresses are allowed, allowing for a
Fraggle attack that can cause a denial of service by flooding the
target.
Reference: XF:fraggle
An X server's access control is disabled (e.g. through an "xhost +"
command) and allows anyone to connect to the server.
Reference: XF:xcheck-keystroke
HP OpenMail can be misconfigured to allow users to run arbitrary
commands using malicious print requests.
Reference: HP:HPSBUX9804-078
An attacker can write to syslog files from any location, causing a
denial of service by filling up the logs, and hiding activities.
Reference: XF:ibm-syslogd
An incorrect configuration of the PDG Shopping Cart CGI program
"shopper.cgi" could disclose private information.
Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data
A version of finger is running that exposes valid user information
to any entity on the network.
Reference: XF:finger-out
A version of rusers is running that exposes valid user information
to any entity on the network.
Reference: XF:rusersd
The rexd service is running, which uses weak authentication that can
allow an attacker to execute commands.
Reference: XF:rexd
The rwho/rwhod service is running, which exposes machine status
and user information.
Reference: XF:rwhod
The scriptlet.typelib ActiveX control is marked as "safe for
scripting" for Internet Explorer, which allows a remote attacker to
execute arbitrary commands as demonstrated by Bubbleboy.
Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs
Buffer overflow in ToxSoft NextFTP client through CWD command.
Reference: BID:572
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
Reference: XF:fujitsu-topic-bo
The BSD profil system call allows a local user to modify the internal
data space of a program via profiling and execve.
Reference: NETBSD:1999-011
Check Point FireWall-1 can be subjected to a denial of service via UDP
packets that are sent through VPN-1 to port 0 of a host.
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
sdtcm_convert in Solaris 2.6 allows a local user to overwrite
sensitive files via a symlink attack.
Reference: BUGTRAQ:19990808 sdtcm_convert
A default configuration of Apache on Debian Linux sets the ServerRoot
to /usr/doc, which allows remote users to read documentation files
for the entire server.
Reference: XF:apache-debian-usrdoc
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows
remote attackers to execute commands via m_invite invite option.
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Windows NT Terminal Server performs extra work when a client opens a
new connection but before it is authenticated, allowing for a denial
of service.
Reference: MS:MS99-028
Buffer overflow in Microsoft FrontPage Server Extensions (PWS)
3.0.2.926 on Windows 95, and possibly other versions, allows remote
attackers to cause a denial of service via a long URL.
Reference: BUGTRAQ:19990807 Crash FrontPage Remotely...
Microsoft Exchange 5.5 allows a remote attacker to relay email
(i.e. spam) using encapsulated SMTP addresses, even if the
anti-relaying features are enabled.
Reference: MS:MS99-027
Denial of service in Gauntlet Firewall via a malformed ICMP packet.
Reference: XF:gauntlet-dos
Buffer overflow in Netscape Communicator via EMBED tags in the
pluginspage option.
Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow
Denial of service in Netscape Enterprise Server (NES) in HP Virtual
Vault (VVOS) via a long URL.
Reference: BUGTRAQ:19990514 TGAD DoS
The ToolTalk ttsession daemon uses weak RPC authentication, which
allows a remote attacker to execute commands.
Reference: BUGTRAQ:19990913 Vulnerability in ttsession
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.
Reference: HP:HPSBUX9907-101
The CDE dtspcd daemon allows local users to execute arbitrary commands
via a symlink attack.
Reference: BUGTRAQ:19990913 Vulnerability in dtspcd
HP CDE program includes the current directory in root's PATH variable.
Reference: HP:HPSBUX9907-100
Buffer overflow in the AddSuLog function of the CDE dtaction utility
allows local users to gain root privileges via a long user name.
Reference: BUGTRAQ:19990913 Vulnerability in dtaction
The default configuration of the Array Services daemon (arrayd)
disables authentication, allowing remote users to gain root
privileges.
Reference: CERT:CA-99-09
Buffer overflow in TT_SESSION environment variable in ToolTalk shared
library allows local users to gain root privileges.
Reference: CERT:CA-99-11
Denial of service in AIX ptrace system call allows local users to
crash the system.
Reference: CIAC:J-055
The Sybase PowerDynamo personal web server allows attackers to
read arbitrary files through a .. (dot dot) attack.
Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)
Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd
SCO Doctor allows local users to gain root privileges through a Tools
option.
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
The Bluestone Sapphire web server allows session hijacking via easily
guessable session IDs.
Reference: BID:623
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed
dialer entry in the dialer.ini file.
Reference: MSKB:Q237185
After an unattended installation of Windows NT 4.0, an installation
file could include sensitive information such as the local
Administrator password.
Reference: MS:MS99-036
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or
execute files via the Import/Export Favorites feature, aka the
"ImportExportFavorites" vulnerability.
Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs
OpenBSD, BSDI, and other Unix operating systems allow users to set
chflags and fchflags on character and block devices.
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Buffer overflow in Berkeley automounter daemon (amd) logging facility
provided in the Linux am-utils package and others.
Reference: REDHAT:RHSA-1999:032-01
Buffer overflow in INN inews program.
Reference: XF:inn-inews-bo
Linux xmonisdn package allows local users to gain root privileges by
modifying the IFS or PATH environmental variables.
Reference: DEBIAN:19990807
The default FTP configuration in HP Visualize Conference allows
conference users to send a file to other participants without
authorization.
Reference: HP:HPSBUX9906-099
Buffer overflow in cfingerd allows local users to gain root privileges
via a long GECOS field.
Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow
The RedHat squid program installs cachemgr.cgi in a public web
directory, allowing remote attackers to use it as an intermediary to
connect to other systems.
Reference: REDHAT:RHSA-1999:025-01
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix
allows local users to execute Tcl commands as root.
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
The dtlogin program in Compaq Tru64 UNIX allows local users to gain
root privileges.
Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission
Vulnerability in Compaq Tru64 UNIX edauth command.
Reference: COMPAQ:SSRT0588U
Buffer overflow in Remote Access Service (RAS) client allows an
attacker to execute commands or cause a denial of service via a
malformed phonebook entry.
Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system
Buffer overflow in Windows NT 4.0 help file utility via a malformed
help file.
Reference: XF:nt-helpfile-bo
A remote attacker can disable the virus warning mechanism in Microsoft
Excel 97.
Reference: MS:MS99-014
The Guile plugin for the Gnumeric spreadsheet package allows attackers
to execute arbitrary code.
Reference: BUGTRAQ:19990802 Gnumeric potential security hole.
The pt_chown command in Linux allows local users to modify TTY
terminal devices that belong to other users.
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Denial of service in Windows NT Local Security Authority (LSA) through
a malformed LSA request.
Reference: BINDVIEW:Phantom Technical Advisory
The default configuration of Cobalt RaQ2 servers allows remote
users to install arbitrary software packages.
Reference: XF:cobalt-raq2-default-config
The Windows NT Client Server Runtime Subsystem (CSRSS) can be
subjected to a denial of service when all worker threads are waiting
for user input.
Reference: MS:MS99-021
Buffer overflow in OpenBSD procfs and fdescfs file systems via
uio_offset in the readdir() function.
Reference: OPENBSD:Aug12,1999
When IIS is run with a default language of Chinese, Korean, or
Japanese, it allows a remote attacker to view the source code of
certain files, a.k.a. "Double Byte Code Page".
Reference: MSKB:Q233335
An attacker can conduct a denial of service in Windows NT by executing
a program with a malformed file image header.
Reference: MS:MS99-023
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent
unencrypted.
Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
A Windows NT user can disable the keyboard or mouse by directly
calling the IOCTLs which control them.
Reference: MS:MS99-024
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to
conduct a denial of service through the ldap_search request.
Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6
The zsoelim program in the Debian man-db package allows local users to
overwrite files via a symlink attack.
Reference: DEBIAN:19990612
The KDE klock program allows local users to unlock a session using
malformed input.
Reference: BUGTRAQ:19990623 Security flaw in klock
The logging facilitity of the Debian smtp-refuser package allows local
users to delete arbitrary files using symbolic links.
Reference: DEBIAN:19990823b
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME
environmental variable.
Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows
A default configuration of CiscoSecure Access Control Server (ACS)
allows remote users to modify the server database without
authentication.
Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
KDE K-Mail allows local users to gain privileges via a symlink attack
in temporary user directories.
Reference: ISS:KDE K-Mail File Creation Vulnerability
Remote attackers can cause a denial of service on Linux in.telnetd
telnet daemon through a malformed TERM environmental variable.
Reference: BID:594
The Debian mailman package uses weak authentication, which allows
attackers to gain privileges.
Reference: DEBIAN:19990623
Trn allows local users to overwrite other users' files via symlinks.
Reference: XF:trn-symlinks
Buffer overflow in Netscape Enterprise Server and FastTrask Server
allows remote attackers to gain privileges via a long HTTP GET
request.
Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers
Buffer overflow in Source Code Browser Program Database Name Server
Daemon (pdnsd) for the IBM AIX C Set ++ compiler.
Reference: IBM:ERS-SVA-E01-1999:003.1
A default configuration of in.identd in SuSE Linux waits 120 seconds
between requests, allowing a remote attacker to conduct a denial of
service.
Reference: BUGTRAQ:19990814 DOS against SuSE's identd
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an
fstat call is made when the system has a high CPU load.
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows
98 via a malformed Telnet argument.
Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable
Buffer overflow in Accept command in Netscape Enterprise Server 3.6
with the SSL Handshake Patch.
Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
Denial of service in Netscape Enterprise Server via a buffer overflow
in the SSL handshake.
Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug
The w3-msql CGI script provided with Mini SQL allows remote attackers
to view restricted directories.
Reference: BUGTRAQ:19990817 Stupid bug in W3-msql
The INN inndstart program allows local users to gain privileges by
specifying an alternate configuration file using the INNCONF
environmental variable.
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Windows NT RRAS and RAS clients cache a user's password even if the
user has not selected the "Save password" option.
Reference: XF:nt-ras-pwcache
ColdFusion Administrator with Advanced Security enabled allows remote
users to stop the ColdFusion server via the Start/Stop utility.
Reference: ALLAIRE:ASB99-07
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote
attacker to view source code to scripts by appending a %20 to the
script's URL.
Reference: ALLAIRE:ASB99-06
Buffer overflow in FuseMAIL POP service via long USER and PASS
commands.
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Undocumented ColdFusion Markup Language (CFML) tags and functions in
the ColdFusion Administrator allow users to gain additional
privileges.
Reference: ALLAIRE:ASB99-10
Buffer overflow in FreeBSD fts library routines allows local user to
modify arbitrary files via the periodic program.
Reference: FREEBSD:FreeBSD-SA-99:05
When Javascript is embedded within the TITLE tag, Netscape
Communicator allows a remote attacker to use the "about" protocol to
gain access to browser information.
Reference: XF:netscape-title
NetBSD on a multi-homed host allows ARP packets on one network to
modify ARP entries on another connected network.
Reference: NETBSD:1999-010
NetBSD allows ARP packets to overwrite static ARP entries.
Reference: NETBSD:1999-010
SGI IRIX midikeys program allows local users to modify arbitrary files
via a text editor.
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
The Microsoft Java Virtual Machine allows a malicious Java applet to
execute arbitrary commands outside of the sandbox environment.
Reference: MS:MS99-031
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO
environmental variable.
Reference: BID:602
Vixie Cron on Linux systems allows local users to set parameters of
sendmail commands via the MAILTO environmental variable.
Reference: REDHAT:RHSA-1999:030-02
Firewall-1 sets a long timeout for connections that begin with ACK or
other packets except SYN, allowing an attacker to conduct a denial of
service via a large number of connection attempts to unresponsive
systems.
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
The web components of Compaq Management Agents and the Compaq Survey
Utility allow a remote attacker to read arbitrary files via a .. (dot
dot) attack.
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Denial of service in Compaq Management Agents and the Compaq Survey
Utility via a long string sent to port 2301.
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Buffer overflow in Solaris lpset program allows local users to gain
root access.
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via
long directory names.
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Cisco Gigabit Switch routers running IOS allow remote attackers to
forward unauthorized packets due to improper handling of the
"established" keyword in an access list.
Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error
IIS FTP servers may allow a remote attacker to read or delete files on
the server, even if they have "No Access" permissions.
Reference: MS:MS99-039
Buffer overflow in Xi Graphics Accelerated-X server allows local
users to gain root access via a long display or query parameter.
Reference: KSRT:011
Denial of service in HP-UX SharedX recserv program.
Reference: HP:HPSBUX9810-086
KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
FreeBSD allows local users to conduct a denial of service by creating
a hard link from a device special file to a file on an NFS file
system.
Reference: FREEBSD:FreeBSD-SA-98:05
The INN inndstart program allows local users to gain root privileges
via the "pathrun" parameter in the inn.conf file.
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
The dynamic linker in Solaris allows a local user to create arbitrary
files via the LD_PROFILE environmental variable and a symlink attack.
Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6
The SSH authentication agent follows symlinks via a UNIX domain
socket.
Reference: BUGTRAQ:19990917 A few bugs...
Arkiea nlservd allows remote attackers to conduct a denial of service.
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Buffer overflow in AIX ftpd in the libc library.
Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
A remote attacker can read information from a Netscape user's cache
via JavaScript.
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Hybrid Network cable modems do not include an authentication mechanism
for administration, allowing remote attackers to compromise the system
through the HSMP protocol.
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Internet Explorer allows remote attackers to read files by redirecting
data to a Javascript applet.
Reference: MS:MS99-043
Microsoft Excel does not warn a user when a macro is present in a
Symbolic Link (SYLK) format file.
Reference: MS:MS99-044
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing
attacks.
Reference: FREEBSD:SA-98.03
NIS finger allows an attacker to conduct a denial of service via a
large number of finger requests, resulting in a large number of NIS
queries.
Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file
location.
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
The GetFile.cfm file in Allaire Forums allows remote attackers to read
files through a parameter to GetFile.cfm.
Reference: ALLAIRE:ASB99-05
BMC Patrol allows remote attackers to gain access to an agent by
spoofing frames.
Reference: BUGTRAQ:19990409 Patrol security bugs
Buffer overflow in Internet Explorer 5 allows remote attackers to
execute commands via a malformed Favorites icon.
Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG
The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Denial of service in Linux 2.2.x kernels via malformed ICMP packets
containing unusual types, codes, and IP header lengths.
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Buffer overflow in Solaris dtprintinfo program.
Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits
The Netscape Directory Server installation procedure leaves sensitive
information in a file that is accessible to local users.
Reference: XF:netscape-dirsvc-password
Netscape Communicator 4.x with Javascript enabled does not warn a user
of cookie settings, even if they have selected the option to "Only
accept cookies originating from the same server as the page being
viewed"
Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings
Denial of service in Samba NETBIOS name service daemon (nmbd).
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Buffer overflow in Samba smbd program via a malformed message
command.
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Race condition in Samba smbmnt allows local users to mount file
systems in arbitrary locations.
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Cfingerd with ALLOW_EXECUTION enabled does not properly drop
privileges when it executes a program on behalf of the user, allowing
local users to gain root privileges.
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Red Hat pump DHCP client allows remote attackers to gain root access
in some configurations.
Reference: REDHAT:RHSA-1999:027
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote
attackers to conduct a denial of service (memory exhaustion) via a
large number of queries.
Reference: MSKB:Q196270
Lynx WWW client allows a remote attacker to specify command-line
parameters which Lynx uses when calling external programs to handle
certain protocols, e.g. telnet.
Reference: SUSE:19990915 Security hole in lynx
NTMail does not disable the VRFY command, even if the administrator
has explicitly disabled it.
Reference: NTBUGTRAQ:19991130 NTmail and VRFY
FreeBSD seyon allows users to gain privileges via a modified PATH
variable for finding the xterm and seyon-emu commands.
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Buffer overflow in FreeBSD xmindpath allows local users to gain
privileges via -f argument.
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
A Windows NT user can use SUBST to map a drive letter to a folder,
which is not unmapped after the user logs off, potentially allowing
that user to modify the location of folders accessed by later users.
Reference: BID:833
Buffer overflow in FreeBSD angband allows local users to gain
privileges.
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Denial of service in Linux syslogd via a large number of connections.
Reference: CALDERA:CSSA-1999-035.0
Buffer overflow in NFS server on Linux allows attackers to execute
commands via a long pathname.
Reference: BUGTRAQ:19991109 undocumented bugs - nfsd
Buffer overflow in BIND 8.2 via NXT records.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Buffer overflow in RSAREF2 via the encryption and decryption functions
in the RSAREF library.
Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
Denial of service in BIND named via malformed SIG records.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
UnixWare uidadmin allows local users to modify arbitrary files via
a symlink attack.
Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion
Denial of service in BIND by improperly closing TCP sessions via
so_linger.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a
denial of service via the SITE command.
Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability
Windows NT Task Scheduler installed with Internet Explorer 5 allows a
user to gain privileges by modifying the job after it has been
scheduled.
Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation
Symantec Mail-Gear 1.0 web interface server allows remote users to
read arbitrary files via a .. (dot dot) attack.
Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Buffer overflow in free internet chess server (FICS) program, xboard.
Reference: BUGTRAQ:19991129 FICS buffer overflow
Denial of service in BIND named via consuming more than "fdmax" file
descriptors.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Denial of service in BIND named via maxdname.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Denial of service in BIND named via naptr.
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Buffer overflow in Netscape Enterprise Server and Netscape
FastTrack Server allows remote attackers to gain privileges via the
HTTP Basic Authentication procedure.
Reference: BID:847
Ultimate Bulletin Board stores data files in the cgi-bin directory,
allowing remote attackers to view the data if an error occurs when the
HTTP server attempts to execute the file.
Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug
login in Slackware 7.0 allows remote attackers to identify valid users
on the system by reporting an encryption error when an account is
locked or does not exist.
Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug
Internet Explorer 5 allows a remote attacker to modify the IE client's
proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD)
server.
Reference: MS:MS99-054
Solaris arp allows local users to read files via the -f parameter,
which lists lines in the file that do not parse properly.
Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities
Race condition in the SSL ISAPI filter in IIS and other servers may
leak information in plaintext.
Reference: MS:MS99-053
UnixWare programs that dump core allow a local user to
modify files via a symlink attack on the ./core.pid file.
Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks
Buffer overflow in CommuniGatePro via a long string to the HTTP
configuration port.
Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS
Buffer overflow in UnixWare xauto program allows local users to gain
root privilege.
Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries
Denial of service in IIS 4.0 via a flood of HTTP requests with
malformed headers.
Reference: MS:MS99-029
ucbmail allows remote attackers to execute commands via shell
metacharacters that are passed to it from INN.
Reference: CERT:CA-97.08
Internet Explorer 3.x to 4.01 allows a remote attacker to insert
malicious content into a frame of another web site, aka frame
spoofing.
Reference: MS:MS98-020
Internet Explorer 4.01 allows remote attackers to read arbitrary files
by pasting a file name into the file upload control, aka untrusted
scripted paste.
Reference: MS:MS98-015
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files
via IE's cross frame security, aka the "Cross Frame Navigate"
vulnerability.
Reference: MS:MS98-013
Buffer overflow in Skyfull mail server via MAIL FROM command.
Reference: BID:759
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial
of service via a malformed request for files with .HTR, .IDC, or .STM
extensions.
Reference: MS:MS99-019
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow
remote attackers to modify their default routes.
Reference: L0PHT:19990811
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
Reference: MSKB:Q185959
Internet Explorer 5 allows remote attackers to read files via an
ExecCommand method called on an IFRAME.
Reference: MSKB:Q243638
Buffer overflow in WU-FTPD and related FTP servers allows remote
attackers to gain root privileges via MAPPING_CHDIR.
Reference: AUSCERT:AA-1999.01
Buffer overflow in WU-FTPD and related FTP servers allows remote
attackers to gain root privileges via macro variables in a message
file.
Reference: CERT:CA-99-13
Denial of service in WU-FTPD via the SITE NEWER command, which does
not free memory properly.
Reference: CERT:CA-99-13
Falcon web server allows remote attackers to read arbitrary files via
a .. (dot dot) attack.
Reference: BUGTRAQ:19991025 Falcon Web Server
Zeus web server allows remote attackers to read arbitrary files by
specifying the file name in an option to the search engine.
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
The Zeus web server administrative interface uses weak encryption for
its passwords.
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
The security descriptor for RASMAN allows users to point to an
alternate location via the Windows NT Service Control Manager.
Reference: MSKB:Q242294
FTGate web interface server allows remote attackers to read files via
a .. (dot dot) attack.
Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
dbsnmp in Oracle Intelligent Agent allows local users to gain
privileges by setting the ORACLE_HOME environmental variable, which
dbsnmp uses to find the nmiconf.tcl script.
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
iHTML Merchant allows remote attackers to obtain sensitive information
or execute commands via a code parsing error.
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities
The "download behavior" in Internet Explorer 5 allows remote attackers
to read arbitrary files via a server-side redirect.
Reference: MS:MS99-040
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font
whose length field is less than the size of the font.
Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow
userOsa in SCO OpenServer allows local users to corrupt files via a
symlink attack.
Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow
Red Hat Linux screen program does not use Unix98 ptys, allowing
local users to write to other terminals.
Reference: REDHAT:RHSA1999042-01
Firewall-1 does not properly restrict access to LDAP attributes.
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Buffer overflow in RealNetworks RealServer administration utility
allows remote attackers to execute arbitrary commands via a long
username and password.
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Buffer overflows in Windows NT 4.0 print spooler allow remote
attackers to gain privileges or cause a denial of service via a
malformed spooler request.
Reference: MS:MS99-047
The Windows NT 4.0 print spooler allows a local user to execute
arbitrary commands due to inappropriate permissions that allow the
user to specify an alternate print provider.
Reference: MS:MS99-047
Buffer overflow in rpc.yppasswdd allows a local user to gain
privileges via MD5 hash generation.
Reference: REDHAT:RHSA1999046-01
ypserv allows a local user to modify the GECOS and login shells
of other users.
Reference: REDHAT:RHSA1999046-01
ypserv allows local administrators to modify password tables.
Reference: REDHAT:RHSA1999046-01
genfilt in the AIX Packet Filtering Module does not properly filter
traffic to destination ports greater than 32767.
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Buffer overflow in BFTelnet allows remote attackers to cause a denial
of service via a long username.
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Denial of service in Axent Raptor firewall via malformed zero-length
IP options.
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0
Buffer overflow in sccw allows local users to gain root access via the
HOME environmental variable.
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
sccw allows local users to read arbitrary files.
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Denial of service in Solaris TCP streams driver via a malicious
connection that causes the server to panic as a result of recursive
calls to mutex_enter.
Reference: BUGTRAQ:19990921 solaris DoS
Multihomed Windows systems allow a remote attacker to bypass IP
source routing restrictions via a malformed packet with IP options,
aka the "Spoofed Route Pointer" vulnerability.
Reference: NAI:Windows IP Source Routing Vulnerability
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of
service by opening a large number of files.
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Buffer overflow in the FTP client in the Debian GNU/Linux netstd
package.
Reference: DEBIAN:19990104
URL Live! web server allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer
WebTrends software stores account names and passwords in a file which
does not have restricted access permissions.
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software
The Preloader ActiveX control used by Internet Explorer allows remote
attackers to read arbitrary files.
Reference: MS:MS99-018
Denial of service in various Windows systems via malformed, fragmented
IGMP packets.
Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000
Buffer overflow in the pop-2d POP daemon in the IMAP package allows
remote attackers to gain privileges via the FOLD command.
Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d
BMC Patrol allows any remote attacker to flood its UDP port, causing a
denial of service.
Reference: BUGTRAQ:19990409 Patrol security bugs
An example application in ColdFusion Server 4.0 allows remote
attackers to view source code via the sourcewindow.cfm file.
Reference: ALLAIRE:ASB99-02
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to
conduct a denial of service.
Reference: ALLAIRE:ASB99-02
NTMail allows remote attackers to read arbitrary files via a .. (dot
dot) attack.
Reference: EEYE:AD05261999
Buffer overflow in SmartDesk WebSuite allows remote attackers to cause
a denial of service via a long URL.
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
wwwboard allows a remote attacker to delete message board articles via
a malformed argument.
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Buffer overflow in Mediahouse Statistics Server allows remote
attackers to execute commands.
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Mediahouse Statistics Server allows remote attackers to read the
administrator password, which is stored in cleartext in the ss.cfg
file.
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
TeamTrack web server allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
classifieds.cgi allows remote attackers to read arbitrary files via
shell metacharacters.
Reference: EL8:19991215 Classifieds (classifieds.cgi)
classifieds.cgi allows remote attackers to execute arbitrary commands
by specifying them in a hidden variable in a CGI form.
Reference: EL8:19991215 Classifieds (classifieds.cgi)
BNBSurvey survey.cgi program allows remote attackers to execute
commands via shell metacharacters.
Reference: EL8:19981203 BNBSurvey (survey.cgi)
BNBForm allows remote attackers to read arbitrary files via the
automessage hidden form variable.
Reference: EL8:19981203 BNBForm (bnbform.cgi)
MBone SDR Package allows remote attackers to execute commands via
shell metacharacters in Sesion Initiation Protocol (SIP) messages.
Reference: CERT:VN-99-03
Denial of service in Debian IRC Epic/epic4 client via a long string.
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Buffer overflow in mutt mail client allows remote attackers to execute
commands via malformed MIME messages.
Reference: CALDERA:CSSA-1999-031
UnixWare dos7utils allows a local user to gain root privileges by
using the STATICMERGE environmental variable to find a script which
it executes.
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Buffer overflow in OpenLink 3.2 allows remote attackers to gain
privileges via a long GET request to the web configurator.
Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange
5.5 and 5.0 allows remote attackers to conduct a denial of service via
AUTH or AUTHINFO commands.
Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5
Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED
tag.
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat,
and envout.bat, which allow remote attackers to execute commands via
shell metacharacters.
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via a series of MKD and CWD commands that create nested
directories.
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote
attackers to execute commands.
Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit
WWWBoard stores encrypted passwords in a password file that is
under the web root and thus accessible by remote attackers.
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
WWWBoard has a default username and default password.
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain
root access via the SITE EXEC command.
Reference: CERT:CA-94.08
The NeXT NetInfo _writers property allows local users to gain root
privileges or conduct a denial of service.
Reference: CERT:CA-93.02a
MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
sudo 1.5.x allows local users to execute arbitrary commands via a
.. (dot dot) attack.
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
IRIX startmidi program allows local users to modify arbitrary files
via a symlink attack.
Reference: AUSCERT:AA-97-05
IRIX cdplayer allows local users to create directories in arbitrary
locations via a command line option.
Reference: AUSCERT:AA-96.11
HPUX sysdiag allows local users to gain root privileges via a symlink
attack during log file creation.
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Buffer overflow in HPUX passwd command allows local users to gain root
privileges via a command line option.
Reference: AUSCERT:AA-96.13
FreeBSD mount_union command allows local users to gain root privileges
via a symlink attack.
Reference: BUGTRAQ:19960316 BoS: SECURITY BUG in FreeBS
Buffer overflow in FreeBSD setlocale in the libc module.
Reference: FREEBSD:FreeBSD-SA-97:01
Race condition in xterm allows local users to modify arbitrary files
via the logging option.
Reference: CERT:CA-93.17
Buffer overflow in Solaris getopt in libc allows local users to gain
root privileges via a long argv[0].
Reference: L0PHT:19970127 Solaris libc - getopt(3)
Buffer overflow in the HTML library used by Internet Explorer, Outlook
Express, and Windows Explorer via the res: local resource protocol.
Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite
Buffer overflow in BNC IRC proxy allows remote attackers to gain
privileges.
Reference: BUGTRAQ:19981226 bnc exploit
The Windows NT RPC service allows remote attackers to conduct a denial
of service using spoofed malformed RPC packets which generate an
error message that is sent to the spoofed host, potentially setting up
a loop, aka Snork.
Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service
Buffer overflow in Exim allows local users to gain root privileges via
a long :include: option in a .forward file.
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Buffer overflow in Xshipwars xsw program.
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow
Buffer overflow in Solaris snoop program allows remote attackers to
gain root privileges via a long domain name when snoop is running in
verbose mode.
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Buffer overflow in Solaris snoop allows remote attackers to gain root
privileges via GETQUOTA requests to the rpc.rquotad service.
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
The Windows help system can allow a local user to execute commands as
another user by editing a table of contents metafile with a .CNT
extension and modifying the topic action to include the commands to be
executed when the .hlp file is accessed.
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT
Sendmail allows local users to reinitialize the aliases database via
the newaliases command, then cause a denial of service by interrupting
Sendmail.
Reference: OPENBSD:19991204
Buffer overflow in Solaris sadmind allows remote attackers to gain
root privileges using a NETMGT_PROC_SERVICE request.
Reference: SF-INCIDENTS:19991209 sadmind
htdig allows remote attackers to execute commands via filenames with
shell metacharacters.
Reference: DEBIAN:19991209
The SCO UnixWare privileged process system allows local users to gain
root privileges by using a debugger such as gdb to insert traps into
_init before the privileged process is executed.
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Windows NT Service Control Manager (SCM) allows remote attackers to
cause a denial of service via a malformed argument in a resource
enumeration request.
Reference: MS:MS99-055
Internet Explorer 5.01 and earlier allows a remote attacker to create
a reference to a client window and use a server-side redirect to
access local files via that window, aka "Server-side Page Reference
Redirect."
Reference: MS:MS99-050
The Sun Web-Based Enterprise Management (WBEM) installation script
stores a password in plaintext in a world readable file.
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file
The ping command in Linux 2.0.3x allows local users to cause a denial
of service by sending large packets with the -R (record route)
option.
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?
Windows NT does not properly download a system policy if the domain
user logs into the domain with a space at the end of the domain name.
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX)
allows remote attackers to execute commands via the vnd.ms.radio
protocol.
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit
Buffer overflow in GoodTech Telnet Server NT allows remote users to
cause a denial of service via a long login name.
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
HP VirtualVault with the PHSS_17692 patch allows unprivileged
processes to bypass access restrictions via the Trusted Gateway Proxy
(TGP).
Reference: HP:HPSBUX9912-107
Windows NT with SYSKEY reuses the keystream that is used for
encrypting SAM password hashes, allowing an attacker to crack
passwords.
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Windows NT Local Security Authority (LSA) allows remote attackers to
cause a denial of service via malformed arguments to the LsaLookupSids
function which looks up the SID, aka "Malformed Security Identifier
Request."
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service
Buffer overflow in Infoseek Ultraseek search engine allows remote
attackers to execute commands via a long GET request.
Reference: EEYE:AD19991215
wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Cisco Cache Engine allows an attacker to replace content in the cache.
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of
service via a malformed TDS packet.
Reference: MS:MS99-059
The web administration interface for Cisco Cache Engine allows remote
attackers to view performance statistics.
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Cisco Cache Engine allows a remote attacker to gain access via a null
username and password.
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Buffer overflow in the POP server POProxy for the Norton Anti-Virus
protection NAV2000 program via a large USER command.
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
xsoldier program allows local users to gain root access via a
long argument.
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
The Remote Data Service (RDS) DataFactory component of Microsoft Data
Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods,
which allows remote attackers to execute arbitrary commands.
Reference: MS:MS98-004
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local
users to gain privileges via a long -m argument.
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a
directory tree with insecure permissions, which allows local users to
replace a privileged executable (processd) with a Trojan horse,
facilitating a root or Administrator compromise.
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32
bit UID, which allows a local user to gain root access if the lower 16
bits are set to 0, as fixed by the NFS jumbo patch upgrade.
Reference: CERT:CA-1992-15
Solaris 2.6 HW3/98 installs admintool with world-writable permissions,
which allows local users to gain privileges by replacing it with a
Trojan horse program.
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of
service (CPU utilization) via a large amount of data to port 5631.
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2
allows attackers to gain root privileges.
Reference: CERT:CA-1991-11
Vulnerability in login in AT&T System V Release 4 allows local users
to gain privileges.
Reference: CERT:CA-1991-08
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a
denial of service (hang) via a malformed GET request, aka the IIS
"GET" vulnerability.
Reference: MS:MS98-019
rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary
files via a symlink attack on the /tmp/rex.$$ file.
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX
4.0 through 4.0d allows local users to gain privileges.
Reference: COMPAQ:SSRT0495U
pnserver in RealServer 5.0 and earlier allows remote attackers to
cause a denial of service by sending a short, malformed request.
Reference: BUGTRAQ:19980115 pnserver exploit..
When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular
order, Gauntlet allows remote attackers to bypass firewall access
restrictions, and does not log the activities.
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local
attackers to gain privileges by creating an extremely large directory
name, which is inserted into the password prompt via the \w option in
the PS1 environmental variable when another user changes into that
directory.
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Microsoft Excel 97 does not warn the user before executing worksheet
functions, which could allow attackers to execute arbitrary commands
by using the CALL function to execute a malicious DLL, aka the Excel
"CALL Vulnerability."
Reference: MS:MS98-018
VMS 4.0 through 5.3 allows local users to gain privileges via the
ANALYZE/PROCESS_DUMP dcl command.
Reference: CERT:CA-1990-07
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various
SVR4 systems allows remote attackers to execute arbitrary commands.
Reference: CERT:CA-1992-04
Webmin before 0.5 does not restrict the number of invalid passwords
that are entered for a valid username, which could allow remote
attackers to gain privileges via brute force password cracking.
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
rmmount in SunOS 5.7 may mount file systems without the nosuid flag
set, contrary to the documentation and its use in previous versions of
SunOS, which could allow local users with physical access to gain root
privileges by mounting a floppy or CD-ROM that contains a setuid
program and running volcheck, when the file systems do not have the
nosuid option specified in rmmount.conf.
Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid.
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher
Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote
attackers to insert arbitrary data into an existing stream between an
SSH client and server by using a known plaintext attack and computing
a valid CRC-32 checksum for the packet, aka the "SSH insertion
attack."
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in
the a URL as the hostname instead of an IP address, which causes IE to
apply Local Intranet Zone settings to the resulting web page, allowing
remote malicious web servers to conduct unauthorized activities by
using URLs that contain the dotless IP address for their server.
Reference: MS:MS98-016
The default configuration of NCSA Telnet package for Macintosh and PC
enables FTP, even though it does not include an "ftp=yes" line, which
allows remote attackers to read and modify arbitrary files.
Reference: CERT:CA-1991-15
Buffer overflow in the Window.External function in the JScript
Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows
remote attackers to execute arbitrary commands via a malicious web
page.
Reference: MS:MS98-011
Buffer overflow in Internet Explorer 4.01 and earlier allows remote
attackers to execute arbitrary commands via a long URL with the "mk:"
protocol, aka the "MK Overrun security issue."
Reference: MSKB:Q176697
Vulnerability in BSD Telnet client with encryption and Kerberos 4
authentication allows remote attackers to decrypt the session via
sniffing.
Reference: CERT:CA-1995-03
Kerberos 4 allows remote attackers to obtain sensitive information via
a malformed UDP packet that generates an error string that
inadvertently includes the realm name and the last user.
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Cisco PIX Private Link 4.1.6 and earlier does not properly process
certain commands in the configuration file, which reduces the
effective key length of the DES key to 48 bits instead of 56 bits,
which makes it easier for an attacker to find the proper key via a
brute force attack.
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating
systems allows local users to create or overwrite arbitrary files via
a symlink attack that is triggered after invoking lpr 1000 times.
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read
arbitrary files by specifying the file with the -file parameter.
Reference: CERT:VB-96.05
Windows 95 uses weak encryption for the password list (.pwl) file used
when password caching is enabled, which allows local users to gain
privileges by decrypting the passwords.
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Windows 95, when Remote Administration and File Sharing for NetWare
Networks is enabled, creates a share (C$) when an administrator logs
in remotely, which allows remote attackers to read arbitrary files by
mapping the network drive.
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Sendmail before 8.10.0 allows remote attackers to cause a denial of
service by sending a series of ETRN commands then disconnecting from
the server, while Sendmail continues to process the commands after the
connection has been terminated.
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Vulnerability in StackGuard before 1.21 allows remote attackers to
bypass the Random and Terminator Canary security mechanisms by using a
non-linear attack which directly modifies a pointer to a return
address instead of using a buffer overflow to reach the return address
entry itself.
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and
earlier, and possibly other operating systems, allows local users to
gain root privileges.
Reference: CIAC:H-15A
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS
sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
Reference: CERT:CA-1990-04
Vulnerability in runpriv in Indigo Magic System Administration
subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root
privileges.
Reference: SGI:19970503-01-PX
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files
by specifying the file in the -h command line parameter.
Reference: BUGTRAQ:19961124
ndd in Solaris 2.6 allows local users to cause a denial of service by
modifying certain TCP/IP parameters.
Reference: SUN:00165
FTP installation script anon.ftp in AIX insecurely configures
anonymous FTP, which allows remote attackers to execute arbitrary
commands.
Reference: CERT:CA-1992-09
netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental
variable for finding and executing the disable program, which allows
local users to gain privileges.
Reference: BUGTRAQ:19970104 Irix: netprint story
The default configuration for UUCP in AIX before 3.2 allows local
users to gain root privileges.
Reference: CERT:CA-1992-06
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users
to gain privileges.
Reference: CERT:CA-1989-02
Windows NT 4.0 does not properly shut down invalid named pipe RPC
connections, which allows remote attackers to cause a denial of
service (resource exhaustion) via a series of connections containing
malformed data, aka the "Named Pipes Over RPC" vulnerability.
Reference: MS:MS98-017
Buffer overflow in OSF Distributed Computing Environment (DCE)
security demon (secd) in IRIX 6.4 and earlier allows attackers to
cause a denial of service via a long principal, group, or
organization.
Reference: CERT:VB-97.12
Windows NT 4.0 allows remote attackers to cause a denial of service
(crash) via extra source routing data such as (1) a Routing
Information Field (RIF) field with a hop count greater than 7, or (2)
a list containing duplicate Token Ring IDs.
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5
and earlier, allows attackers to compromise data transfer for
Predictive messages (using e-mail or modem) between customer and
Response Center Predictive systems.
Reference: HP:HPSBUX9807-081
The permissions for the /dev/audio device on Solaris 2.2 and earlier,
and SunOS 4.1.x, allow any local user to read from the device, which
could be used by an attacker to monitor conversations happening near a
machine that has a microphone.
Reference: CIAC:E-01
SCO UNIX System V/386 Release 3.2, and other SCO products, installs
the home directories (1) /tmp for the dos user, and (2) /usr/tmp for
the asg user, which allows other users to gain access to those
accounts since /tmp and /usr/tmp are world-writable.
Reference: CERT:CA-1993-13
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier
allows local users to overwrite arbitrary files and gain root
privileges via a symlink attack on the IOERROR.mytty file.
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Buffer overflow in CrackLib 2.5 may allow local users to gain root
privileges via a long GECOS field.
Reference: BUGTRAQ:19971214 buffer overflows in cracklib?!
SunOS 4.1.2 and earlier allows local users to gain privileges in
certain dynamically linked setuid or setgid programs that change the
real and effective user ids to the same user, via "LD_*" environmental
variables.
Reference: CERT:CA-1992-11
Vulnerability in runtime linker program rld in SGI IRIX 6.x and
earlier allows local users to gain privileges via setuid and setgid
programs.
Reference: CIAC:H-065
Certain files in MPower in HP-UX 10.x are installed with insecure
permissions, which allows local users to gain privileges.
Reference: HP:HPSBUX9701-051
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and
earlier allows local users to access arbitrary files and gain
privileges.
Reference: HP:HPSBUX9701-044
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x
and earlier allows local users to access arbitrary files and gain
privileges.
Reference: HP:HPSBUX9405-011
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows
remote attackers to execute arbitrary commands via a long string to
the Agent port (1827), which is handled by smaxagent.exe.
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
FTP service in IIS 4.0 and earlier allows remote attackers to cause a
denial of service (resource exhaustion) via many passive (PASV)
connections at the same time.
Reference: MS:MS98-006
BisonWare FTP Server 4.1 and earlier allows remote attackers to cause
a denial of service via a malformed PORT command that contains a
non-numeric character and a large number of carriage returns.
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to
cause a denial of service via an ICMP Subnet Mask Address Request
packet, when certain multiple IP addresses are bound to the same
network interface.
Reference: MSKB:Q192774
SSH 2.0.11 and earlier allows local users to request remote forwarding
from privileged ports without being root.
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and
possibly remote users to gain root privileges.
Reference: HP:HPSBUX9702-055
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to
gain root privileges by forcing ppl to core dump.
Reference: BUGTRAQ:19961103 Re: Untitled
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers
to cause a denial of service by preventing users from being able to
log into the system.
Reference: CERT:CA-1993-08
Vulnerability in HP Series 800 S/X/V Class servers allows remote
attackers to gain access to the S/X/V Class console via the Service
Support Processor (SSP) Teststation.
Reference: HP:HPSBUX9911-105
Cross-site scripting vulnerability in Third Voice Web annotation
utility allows remote users to read sensitive data and generate fake
web pages for other Third Voice users by injecting malicious
Javascript into an annotation.
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS
11.2 and earlier does not use authentication, which allows remote
attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets
to UDP port 2048.
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Directory traversal vulnerability in nph-publish before 1.2 allows
remote attackers to overwrite arbitrary files via a .. (dot dot) in
the pathname for an upload operation.
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Vulnerability in On-Line Customer Registration software for IRIX 6.2
through 6.4 allows local users to gain root privileges.
Reference: SGI:19980901-01-PX
mysqld in MySQL 3.21 creates log files with world-readable
permissions, which allows local users to obtain passwords for users
who are added to the user database.
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.
Reference: SUN:00143
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group
privileges, which could allow the me user to use the su command to
become root.
Reference: CERT:CA-1991-06
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which
allows local users to gain privileges.
Reference: CERT:CA-1991-05
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a
user who tries to redirect console output and input, which could allow
a local user to gain privileges.
Reference: CERT:CA-1990-12
BuildDisk program on NeXT systems before 2.0 does not prompt users for
the root password, which allows local users to gain root privileges.
Reference: CERT:CA-1990-06
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote
attackers to cause a denial of service via a spoofed endpoint
identifier.
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Check Point Firewall-1 does not properly handle certain restricted
keywords (e.g., Mail, auth, time) in user-defined objects, which could
produce a rule with a default "ANY" address and result in access to
more systems than intended by the administrator.
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which
allows local users to cause a denial of service by modifying critical
networking configuration information.
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Buffer overflow in ping in AIX 4.2 and earlier allows local users to
gain root privileges via a long command line argument.
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open
Desktop/Open Server 3.0 allows local users to gain root privileges.
Reference: BUGTRAQ:19971204 scoterm exploit
Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not
check user credentials when initializing I/O notification, which
allows local users to cause a denial of service by specifying an
arbitrary process ID to be signaled via a socket or device file
descriptor via certain ioctl and fcntl calls
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes
user name and password information to disk, which could allow local
users to gain privileges.
Reference: CIAC:D-21
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to
cause a denial of service (crash) by returning 0.0.0.0 as the IP
address for a DNS host name lookup.
Reference: MSKB:Q188571
IIS 3.0 allows remote attackers to cause a denial of service via a
request to an ASP page in which the URL contains a large number of /
(forward slash) characters.
Reference: MSKB:Q187503
Netscape Communicator 4.7 and earlier allows remote attackers to cause
a denial of service, and possibly execute arbitrary commands, via a
long certificate key.
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
IIS 4.0 does not properly restrict access for the initial session
request from a user's IP address if the address does not resolve to a
DNS domain, aka the "Domain Resolution" vulnerability.
Reference: MS:MS99-039
SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local
users to modify permissions for arbitrary files and gain privileges.
Reference: CIAC:F-16
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain
names and passwords in plaintext in the TMLBQueue network share, which
has insecure default permissions, allowing remote attackers to read
the passwords and gain privileges.
Reference: MSKB:Q229972
movemail in HP-UX 10.20 has insecure permissions, which allows local
users to gain privileges.
Reference: HP:HPSBUX9701-047
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent
remote access to the daemon, which allows remote attackers to obtain
sensitive system information.
Reference: SUN:00102
Microsoft Office 98, Macintosh Edition, does not properly initialize
the disk space used by Office 98 files and effectively inserts data
from previously deleted files into the Office file, which could allow
attackers to obtain sensitive information.
Reference: MSKB:Q189529
Java in Netscape 4.5 does not properly restrict applets from
connecting to other hosts besides the one from which the applet was
loaded, which violates the Java security model and could allow remote
attackers to conduct unauthorized activities.
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary
files via an e-mail message containing a uuencoded attachment that
specifies the full pathname for the file to be modified, which is
processed by uuencode in Metamail scripts such as sun-audio-file.
Reference: BUGTRAQ:19971024 Vulnerability in metamail
fte-console in the fte package before 0.46b-4.1 does not drop root
privileges, which allows local users to gain root access via the
virtual console device.
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
An interaction between the AS/400 shared folders feature and Microsoft
SNA Server 3.0 and earlier allows users to view each other's folders
when the users share the same Local APPC LU.
Reference: MSKB:Q138001
NukeNabber allows remote attackers to cause a denial of service by
connecting to the NukeNabber port (1080) without sending any data,
which causes the CPU usage to rise to 100% from the report.exe program
that is executed upon the connection.
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf,
which is installed with incorrect permissions including the setgid
bit, which allows local users to read and write files and possibly
gain privileges via bugs in the program.
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Buffer overflow in nftp FTP client version 1.40 allows remote
malicious FTP servers to cause a denial of service, and possibly
execute arbitrary commands, via a long response string.
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore
permissions, which are inherited by programs such as File Manager that
are started from the Shortcut Bar, which could allow local users to
read folders for which they do not have permission.
Reference: MSKB:Q146604
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier
allows attackers with physical access to the system to display
unechoed characters (such as those from password prompts) via the
L2/AGAIN key.
Reference: SUNBUG:1077164
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous
FTP, creates the ftp user without a password and with /bin/date as the
shell, which could allow attackers to gain access to certain system
resources.
Reference: FREEBSD:FreeBSD-SA-97:03
A design flaw in the Z-Modem protocol allows the remote sender of a
file to execute arbitrary programs on the client, as implemented in rz
in the rzsz module of FreeBSD before 2.1.5, and possibly other
programs.
Reference: CIAC:G-31
Sendmail before 8.6.7 allows local users to gain root access via a
large value in the debug (-d) command line option.
Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here)
Passfilt.dll in Windows NT SP2 allows users to create a password that
contains the user's name, which could make it easier for an attacker
to guess.
Reference: MSKB:Q247975
Windows NT 4.0 SP4 and earlier allows local users to gain privileges
by modifying the symbolic link table in the \?? object folder using a
different case letter (upper or lower) to point to a different device.
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that
includes the current working directory (.), which allows local users
to gain privileges via Trojan horse programs.
Reference: SUNBUG:1121935
Vulnerability in Novell NetWare 3.x and earlier allows local users to
gain privileges via packet spoofing.
Reference: CIAC:D-01
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could
allow remote attackers to cause a denial of service or execute
arbitrary commands via a long DNS hostname that is not properly
handled during TGT ticket passing.
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or
MOTIF do not properly disable access to user accounts that exceed the
break-in limit threshold for failed login attempts, which makes it
easier for attackers to conduct brute force password guessing.
Reference: CIAC:D-06
SAS System 5.18 on VAX/VMS is installed with insecure permissions for
its directories and startup file, which allows local users to gain
privileges.
Reference: CIAC:C-19
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR
(abort file transfer) command is executed during a file transfer,
which causes a signal to be handled incorrectly and allows local and
possibly remote attackers to read arbitrary files.
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows
local users to gain root privileges via a long LANG environmental
variable.
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users
to overwrite arbitrary files and gain root access via a symlink
attack.
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows
local users to gain privileges.
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit
The snprintf function in the db library 1.85.4 ignores the size
parameter, which could allow attackers to exploit buffer overflows
that would be prevented by a properly implemented snprintf.
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be
controlled by users on reboot when an option is set, which allows
local users to cause a denial of service by shutting down the
interface.
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows
local users to overwrite files of other users via a symlink attack on
a temporary file.
Reference: BUGTRAQ:19980128 GZEXE - the big problem
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux
5.0 and earlier allows remote attackers to execute arbitrary commands
via shell metacharacters in the names of files that are to be
downloaded.
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux
4.0 is configured to allow remote attackers to read and write
sensitive information.
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp
3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows
remote attackers to cause a denial of service (reboot) via a flood of
IAC packets to the telnet port.
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames
and passwords for visited sites in plaintext in the world-readable
history file, which allows other local users to gain privileges.
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Vulnerability when Network Address Translation (NAT) is enabled in
Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw,
allows remote attackers to cause a denial of service (kernel panic)
via a ping -R (record route) command.
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options,
allows local unprivileged users to forge IP packets via the TIOCSETD
option on tty devices.
Reference: BUGTRAQ:19991022 Local user can send forged packets
Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the
"Listen to !nick <soundname> requests" option enabled allows remote
attackers to read arbitrary files via a .. (dot dot) in a DCC GET
request.
Reference: BUGTRAQ:19990924 Kvirc bug
Compaq Integration Maintenance Utility as used in Compaq Insight
Manager agent before SmartStart 4.50 modifies the legal notice caption
(LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which
could produce a legal notice that is in violation of the security
policy.
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
When an administrator in Windows NT or Windows 2000 changes a user
policy, the policy is not properly updated if the local ntconfig.pol
is not writable by the user, which could allow local users to bypass
restrictions that would otherwise be enforced by the policy, possibly
by changing the policy file to be read-only.
Reference: MSKB:Q157673
When the Ntconfig.pol file is used on a server whose name is longer
than 13 characters, Windows NT does not properly enforce policies for
global groups, which could allow users to bypass restrictions that
were intended by those policies.
Reference: MSKB:Q163875
Windows NT 4.0 allows local users to cause a denial of service via a
user mode application that closes a handle that was opened in kernel
mode, which causes a crash when the kernel attempts to close the
handle.
Reference: MSKB:Q160650
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a
denial of service (crash) by calling certain WIN32K functions with
incorrect parameters.
Reference: MSKB:Q160601
Windows NT 3.51 and 4.0 allow local users to cause a denial of service
(crash) by running a program that creates a large number of locks on a
file, which exhausts the NonPagedPool.
Reference: MSKB:Q163143
DNS allows remote attackers to use DNS name servers as traffic
amplifiers via a UDP DNS query with a spoofed source address, which
produces more traffic to the victim than was sent by the attacker.
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX
ActiveX control as safe for scripting, which allows remote attackers
to execute arbitrary commands via the run option through malicious web
pages that are accessed by browsers such as Internet Explorer 3.0.
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by
changing the ownership of a file to root, which allows local users to
gain root privileges by creating a setuid program and setting it to
"Read Only," which NetWare-NFS changes to a setuid root program.
Reference: BUGTRAQ:19980108 NetWare NFS
Indigo Magic System Tour in the SGI system tour package (systour) for
IRIX 5.x through 6.3 allows local users to gain root privileges via a
Trojan horse .exitops program, which is called by the inst command
that is executed by the RemoveSystemTour program.
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local
users to gain privileges via a long HOME environment variable.
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Perl 5.004_04 and earlier follows symbolic links when running with the
-e option, which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/perl-eaXXXXX file.
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
The access permissions for a UNIX domain socket are ignored in Solaris
2.x and SunOS 4.x, and other BSD-based operating systems before 4.4,
which could allow local users to connect to the socket and possibly
disrupt or control the operations of the program using that socket.
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows
local users to append text to arbitrary files via a symlink attack on
the dhcplog file.
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local
users to read portions of arbitrary files by submitting the file to at
with the -f argument, which generates error messages that at sends to
the user via e-mail.
Reference: BUGTRAQ:19980703 more about 'at'
The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds
the anonymous FTP user without notifying the administrator, which
could automatically enable anounymous FTP on some servers such as
wu-ftp.
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
IBM Netfinity Remote Control allows local users to gain administrator
privileges by starting programs from the process manager, which runs
with system level privileges.
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and
2.4 allows local users to gain root privileges.
Reference: SUN:00148
ping in Solaris 2.3 through 2.6 allows local users to cause a denial
of service (crash) via a ping request to a multicast address through
the loopback interface, e.g. via ping -i.
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not
start the xlock process until after the sys-suspend has completed,
which allows an attacker with physical access to input characters to
the last active application from the keyboard for a short period after
the system is restoring, which could lead to increased privileges.
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
HP JetAdmin D.01.09 on Solaris allows local users to change the
permissions of arbitrary files via a symlink attack on the
/tmp/jetadmin.log file.
Reference: BUGTRAQ:19980715 JetAdmin software
ePerl 2.2.12 allows remote attackers to read arbitrary files and
possibly execute certain commands by specifying a full pathname of the
target file as an argument to bar.phtml.
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
GINA in Windows NT 4.0 allows attackers with physical access to
display a portion of the clipboard of the user who has locked the
workstation by pasting (CTRL-V) the contents into the username prompt.
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not
properly restrict access as specified in the .Rhosts file when a user
comes from an authorized host, which could allow unauthorized users to
access the service by logging in from an authorized host.
Reference: MSKB:Q158320
thttpd HTTP server 2.03 and earlier allows remote attackers to read
arbitrary files via a GET request with more than one leading / (slash)
character in the filename.
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
rdist in various UNIX systems uses popen to execute sendmail, which
allows local users to gain root privileges by modifying the IFS
(Internal Field Separator) variable.
Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
Internet Explorer 4.0 allows remote attackers to read arbitrary text
and HTML files on the user's machine via a small IFRAME that uses
Dynamic HTML (DHTML) to send the data to the attacker, aka the
Freiburg text-viewing issue.
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
When a Web site redirects the browser to another site, Internet
Explorer 3.02 and 4.0 automatically resends authentication information
to the second site, aka the "Page Redirect Issue."
Reference: MSKB:Q176697
A bug in Intel Pentium processor (MMX and Overdrive) allows local
users to cause a denial of service (hang) in Intel-based operating
systems such as Windows NT and Windows 95, via an invalid instruction,
aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
Reference: MSKB:Q163852
The Sun HotSpot Performance Engine VM allows a remote attacker to
cause a denial of service on any server running HotSpot via a URL that
includes the [ character.
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Squid 2.2.STABLE5 and below, when using external authentication,
allows attackers to bypass access controls via a newline in the
user/password pair.
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote
attackers to read files without authentication.
Reference: CIAC:I-079A
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access
via a long HOME environmental variable.
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local
attackers to read arbitrary files via the -text argument.
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access
via insecure permissions on files and directories such as crash.
Reference: CERT:CA-1993-03
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote
attackers to execute arbitrary commands as root via an infected mail
message with shell metacharacters in the reply-to field.
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly
identify the user for running certain scripts, which allows a
malicious site administrator to view or modify data located at another
virtual site on the same system.
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a
malicious Web site to execute arbitrary code on a viewer's system via
a long IMG_SRC HTML tag.
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Buffer overflow in AspUpload.dll in Persits Software AspUpload before
1.4.0.2 allows remote attackers to cause a denial of service, and
possibly execute arbitrary commands, via a long argument in the HTTP
request.
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
RPMMail before 1.4 allows remote attackers to execute commands via an
e-mail message with shell metacharacters in the "MAIL FROM" command.
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to
read arbitrary files by specifying the target file in the "file"
parameter.
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Man2html 2.1 and earlier allows local users to overwrite arbitrary
files via a symlink attack on a temporary file.
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
RealMedia server allows remote attackers to cause a denial of service
via a long ramgen request.
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Buffer overflow in ZBServer Pro allows remote attackers to execute
commands via a long GET request.
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Buffer overflow in UnixWare rtpm program allows local users to gain
privileges via a long environmental variable.
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
ZBServer Pro allows remote attackers to read source code for
executable files by inserting a . (dot) into the URL.
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
strace allows local users to read arbitrary files via memory mapped
file names.
Reference: BUGTRAQ:19991225 strace can lie
Trend Micro PC-Cillin does not restrict access to its internal proxy
port, allowing remote attackers to conduct a denial of service.
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
The bna_pass program in Optivity NETarchitect uses the PATH
environmental variable for finding the "rm" program, which allows
local users to execute arbitrary commands.
Reference: BUGTRAQ:19991230 bna,sh
WebWho+ whois.cgi program allows remote attackers to execute commands
via shell metacharacters in the TLD parameter.
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote
attackers to execute commands via a long GET request.
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Buffer overflow in w3-msql CGI program in miniSQL package allows
remote attackers to execute commands.
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
IRIX soundplayer program allows local users to gain privileges by
including shell metacharacters in a .wav file, which is executed via
the midikeys program.
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Denial of service in Savant web server via a null character in the
requested URL.
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
CascadeView TFTP server allows local users to gain privileges via a
symlink attack.
Reference: BUGTRAQ:19991231 tftpserv.sh
wmmon in FreeBSD allows local users to gain privileges via the
.wmmonrc configuration file.
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
DNS PRO allows remote attackers to conduct a denial of service via a
large number of connections.
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Lotus Domino HTTP server does not properly disable anonymous access
for the cgi-bin directory.
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Buffer overflow in Lotus Domino HTTP server allows remote attackers to
cause a denial of service via a long URL.
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.
Reference: MS:MS99-061
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code
for ASP files if the file is in a virtual directory whose name
includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the
"Virtual Directory Naming" vulnerability.
Reference: MS:MS99-058
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers
to gain root access via a long username/password authorization
string.
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
IBM Network Station Manager NetStation allows local users to gain
privileges via a symlink attack.
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
UnixWare pis and mkpis commands allow local users to gain privileges
via a symlink attack.
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Solaris dmispd dmi_cmd allows local users to fill up restricted disk
space by adding files to the /var/dmi/db database.
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
The initscripts package in Red Hat Linux allows local users to gain
privileges via a symlink attack.
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Solaris dmi_cmd allows local users to crash the dmispd daemon by
adding a malformed file to the /var/dmi/db database.
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
InterScan VirusWall SMTP scanner does not properly scan messages with
malformed attachments.
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Netscape 4.7 records user passwords in the preferences.js file during
an IMAP or POP session, even if the user has not enabled "remember
passwords."
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Outlook Express 5 for Macintosh downloads attachments to HTML mail
without prompting the user, aka the "HTML Mail Attachment"
vulnerability.
Reference: MS:MS99-060
Majordomo wrapper allows local users to gain privileges by specifying
an alternate configuration file.
Reference: BUGTRAQ:19991228 majordomo local exploit
AltaVista search engine allows remote attackers to read files above
the document root via a .. (dot dot) in the query.cgi CGI program.
Reference: BUGTRAQ:19991229 AltaVista
glFtpD allows local users to gain privileges via metacharacters in the
SITE ZIPCHK command.
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)
Macintosh systems generate large ICMP datagrams in response to
malformed datagrams, allowing them to be used as amplifiers in a flood
attack.
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections
Buffer overflow in CSM mail server allows remote attackers to cause a
denial of service or execute commands via a long HELO command.
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Buffer overflow in CamShot WebCam HTTP server allows remote attackers
to execute commands via a long GET request.
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to
read arbitrary files or execute commands.
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
MySQL allows local users to modify passwords for arbitrary MySQL users
via the GRANT privilege.
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
get_it program in Corel Linux Update allows local users to gain root
access by specifying an alternate PATH for the cp program.
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.
Reference: ALLAIRE:ASB00-01
The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.
Reference: ALLAIRE:ASB00-02
Red Hat userhelper program in the usermode package allows local users
to gain root access via PAM and a .. (dot dot) attack.
Reference: L0PHT:20000104 PamSlam
Microsoft Commercial Internet System (MCIS) IMAP server allows remote
attackers to cause a denial of service via a malformed IMAP request.
Reference: MS:MS00-001
IMail IMONITOR status.cgi CGI script allows remote attackers to cause
a denial of service with many calls to status.cgi.
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Cold Fusion CFCACHE tag places temporary cache files within the web
document root, allowing remote attackers to obtain sensitive system
information.
Reference: ALLAIRE:ASB00-03
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers
to cause a denial of service via a long user name.
Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
The DTML implementation in the Z Object Publishing Environment (Zope)
allows remote attackers to conduct unauthorized activities.
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to read arbitrary files by specifying the filename in a
parameter to the script.
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to cause a denial of service via a malformed URL that
includes shell metacharacters.
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Buffer overflow in InetServ 3.0 allows remote attackers to execute
commands via a long GET request.
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Visual Casel (Vcasel) does not properly prevent users from executing
files, which allows local users to use a relative pathname to specify
an alternate file which has an approved name and possibly gain
privileges.
Reference: BUGTRAQ:20000118 Warning: VCasel security hole.
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows
attackers to cause a denial of service via a malformed control word.
Reference: MS:MS00-005
Super Mail Transfer Package (SMTP), later called MsgCore, has a memory
leak which allows remote attackers to cause a denial of service by
repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the
same session.
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
nviboot boot script in the Debian nvi package allows local users to
delete files via malformed entries in vi.recover.
Reference: BUGTRAQ:19991230 vibackup.sh
AIX techlibss allows local users to overwrite files via a symlink
attack.
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
HP asecure creates the Audio Security File audio.sec with insecure
permissions, which allows local users to cause a denial of service or
gain additional privileges.
Reference: HP:HPSBUX0001-109
Netscape Mail Notification (nsnotify) utility in Netscape Communicator
uses IMAP without SSL, even if the user has set a preference for
Communicator to use an SSL connection, allowing a remote attacker to
sniff usernames and passwords in plaintext.
Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape
Buffer overflow in the conversion utilities for Japanese, Korean and
Chinese Word 5 documents allows an attacker to execute commands, aka
the "Malformed Conversion Data" vulnerability.
Reference: MS:MS00-002
The rdisk utility in Microsoft Terminal Server Edition and Windows NT
4.0 stores registry hive information in a temporary file with
permissions that allow local users to read it, aka the "RDISK Registry
Enumeration File" vulnerability.
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
VMWare 1.1.2 allows local users to cause a denial of service via a
symlink attack.
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Buffer overflow in vchkpw/vpopmail POP authentication package allows
remote attackers to gain root privileges via a long username or
password.
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
The BSD make program allows local users to modify files via a symlink
attack when the -j option is being used.
Reference: FREEBSD:FreeBSD-SA-00:01
procfs in BSD systems allows local users to gain root privileges by
modifying the /proc/pid/mem interface via a modified file descriptor
for stderr.
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for
determining the optimum MTU generates large amounts of traffic in
response to small packets, allowing remote attackers to cause the
system to be used as a packet amplifier.
Reference: HP:HPSBUX0001-110
The WebHits ISAPI filter in Microsoft Index Server allows remote
attackers to read arbitrary files, aka the "Malformed Hit-Highlighting
Argument" vulnerability.
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Microsoft Index Server allows remote attackers to determine the real
path for a web directory via a request to an Internet Data Query file
that does not exist.
Reference: MS:MS00-006
Buffer overflow in UnixWare ppptalk command allows local users to gain
privileges via a long prompt argument.
Reference: BUGTRAQ:20000119 Unixware ppptalk
The SMS Remote Control program is installed with insecure permissions,
which allows local users to gain privileges by modifying or replacing
the program.
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Linux apcd program allows local attackers to modify arbitrary files
via a symlink attack.
Reference: DEBIAN:20000201
The RightFax web client uses predictable session numbers, which allows
remote attackers to hijack user sessions.
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
The SyGate Remote Management program does not properly restrict access
to its administration service, which allows remote attackers to
cause a denial of service, or access network traffic statistics.
Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole
Firewall-1 does not properly filter script tags, which allows remote
attackers to bypass the "Strip Script Tags" restriction by including
an extra < in front of the SCRIPT tag.
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site
Administrator to modify passwords for other users, site
administrators, and possibly admin (root).
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0
allows users to bypass authentication via the bAuthenticated
parameter.
Reference: ALLAIRE:ASB00-04
The Recycle Bin utility in Windows NT and Windows 2000 allows local
users to read or modify files by creating a subdirectory with the
victim's SID in the recycler directory, aka the "Recycle Bin
Creation" vulnerability.
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000
The Webspeed configuration program does not properly disable access to
the WSMadmin utility, which allows remote attackers to gain
privileges.
Reference: BUGTRAQ:20000203 Webspeed security issue
The Finger Server 0.82 allows remote attackers to execute commands via
shell metacharacters.
Reference: BUGTRAQ:20000204 "The Finger Server"
Buffer overflow in SCO scohelp program allows remote attackers to
execute commands.
Reference: BUGTRAQ:20000127 New SCO patches...
Buffer overflow in War FTPd 1.6x allows users to cause a denial of
service via long MKD and CWD commands.
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Internet Anywhere POP3 Mail Server allows local users to cause a
denial of service via a malformed RETR command.
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Internet Anywhere POP3 Mail Server allows remote attackers to cause a
denial of service via a large number of connections.
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to
execute commands via shell metacharacters in the topic hidden field.
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Axis 700 Network Scanner does not properly restrict access to
administrator URLs, which allows users to bypass the password
protection via a .. (dot dot) attack.
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
The libguile.so library file used by gnucash in Debian Linux is
installed with world-writable permissions.
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0
The Java Server in the Novell GroupWise Web Access Enhancement Pack
allows remote attackers to cause a denial of service via a long URL
to the servlet.
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e
MySQL 3.22 allows remote attackers to bypass password authentication
and access a database via a short check string.
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Zeus web server allows remote attackers to view the source code for
CGI programs via a null character (%00) at the end of a URL.
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Firewall-1 allows remote attackers to bypass port access restrictions
on an FTP server by forcing it to send malicious packets which
Firewall-1 misinterprets as a valid 227 response to a client's PASV
attempt.
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Remote attackers can cause a denial of service in Novell BorderManager
3.5 by pressing the enter key in a telnet connection to port 2000.
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Internet Explorer 4.x and 5.x allow a remote web server to access
files on the client that are outside of its security domain, aka the
"Image Source Redirect" vulnerability.
Reference: MS:MS00-009
NetBSD ptrace call on VAX allows local users to gain privileges by
modifying the PSL contents in the debugging process.
Reference: NETBSD:1999-012
HP Ignite-UX does not save /etc/passwd when it creates an image of a
trusted system, which can set the password field to a blank and allow
an attacker to gain privileges.
Reference: HP:HPSBUX0002-111
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not
validate an identification number, which allows remote attackers to
execute SQL commands.
Reference: MS:MS00-010
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x
allows a remote attacker to read files via a malicious Java applet
that escapes the Java sandbox, aka the "VM File Reading"
vulnerability.
Reference: MS:MS00-011
The installation of Sun Internet Mail Server (SIMS) creates a
world-readable file that allows local users to obtain passwords.
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.
Reference: BUGTRAQ:20000210 Re: application proxies?
Buffer overflow in the InterAccess telnet server TelnetD allows remote
attackers to execute commands via a long login name.
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Microsoft Windows 9x operating systems allow an attacker to cause a
denial of service via a pathname that includes file device names, aka
the "DOS Device in Path Name" vulnerability.
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Batch files in the Oracle web listener ows-bin directory allow remote
attackers to execute commands via a malformed URL that includes '?&'.
Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x
Buffer overflow in the man program in Linux allows local users to
gain privileges via the MANPAGER environmental variable.
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)
atsadc in the atsar package for Linux does not properly check the
permissions of an output file, which allows local users to gain root
privileges.
Reference: BUGTRAQ:20000311 TESO advisory -- atsadc
The mtr program only uses a seteuid call when attempting to drop
privileges, which could allow local users to gain root privileges.
Reference: BUGTRAQ:20000303 Potential security problem with mtr
StarOffice StarScheduler web server allows remote attackers to read
arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Buffer overflow in StarOffice StarScheduler web server allows remote
attackers to gain root access via a long GET command.
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
ServerIron switches by Foundry Networks have predictable TCP/IP
sequence numbers, which allows remote attackers to spoof or hijack
sessions.
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of
service via a large number of connections to port 5555.
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Sojourn search engine allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Firewall-1 3.0 and 4.0 leaks packets with private IP address
information, which could allow remote attackers to determine the real
IP address of the host that is making the connection.
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
iPlanet Web Server 4.1 allows remote attackers to cause a denial of
service via a large number of GET commands, which consumes memory and
causes a kernel panic.
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1
Buffer overflow in ircII 4.4 IRC client allows remote attackers to
execute commands via the DCC chat capability.
Reference: FREEBSD:FreeBSD-SA-00:11
Linux printtool sets the permissions of printer configuration files to
be world-readable, which allows local attackers to obtain printer
share passwords.
Reference: BUGTRAQ:20000309
RealMedia RealServer reveals the real IP address of a Real Server,
even if the address is supposed to be private.
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Buffer overflow in the dump utility in the Linux ext2fs backup package
allows local users to gain privileges via a long command line
argument.
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
ColdFusion Server 4.x allows remote attackers to determine the real
pathname of the server via an HTTP request to the application.cfm or
onrequestend.cfm files.
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path
Axis StorPoint CD allows remote attackers to access administrator URLs
without authentication via a .. (dot dot) attack.
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
The default installation of Caldera OpenLinux 2.3 includes the CGI
program rpm_query, which allows remote attackers to determine what
packages are installed on the system.
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
The default configuration of Dosemu in Corel Linux 1.0 allows local
users to execute the system.com program and gain privileges.
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
buildxconf in Corel Linux allows local users to modify or create
arbitrary files via the -x or -f parameters.
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
setxconf in Corel Linux allows local users to gain root access via the
-T parameter, which executes the user's .xserverrc file.
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Buffer overflow in mhshow in the Linux nmh package allows remote
attackers to execute commands via malformed MIME headers in an email
message.
Reference: DEBIAN:20000228 remote exploit in nmh
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers
to cause a denial of service or execute commands via a malformed CIL
(clip art library) file, aka the "Clip Art Buffer Overrun"
vulnerability.
Reference: MS:MS00-015
The window.showHelp() method in Internet Explorer 5.x does not
restrict HTML help files (.chm) to be executed from the local host,
which allows remote attackers to execute arbitrary commands via
Microsoft Networking.
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow
remote attackers to gain privileges via a malformed Select statement
in an SQL query.
Reference: MS:MS00-014
The installation of Oracle 8.1.5.x on Linux follows symlinks and
creates the orainstRoot.sh file with world-writeable permissions,
which allows local users to gain privileges.
Reference: BUGTRAQ:20000305 Oracle installer problem
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to
execute commands via shell metacharacters.
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
The htdig (ht://Dig) CGI program htsearch allows remote attackers to
read arbitrary files by enclosing the file name with backticks (`) in
parameters to htsearch.
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and
possibly execute commands via a long URL in a malicious web page.
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
The lit program in Sun Flex License Manager (FlexLM) follows symlinks,
which allows local users to modify arbitrary files.
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...
The Windows Media server allows remote attackers to cause a denial of
service via a series of client handshake packets that are sent in an
improper sequence, aka the "Misordered Windows Media Services
Handshake" vulnerability.
Reference: MS:MS00-013
InterAccess TelnetID Server 4.0 allows remote attackers to conduct a
denial of service via malformed terminal client configuration
information.
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Vulnerability in SCO cu program in UnixWare 7.x allows local users to
gain privileges.
Reference: SCO:SB-00.05
The default configuration of SSH allows X forwarding, which could
allow a remote attacker to control a client's X sessions via a
malicious xauth program.
Reference: BUGTRAQ:20000224 SSH & xauth
Buffer overflow in Linux mount and umount allows local users to gain
root privileges via a long relative pathname.
Reference: SUSE:20000210 util < 2.10f
The Nautica Marlin bridge allows remote attackers to cause a denial of
service via a zero length UDP packet to the SNMP port.
Reference: BUGTRAQ:20000225 Scorpion Marlin
The installation for Windows 2000 does not activate the Administrator
password until the system has rebooted, which allows remote attackers
to connect to the ADMIN$ share without a password until the reboot
occurs.
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Buffer overflow in the wmcdplay CD player program for the WindowMaker
desktop allows local users to gain root privileges via a long
parameter.
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root
privileges via a symlink attack.
Reference: NAI:20000215 ARCserve symlink vulnerability
The Pocsag POC32 program does not properly prevent remote users from
accessing its server port, even if the option has been disabled.
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
IIS 4.0 allows attackers to cause a denial of service by requesting a
large buffer in a POST or PUT command which consumes memory, aka the
"Chunked Transfer Encoding Buffer Overflow Vulnerability."
Reference: MS:MS00-018
Microsoft Windows Media License Manager allows remote attackers to
cause a denial of service by sending a malformed request that causes
the manager to halt, aka the "Malformed Media License Request"
Vulnerability.
Reference: MS:MS00-016
gpm-root in the gpm package does not properly drop privileges, which
allows local users to gain privileges by starting a utility from
gpm-root.
Reference: BUGTRAQ:20000322 gpm-root
Buffer overflow in imwheel allows local users to gain root privileges
via the imwheel-solo script and a long HOME environmental variable.
Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel
Linux kreatecd trusts a user-supplied path that is used to find the
cdrecord program, allowing local users to gain root privileges.
Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at:
Microsoft TCP/IP Printing Services, aka Print Services for Unix,
allows an attacker to cause a denial of service via a malformed TCP/IP
print request.
Reference: MS:MS00-021
SuSE Linux IMAP server allows remote attackers to bypass IMAP
authentication and gain privileges.
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
The default configuration of Cobalt RaQ2 and RaQ3 as specified in
access.conf allows remote attackers to view sensitive contents of a
.htaccess file.
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Buffer overflow in the huh program in the orville-write package allows
local users to gain root privileges.
Reference: FREEBSD:FreeBSD-SA-00:10
Netscape Enterprise Server with Directory Indexing enabled allows
remote attackers to list server directories via web publishing tags
such as ?wp-ver-info and ?wp-cs-dump.
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Netscape Enterprise Server with Web Publishing enabled allows remote
attackers to list arbitrary directories via a GET request for the
/publisher directory, which provides a Java applet that allows the
attacker to browse the directories.
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Buffer overflow in the web server for Norton AntiVirus for Internet
Email Gateways allows remote attackers to cause a denial of service
via a long URL.
Reference: BUGTRAQ:20000317 DoS with NAVIEG
vqSoft vqServer program allows remote attackers to read arbitrary
files via a /........../ in the URL, a variation of a .. (dot dot)
attack.
Reference: BUGTRAQ:20000321 vqserver /........../
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to
cause a denial of service via a short GET request to cgi-bin.
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Vulnerability in SGI IRIX objectserver daemon allows remote attackers
to create user accounts.
Reference: BUGTRAQ:20000328 Objectserver vulnerability
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing
if a virtual directory is mapped to a UNC share, which allows remote
attackers to read the source code of ASP and other files, aka the
"Virtualized UNC Share" vulnerability.
Reference: MS:MS00-019
The AIX Fast Response Cache Accelerator (FRCA) allows local users to
modify arbitrary files via the configuration capability in the
frcactrl program.
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes
via an interface that has multiple aliased IP addresses.
Reference: HP:HPSBUX0004-112
The dansie shopping cart application cart.pl allows remote attackers
to execute commands via a shell metacharacters in a form variable.
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
The dansie shopping cart application cart.pl allows remote attackers
to modify sensitive purchase information via hidden form fields.
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
The dansie shopping cart application cart.pl allows remote attackers
to obtain the shopping cart database and configuration information via
a URL that references either the env, db, or vars form variables.
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a
denial of service via a scan for the FormMail CGI program.
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Buffer overflow in the NetWare remote web administration utility
allows remote attackers to cause a denial of service or execute
commands via a long URL.
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service
by sending many URLs with a large number of escaped characters, aka
the "Myriad Escaped Characters" Vulnerability.
Reference: MS:MS00-023
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0
allows users to cause a denial of service or execute commands, aka
the "Link View Server-Side Component" vulnerability.
Reference: MS:MS00-025
The AVM KEN! web server allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000415 (no subject)
The AVM KEN! ISDN Proxy server allows remote attackers to cause a
denial of service via a malformed request.
Reference: BUGTRAQ:20000415 (no subject)
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause
a denial of service via a malformed request.
Reference: BUGTRAQ:20000416 xfs
Panda Security 3.0 with registry editing disabled allows users to edit
the registry and gain privileges by directly executing a .reg file or
using other methods.
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Panda Security 3.0 allows users to uninstall the Panda software via
its Add/Remove Programs applet.
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode
without a password.
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of
service by sending the ENVIRON option to the Telnet daemon before it
is ready to accept it, which causes the system to reboot.
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
RealNetworks RealServer allows remote attackers to cause a denial of
service by sending malformed input to the server at port 7070.
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
PCAnywhere allows remote attackers to cause a denial of service by
terminating the connection before PCAnywhere provides a login prompt.
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
The Linux trustees kernel patch allows attackers to cause a denial of
service by accessing a file or directory with a long name.
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
BeOS 4.5 and 5.0 allow local users to cause a denial of service via
malformed direct system calls using interrupt 37.
Reference: BUGTRAQ:20000410 BeOS syscall bug
Microsoft Excel 97 and 2000 does not warn the user when executing
Excel Macro Language (XLM) macros in external text files, which could
allow an attacker to execute a macro virus, aka the "XLM Text Macro"
vulnerability.
Reference: MS:MS00-022
The SalesLogix Eviewer allows remote attackers to cause a denial of
service by accessing the URL for the slxweb.dll administration
program, which does not authenticate the user.
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
BeOS allows remote attackers to cause a denial of service via
malformed packets whose length field is less than the length of the
headers.
Reference: BUGTRAQ:20000407 BeOS Networking DOS
TalentSoft webpsvr daemon in the Web+ shopping cart application allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the webplus CGI program.
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
The default installation of IRIX Performance Copilot allows remote
attackers to access sensitive system information via the pmcd daemon.
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Buffer overflow in XFree86 3.3.x allows local users to execute
arbitrary commands via a long -xkbmap parameter.
Reference: BUGTRAQ:20000416 XFree86 server overflow
The BizDB CGI script bizdb-search.cgi allows remote attackers to
execute arbitrary commands via shell metacharacters in the dbname
parameter.
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
IP masquerading in Linux 2.2.x allows remote attackers to route UDP
packets through the internal interface by modifying the external
source IP address and port number to match those of an established
connection.
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Buffer overflow in Webstar HTTP server allows remote attackers to
cause a denial of service via a long GET request.
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a
denial of service via a ping flood to the Ethernet interface, which
causes the device to crash.
Reference: BUGTRAQ:20000418 Adtran DoS
Buffer overflow in healthd for FreeBSD allows local users to gain root
privileges.
Reference: FREEBSD:FreeBSD-SA-00:12
fcheck allows local users to gain privileges by embedding shell
metacharacters into file names that are processed by fcheck.
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Allaire Forums 2.0.5 allows remote attackers to bypass access
restrictions to secure conferences via the rightAccessAllForums or
rightModerateAllForums variables.
Reference: ALLAIRE:ASB00-06
The unattended installation of Windows 2000 with the OEMPreinstall
option sets insecure permissions for the All Users and Default Users
directories.
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to
cause a denial of service via the AUTH CRAM-MD5 command.
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Microsoft Index Server allows remote attackers to view the source code
of ASP files by appending a %20 to the filename in the CiWebHitsFile
argument to the null.htw URL.
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Quake3 Arena allows malicious server operators to read or modify
files on a client via a dot dot (..) attack.
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory
installed allows a remote attacker to cause a denial of service via a
malformed request to the inetinfo.exe program, aka the "Undelimited
.HTR Request" vulnerability.
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal
Server systems allow a remote attacker to cause a denial of service by
sending a large number of identical fragmented IP packets, aka jolt2
or the "IP Fragment Reassembly" vulnerability.
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Buffer overflow in calserver in SCO OpenServer allows remote attackers
to gain root access via a long message.
Reference: SCO:SB-99.02
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and
earlier allows an attacker to cause a denial of service which prevents
access to reserved port numbers below 1024.
Reference: SCO:SB-99.07
Insecure file permissions for Netscape FastTrack Server 2.x,
Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and
2.1.3 allow an attacker to gain root privileges.
Reference: SCO:SB-99.08
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a
local user to cause a denial of service.
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause
a denial of service by sending a large number of fragmented packets.
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
The Windows 2000 domain controller allows a malicious user to modify
Active Directory information by modifying an unprotected attribute,
aka the "Mixed Object Access" vulnerability.
Reference: MS:MS00-026
Vulnerability in OpenBSD 2.6 allows a local user to change interface
media configurations.
Reference: OPENBSD:19991109 Any user can change interface media configurations.
traceroute in NetBSD 1.3.3 and Linux systems allows local users to
flood other systems by providing traceroute with a large waittime (-w)
option, which is not parsed properly and sets the time delay for
sending packets to zero.
Reference: BUGTRAQ:19990213 traceroute as a flooder
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged
users to modify the source address of the packets, which could be used
in spoofing attacks.
Reference: BUGTRAQ:19990213 traceroute as a flooder
Buffer overflow in Solaris 7 lp allows local users to gain root
privileges via a long -d option.
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Atrium Mercur Mail Server 3.2 allows local attackers to read other
user's email and create arbitrary files via a dot dot (..) attack.
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
mail.local in Sendmail 8.10.x does not properly identify the .\n
string which identifies the end of message text, which allows a remote
attacker to cause a denial of service or corrupt mailboxes via a
message line that is 2047 characters long and ends in .\n.
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Qpopper 2.53 and 3.0 does not properly identify the \n string which
identifies the end of message text, which allows a remote attacker to
cause a denial of service or corrupt mailboxes via a message line that
is 1023 characters long and ends in \n.
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server
Package allows local users to execure arbitrary commands via shell
metacharacters.
Reference: BUGTRAQ:20000424 piranha default password/exploit
The Microsoft Jet database engine allows an attacker to modify text
files via a database query, aka the "Text I-ISAM" vulnerability.
Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of
service via a TCP SYN scan, e.g. by nmap.
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Microsoft Virtual Machine (VM) allows remote attackers to escape the
Java sandbox and execute commands via an applet containing an illegal
cast operation, aka the "Virtual Machine Verifier" vulnerability.
Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
Windows NT 4.0 generates predictable random TCP initial sequence
numbers (ISN), which allows remote attackers to perform spoofing and
session hijacking.
Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
A Microsoft ActiveX control allows a remote attacker to execute a
malicious cabinet file via an attachment and an embedded script in an
HTML mail, aka the "Active Setup Control" vulnerability.
Reference: MS:MS99-048
The networking software in Windows 95 and Windows 98 allows remote
attackers to execute commands via a long file name string, aka the
"File Access URL" vulnerability.
Reference: MS:MS99-049
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows
NT and Windows 2000 allows a local user to cause a denial of service
via a long environment variable, aka the "Malformed Environment
Variable" vulnerability.
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows
remote attackers to read arbitrary files via a pathname string that
includes a dot dot (..) and ends with a null byte.
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
The Allaire Spectra container editor preview tool does not properly
enforce object security, which allows an attacker to conduct
unauthorized activities via an object-method that is added to the
container object with a publishing rule.
Reference: ALLAIRE:ASB00-10
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local
attacker to spoof DNS query results.
Reference: BUGTRAQ:20000502 glibc resolver weakness
Linux OpenLDAP server allows local users to modify arbitrary files via
a symlink attack.
Reference: REDHAT:RHSA-2000:012-05
Buffer overflow in Xsun X server in Solaris 7 allows local users to
gain root privileges via a long -dev parameter.
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Concurrent Versions Software (CVS) uses predictable temporary file
names for locking, which allows local users to cause a denial of
service by creating the lock directory before it is created for use by
a legitimate CVS user.
Reference: BUGTRAQ:20000423 CVS DoS
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source
port of 67, which allows remote attackers to bypass the firewall
rules.
Reference: BUGTRAQ:20000420 ZoneAlarm
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to
execute arbitrary commands via the DISPLAY environmental variable.
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a
denial of service via a long login name.
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Eudora 4.x allows remote attackers to bypass the user warning for
executable attachments such as .exe, .com, and .bat by using a .lnk
file that refers to the attachment, aka "Stealth Attachment."
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to
cause a denial of service via a negative size value.
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
AppleShare IP 6.1 and later allows a remote attacker to read
potentially sensitive information via an invalid range request to the
web server.
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Windows 95 and Windows 98 allow a remote attacker to cause a denial of
service via a NetBIOS session request packet with a NULL source name.
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
A vulnerability in the Sendmail configuration file sendmail.cf as
installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain
root privileges.
Reference: SCO:SB-99.10
Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an
attacker to cause a denial of service.
Reference: SCO:SB-99.13
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is
enabled, which allows a remote attacker to bypass the weak
authentication and post unencrypted events.
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Some packaging commands in SCO UnixWare 7.1.0 have insecure
privileges, which allows local users to add or remove software
packages.
Reference: SCO:SB-99.09
Pine before version 4.21 does not properly filter shell metacharacters
from URLs, which allows remote attackers to execute arbitrary commands
via a malformed URL.
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
mirror 2.8.x in Linux systems allows remote attackers to create files
one level above the local target directory.
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not
properly lock access to disabled NIS accounts.
Reference: REDHAT:RHSA-1999:040
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to
cause a denial of service via a maliciously formatted article.
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a
.config file with world readable permissions, which allows a local
attacker in the dialout group to access login and password
information.
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Buffer overflows in Linux cdwtools 093 and earlier allows local users
to gain root privileges.
Reference: SUSE:19991019 Security hole in cdwtools < 093
Linux cdwtools 093 and earlier allows local users to gain root
privileges via the /tmp directory.
Reference: SUSE:19991019 Security hole in cdwtools < 093
dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.
Reference: DEBIAN:19991202 problem restoring symlinks
Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to
gain root privileges.
Reference: DEBIAN:19990218 Root exploit in eterm
Classic Cisco IOS 9.1 and later allows attackers with access to the
loging prompt to obtain portions of the command history of previous
users, which may allow the attacker to access sensitive data.
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
The IDENT server in Caldera Linux 2.3 creates multiple threads for
each IDENT request, which allows remote attackers to cause a denial of
service.
Reference: CALDERA:CSSA-1999-029.1
The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.
Reference: CALDERA:CSSA-1999-001.0
The libmediatool library used for the KDE mediatool allows local users
to create arbitrary files via a symlink attack.
Reference: CALDERA:CSSA-1999-005.0
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows
a local user to gain root privileges.
Reference: CALDERA:CSSA-1999-014.0
Vulnerabilities in the KDE kvt terminal program allow local users to
gain root privileges.
Reference: CALDERA:CSSA-1999-015.0
The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.
Reference: CALDERA:CSSA-1999-021.0
The kernel in FreeBSD 3.2 follows symbolic links when it creates core
dump files, which allows local attackers to modify arbitrary files.
Reference: FREEBSD:FreeBSD-SA-99:04
Buffer overflow in the HTTP proxy server for the i-drive Filo software
allows remote attackers to execute arbitrary commands via a long HTTP
GET request.
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
The Remote Registry server in Windows NT 4.0 allows local
authenticated users to cause a denial of service via a malformed
request, which causes the winlogon process to fail, aka the "Remote
Registry Access Authentication" vulnerability.
Reference: MS:MS00-040
The pam_console PAM module in Linux systems performs a chown on
various devices upon a user login, but an open file descriptor for
those devices can be maintained after the user logs out, which allows
that user to sniff activity on these devices when subsequent users log
in.
Reference: BUGTRAQ:20000502 pam_console bug
The Netopia R9100 router does not prevent authenticated users from
modifying SNMP tables, even if the administrator has configured it to
do so.
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
The IOS HTTP service in Cisco routers and switches running IOS 11.1
through 12.1 allows remote attackers to cause a denial of service by
requesting a URL that contains a %% string.
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers
to view environmental variables and setup information by referencing a
non-existing database in the db parameter.
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
ColdFusion ClusterCATS appends stale query string arguments to a URL
during HTML redirection, which may provide sensitive information to
the redirected site.
Reference: ALLAIRE:ASB00-12
The makelev program in the golddig game from the FreeBSD ports
collection allows local users to overwrite arbitrary files.
Reference: FREEBSD:FreeBSD-SA-00:16
Buffer overflow in FreeBSD libmytinfo library allows local users to
execute commands via a long TERMCAP environmental variable.
Reference: FREEBSD:FreeBSD-SA-00:17
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows
remote attackers to gain root privileges.
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows
remote attackers to gain root privileges.
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain
root privileges.
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Buffer overflow in ksu in Kerberos 5 allows local users to gain root
privileges.
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
The KDE kscd program does not drop privileges when executing a program
specified in a user's SHELL environmental variable, which allows the
user to gain privileges by specifying an alternate program to execute.
Reference: BUGTRAQ:20000516 kscd vulnerability
NetProwler 3.0 allows remote attackers to cause a denial of service by
sending malformed IP packets that trigger NetProwler's
Man-in-the-Middle signature.
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of
service via a long HTTP request.
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
The add.exe program in the Carello shopping cart software allows
remote attackers to duplicate files on the server, which could allow
the attacker to read source code for web scripts such as .ASP files.
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
The EMURL web-based email account software encodes predictable
identifiers in user session URLs, which allows a remote attacker to
access a user's email account.
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent
allows remote attackers to execute arbitrary commands via a long
query_string parameter in the HTTP GET request.
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Buffer overflow in MDaemon POP server allows remote attackers to cause
a denial of service via a long user name.
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
The Mixed Mode authentication capability in Microsoft SQL Server 7.0
stores the System Administrator (sa) account in plaintext in a log
file which is readable by any user, aka the "SQL Server 7.0 Service
Pack Password" vulnerability.
Reference: MS:MS00-035
The CIFS Computer Browser service on Windows NT 4.0 allows a remote
attacker to cause a denial of service by sending a large number of
host announcement requests to the master browse tables, aka the
"HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
Reference: MS:MS00-036
The CIFS Computer Browser service allows remote attackers to cause a
denial of service by sending a ResetBrowser frame to the Master
Browser, aka the "ResetBrowser Frame" vulnerability.
Reference: MS:MS00-036
Buffer overflow in L0pht AntiSniff allows remote attackers to execute
arbitrary commands via a malformed DNS response packet.
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Netscape Communicator before version 4.73 and Navigator 4.07 do not
properly validate SSL certificates, which allows remote attackers to
steal information by redirecting traffic from a legitimate web server
to their own malicious server, aka the "Acros-Suencksen SSL"
vulnerability.
Reference: XF:netscape-invalid-ssl-sessions
Buffer overflow in Solaris netpr program allows local users to execute
arbitrary commands via a long -p option.
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service
via a long, complex URL that appears to contain a large number of file
extensions, aka the "Malformed Extension Data in URL" vulnerability.
Reference: MISC:http://www.ussrback.com/labs40.html
Netscape 4.73 and earlier follows symlinks when it imports a new
certificate, which allows local users to overwrite files of the user
importing the certificate.
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of
service by making repeated requests to a CFCACHE tagged cache file
that is not stored in memory.
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Matt Wright's FormMail CGI script allows remote attackers to obtain
environmental variables via the env_report parameter.
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows
local users to gain privileges via malformed input variables.
Reference: HP:HPSBUX0005-113
NTMail 5.x allows network users to bypass the NTMail proxy
restrictions by redirecting their requests to NTMail's web
configuration server.
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
The HTTP administration interface to the Cayman 3220-H DSL router
allows remote attackers to cause a denial of service via a long
username or password.
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
The Cayman 3220-H DSL router allows remote attackers to cause a denial
of service via oversized ICMP echo (ping) requests.
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
The Office 2000 UA ActiveX Control is marked as "safe for scripting,"
which allows remote attackers to conduct unauthorized activities via
the "Show Me" function in Office Help, aka the "Office 2000 UA
Control" vulnerability.
Reference: MS:MS00-034
The process_bug.cgi script in Bugzilla allows remote attackers to
execute arbitrary commands via shell metacharacters.
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
The CGI counter 4.0.7 by George Burgyan allows remote attackers to
execute arbitrary commands via shell metacharacters.
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8
allows remote attackers to execute arbitrary commands.
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
UltraBoard 1.6 and other versions allow remote attackers to cause a
denial of service by referencing UltraBoard in the Session parameter,
which causes UltraBoard to fork copies of itself.
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
The Aladdin Knowledge Systems eToken device allows attackers with
physical access to the device to obtain sensitive information without
knowing the PIN of the owner by resetting the PIN in the EEPROM.
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and
earlier allows a remote attacker to execute arbitrary commands via a
long filename for a uuencoded attachment.
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Cart32 allows remote attackers to access sensitive debugging
information by appending /expdate to the URL request.
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and
ownership for files that are uploaded via FrontPage, which allows
attackers to bypass cgiwrap and modify files.
Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
The calender.pl and the calendar_admin.pl calendar scripts by Matt
Kruse allow remote attackers to execute arbitrary commands via shell
metacharacters.
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
The allmanageup.pl file upload CGI script in the Allmanage Website
administration software 2.6 can be called directly by remote
attackers, which allows them to modify user accounts or web pages.
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers
to access arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in
gauntlet and WebShield allows remote attackers to cause a denial of
service or execute arbitrary commands.
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Buffer overflow in fdmount on Linux systems allows local users in the
"floppy" group to execute arbitrary commands via a long mountpoint
parameter.
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain
client cookies from another domain by including that domain name and
escaped characters in a URL, aka the "Unauthorized Cookie Access"
vulnerability.
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of
service by sending a packet with an unaligned IP timestamp option.
Reference: NETBSD:NetBSD-SA2000-002
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write
access to files on locally or remotely mounted AIX filesystems.
Reference: IBM:ERS-OAR-E01-2000:087.1
Qpopper 2.53 and earlier allows local users to gain privileges via a
formatting string in the From: header, which is processed by the euidl
command.
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
The web interface server in HP Web JetAdmin 5.6 allows remote
attackers to read arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
The pgpk command in PGP 5.x on Unix systems uses an insufficiently
random data source for non-interactive key pair generation, which
may produce predictable keys.
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Buffer overflow in MDBMS database server allows remote attackers to
execute arbitrary commands via a long string.
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to
execute arbitrary commands via a long configuration parameter to the
WebShield remote management service.
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
The WebShield SMTP Management Tool version 4.5.44 does not properly
restrict access to the management port when an IP address does not
resolve to a hostname, which allows remote attackers to access the
configuration via the GET_CONFIG command.
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
The Intel express 8100 ISDN router allows remote attackers to cause a
denial of service via oversized or fragmented ICMP packets.
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1
allows remote attackers to cause a denial of service via a long MAIL
FROM command.
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a
negative counter value in a malformed TCP packet that is sent to port
6000.
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Buffer overflow in Linux cdrecord allows local users to gain
privileges via the dev parameter.
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Buffer overflow in xlockmore xlock program version 4.16 and earlier
allows local users to read sensitive data from memory via a long -mode
option.
Reference: NAI:20000529 Initialized Data Overflow in Xlock
NetBSD 1.4.2 and earlier allows local users to cause a denial of
service by repeatedly running certain system calls in the kernel which
do not yield the CPU, aka "cpu-hog".
Reference: NETBSD:NetBSD-SA2000-005
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file
contents by requesting the file and appending a large number of
encoded spaces (%20) and terminated with a .htr extension, aka the
".HTR File Fragment Reading" or "File Fragment Reading via .HTR"
vulnerability.
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
The MSWordView application in IMP creates world-readable files in the
/tmp directory, which allows other local users to read potentially
sensitive information.
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
IMP does not remove files properly if the MSWordView application
quits, which allows local users to cause a denial of service by
filling up the disk space by requesting a large number of documents
and prematurely stopping the request.
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Buffer overflow in KDE kdesud on Linux allows local uses to gain
privileges via a long DISPLAY environmental variable.
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
The undocumented semconfig system call in BSD freezes the state of
semaphores, which allows local users to cause a denial of service of
the semaphore system by using the semconfig call.
Reference: OPENBSD:20000526
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot
and does not chroot the specified users, which allows those users to
access other files outside of their home directory.
Reference: NETBSD:NetBSD-SA2000-006
BeOS 5.0 allows remote attackers to cause a denial of service via
fragmented TCP packets.
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Internet Explorer 4.x and 5.x allows remote attackers to execute
arbitrary commands via a buffer overflow in the ActiveX parameter
parsing capability, aka the "Malformed Component Attribute"
vulnerability.
Reference: MS:MS00-033
Internet Explorer 4.x and 5.x does properly verify the domain of a
frame within a browser window, which allows a remote attacker to read
client files via the frame, aka the "Frame Domain Verification"
vulnerability.
Reference: MS:MS00-033
AIX cdmount allows local users to gain root privileges via shell
metacharacters.
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users
to gain root privileges via a long password in the screen locking
function.
Reference: BUGTRAQ:20000614 Splitvt exploit
man in HP-UX 10.20 and 11 allows local attackers to overwrite files
via a symlink attack.
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Allegro RomPager HTTP server allows remote attackers to cause a denial
of service via a malformed authentication request.
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local
users to gain root privileges via a long pathname.
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Buffer overflow in innd 2.2.2 allows remote attackers to execute
arbitrary commands via a cancel request containing a long message ID.
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Real Networks RealServer 7.x allows remote attackers to cause a denial
of service via a malformed request for a page in the viewsource
directory.
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Windows 2000 allows a local user process to access another user's
desktop within the same windows station, aka the "Desktop Separation"
vulnerability.
Reference: MS:MS00-020
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows
remote attackers to cause a denial of service via a .zip file that
contains long file names.
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
In some cases, Norton Antivirus for Exchange (NavExchange) enters a
"fail-open" state which allows viruses to pass through the server.
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Buffer overflow in KDE Kmail allows a remote attacker to cause a
denial of service via an attachment with a long file name.
Reference: VULN-DEV:20000601 Kmail heap overflow
Check Point Firewall-1 allows remote attackers to cause a denial of
service by sending a large number of malformed fragmented IP packets.
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
The DocumentTemplate package in Zope 2.2 and earlier allows a remote
attacker to modify DTMLDocuments or DTMLMethods without authorization.
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Buffer overflow in Small HTTP Server allows remote attackers to cause
a denial of service via a long GET request.
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Microsoft SQL Server allows local users to obtain database passwords
via the Data Transformation Service (DTS) package Properties dialog,
aka the "DTS Password" vulnerability.
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Buffer overflow in Cisco TACACS+ tac_plus server allows remote
attackers to cause a denial of service via a malformed packet with a
long length field.
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to
execute arbitrary commands via a long RCPT TO mail command.
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of
service by creating a large number of socket pairs using the
socketpair function, setting a large buffer size via setsockopt, then
writing large buffers.
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package
allows remote attackers to execute arbitrary commands via a long ETRN
request.
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long string.
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Veritas Volume Manager creates a world writable .server_pids file,
which allows local users to add arbitrary commands into the file,
which is then executed by the vmsa_server script.
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Microsoft Windows Media Encoder allows remote attackers to cause a
denial of service via a malformed request, aka the "Malformed Windows
Media Encoder Request" vulnerability.
Reference: MS:MS00-038
IBM WebSphere server 3.0.2 allows a remote attacker to view source
code of a JSP program by requesting a URL which provides the JSP
extension in upper case.
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Unify eWave ServletExec allows a remote attacker to view source code
of a JSP program by requesting a URL which provides the JSP extension
in upper case.
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a
remote attacker to view source code of a JSP program by requesting a
URL which provides the JSP extension in upper case.
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
The default configuration of BEA WebLogic 5.1.0 allows a remote
attacker to view source code of programs by requesting a URL beginning
with /file/, which causes the default servlet to display the file
without further processing.
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Race condition in MDaemon 2.8.5.0 POP server allows local users to
cause a denial of service by entering a UIDL command and quickly
exiting the server.
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Mcafee VirusScan 4.03 does not properly restrict access to the alert
text file before it is sent to the Central Alert Server, which allows
local users to modify alerts in an arbitrary fashion.
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
libICE in XFree86 allows remote attackers to cause a denial of service
by specifying a large value which is not properly checked by the
SKIP_STRING macro.
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
The Apache 1.3.x HTTP server for Windows platforms allows remote
attackers to list directory contents by requesting a URL containing a
large number of / characters.
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
The "capabilities" feature in Linux before 2.2.16 allows local users
to cause a denial of service or gain privileges by setting the
capabilities to prevent a setuid program from dropping privileges, aka
the "Linux kernel setuid/setcap vulnerability."
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Imate Webmail Server 2.5 allows remote attackers to cause a denial of
service via a long HELO command.
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to
cause a denial of service via a malformed request.
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a malformed IPP request.
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a CGI POST request.
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
CUPS (Common Unix Printing System) 1.04 and earlier does not properly
delete request files, which allows a remote attacker to cause a denial
of service.
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service by authenticating with a user
name that does not exist or does not have a shadow password.
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict
access to some FTP commands, which allows remote attackers to cause a
denial of service, and local users to gain root privileges.
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX
11.0 is world writable, which allows local users to modify SNMP
configuration or gain privileges.
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
When configured to store configuration information in an LDAP
directory, Shiva Access Manager 5.0.0 stores the root DN
(Distinguished Name) name and password in cleartext in a file that is
world readable, which allows local users to compromise the LDAP
server.
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Netscape 4.73 and earlier does not properly warn users about a
potentially invalid certificate if the user has previously accepted
the certificate for a different web site, which could allow remote
attackers to spoof a legitimate web site by compromising that site's
DNS information.
Reference: CERT:CA-2000-08
Internet Explorer 4.x and 5.x does not properly verify all contents of
an SSL certificate if a connection is made to the server via an image
or a frame, aka one of two different "SSL Certificate Validation"
vulnerabilities.
Reference: MS:MS00-039
Internet Explorer 4.x and 5.x does not properly re-validate an SSL
certificate if the user establishes a new SSL session with the same
server during the same Internet Explorer session, aka one of two
different "SSL Certificate Validation" vulnerabilities.
Reference: MS:MS00-039
Savant web server allows remote attackers to read source code of CGI
scripts via a GET request that does not include the HTTP version
number.
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
RSA ACE/Server allows remote attackers to cause a denial of service by
flooding the server's authentication request port with UDP packets,
which causes the server to crash.
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Buffer overflow in the logging feature of EServ 2.9.2 and earlier
allows an attacker to execute arbitrary commands via a long MKD
command.
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
OpenSSH does not properly drop privileges when the UseLogin option is
enabled, which allows local users to execute arbitrary commands by
providing the command to the ssh daemon.
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Net Tools PKI Server does not properly restrict access to remote
attackers when the XUDA template files do not contain absolute
pathnames for other files.
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Net Tools PKI Server allows remote attackers to cause a denial of
service via a long HTTP request.
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
The KApplication class in the KDE 1.1.2 configuration file management
capability allows local users to overwrite arbitrary files.
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port
722 as well as port 22, which might allow remote attackers to access
SSH through port 722 even if port 22 is otherwise filtered.
Reference: FREEBSD:FreeBSD-SA-00:21
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to
overwrite arbitrary files.
Reference: SGI:20000601-01-P
The apsfilter software in the FreeBSD ports package does not properly
read user filter configurations, which allows local users to execute
commands as the lpd user.
Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory
xinetd 2.1.8.x does not properly restrict connections if hostnames are
used for access control and the connecting host does not have a
reverse DNS entry.
Reference: CONFIRM:http://www.synack.net/xinetd/
BRU backup software allows local users to append data to arbitrary
files by specifying an alternate configuration file with the
BRUEXECLOG environmental variable.
Reference: BUGTRAQ:20000606 BRU Vulnerability
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows
remote attackers to cause a denial of service via a long login
password.
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Servlet examples in Allaire JRun 2.3.x allow remote attackers to
obtain sensitive information, e.g. listing HttpSession ID's via the
SessionServlet servlet.
Reference: ALLAIRE:ASB00-015
JSP sample files in Allaire JRun 2.3.x allow remote attackers to
access arbitrary files (e.g. via viewsource.jsp) or obtain
configuration information.
Reference: ALLAIRE:ASB00-015
The Panda Antivirus console on port 2001 allows local users to execute
arbitrary commands without authentication via the CMD command.
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Tigris remote access server before 11.5.4.22 does not properly record
Radius accounting information when a user fails the initial login
authentication but subsequently succeeds.
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Buffer overflow in Kerberos 4 KDC program allows remote attackers to
cause a denial of service via the e_msg variable in the kerb_err_reply
function.
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Kerberos 4 KDC program does not properly check for null termination of
AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause
a denial of service via a malformed request.
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Kerberos 4 KDC program improperly frees memory twice (aka
"double-free"), which allows remote attackers to cause a denial of
service.
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
The file transfer mechanism in Danware NetOp 6.0 does not provide
authentication, which allows remote attackers to access and modify
arbitrary files.
Reference: BUGTRAQ:20000523 I think
ICQwebmail client for ICQ 2000A creates a world readable temporary
file during login and does not delete it, which allows local users to
obtain sensitive information.
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Race condition in IPFilter firewall 3.4.3 and earlier, when configured
with overlapping "return-rst" and "keep state" rules, allows remote
attackers to bypass access restrictions.
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Ceilidh allows remote attackers to cause a denial of service via a
large number of POST requests.
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Buffer overflow in the web interface for Cmail 2.4.7 allows remote
attackers to cause a denial of service by sending a large user name to
the user dialog running on port 8002.
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Buffer overflow in the web interface for Cmail 2.4.7 allows remote
attackers to execute arbitrary commands via a long GET request.
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Buffer overflow in HP Openview Network Node Manager 6.1 allows remote
attackers to execute arbitrary commands via the Alarm service
(OVALARMSRV) on port 2345.
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Buffer overflow in WebBBS 1.15 allows remote attackers to execute
arbitrary commands via a long HTTP GET request.
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by
uploading and specifying an alternate user configuration file via a
.. (dot dot) attack.
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
makewhatis in Linux man package allows local users to overwrite files
via a symlink attack.
Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis
Buffer overflow in Microsoft Outlook and Outlook Express allows remote
attackers to execute arbitrary commands via a long Date field in an
email header, aka the "Malformed E-mail Header" vulnerability.
Reference: MS:MS00-043
Sybergen Secure Desktop 2.1 does not properly protect against false
router advertisements (ICMP type 9), which allows remote attackers to
modify default routes.
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Sybergen Sygate allows remote attackers to cause a denial of service
by sending a malformed DNS UDP packet to its internal interface.
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
FirstClass Internet Services server 5.770, and other versions before
6.1, allows remote attackers to cause a denial of service by sending
an email with a long To: mail header.
Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial
of service via a long GET request.
Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability
The lreply function in wu-ftpd 2.6.0 and earlier does not properly
cleanse an untrusted format string, which allows remote attackers to
execute arbitrary commands via the SITE EXEC command.
Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994
SSH 1.2.27 with Kerberos authentication support stores Kerberos
tickets in a file which is created in the current directory of the
user who is logging in, which could allow remote attackers to sniff
the ticket cache if the home directory is installed on NFS.
Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows
remote attackers to cause a denial of service via a malformed URL.
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Netscape Professional Services FTP Server 1.3.6 allows remote
attackers to read arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :>
IRIX crontab creates temporary files with predictable file names and
with the umask of the user, which could allow local users to modify
another user's crontab file as it is being edited.
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Windows 2000 Telnet Server allows remote attackers to cause a denial
of service by sending a continuous stream of binary zeros, which
causes the server to crash.
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1]
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a
denial of service by sending a stream of invalid commands (such as
binary zeros) to the SMTP Security Server proxy.
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3]
vchkpw program in vpopmail before version 4.8 does not properly cleanse
an untrusted format string used in a call to syslog, which allows
remote attackers to cause a denial of service via a USER or PASS
command that contains arbitrary formatting directives.
Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems
Buffer overflow in Canna input system allows remote attackers to
execute arbitrary commands via an SR_INIT command with a long user
name or group name.
Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html
ISC DHCP client program dhclient allows remote attackers to execute
arbitrary commands via shell metacharacters.
Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client.
Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to
cause a denial of service or execute arbitrary commands via the SUMMON
command.
Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability
The privpath directive in glftpd 1.18 allows remote attackers to
bypass access restrictions for directories by using the file name
completion capability.
Reference: XF:glftpd-privpath-directive
SawMill 5.0.21 CGI program allows remote attackers to read the first
line of arbitrary files by listing the file in the rfcf parameter,
whose contents SawMill attempts to parse as configuration commands.
Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm
Poll It 2.0 CGI script allows remote attackers to read arbitrary files
by specifying the file name in the data_dir parameter.
Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL
filtering by encoding characters in the requested URL.
Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of
service by sending an HTTP GET request without listing an HTTP version
number.
Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow
BitchX IRC client does not properly cleanse an untrusted format
string, which allows remote attackers to cause a denial of service via
an invite to a channel whose name includes special formatting
characters.
Reference: VULN-DEV:20000704 BitchX /ignore bug
libedit searches for the .editrc file in the current directory instead
of the user's home directory, which may allow local users to execute
arbitrary commands by installing a modified .editrc in another
directory.
Reference: FREEBSD:FreeBSD-SA-00:24
Internet Explorer 5.x does not warn a user before opening a Microsoft
Access database file that is referenced within ActiveX OBJECT tags in
an HTML document, which could allow remote attackers to execute
arbitrary commands, aka the "IE Script" vulnerability.
Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are
marked as safe for scripting, which allows remote attackers to force
Internet Explorer or some email clients to save files to arbitrary
locations via the Visual Basic for Applications (VBA) SaveAs function,
aka the "Office HTML Script" vulnerability.
Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs
Fortech Proxy+ allows remote attackers to bypass access restrictions
for to the administration service by redirecting their connections
through the telnet proxy.
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Buffer overflow in iMesh 1.02 allows remote attackers to execute
arbitrary commands via a long string to the iMesh port.
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to
cause a denial of service or execute arbitrary commands via a
malformed URL.
Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility
LeafChat 1.7 IRC client allows a remote IRC server to cause a denial
of service by rapidly sending a large amount of error messages.
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Secure Locate (slocate) in Red Hat Linux allows local users to gain
privileges via a malformed configuration file that is specified in the
LOCATE_PATH environmental variable.
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Microsoft SQL Server 7.0 allows a local user to bypass permissions for
stored procedures by referencing them via a temporary stored
procedure, aka the "Stored Procedure Permissions" vulnerability.
Reference: MS:MS00-048
gkermit in Red Hat Linux is improperly installed with setgid uucp,
which allows local users to modify files owned by uucp.
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to
bypass authentication and use the server for mail relay via a username
that contains a carriage return.
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
The default configuration of NetWin dMailWeb and cwMail trusts all POP
servers, which allows attackers to bypass normal authentication and
cause a denial of service.
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Cisco Secure PIX Firewall does not properly identify forged TCP Reset
(RST) packets, which allows remote attackers to force the firewall to
close legitimate connections.
Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets
LPRng 3.6.x improperly installs lpd as setuid root, which can allow
local users to append lpd trace and logging messages to files.
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain
additional privileges via DBUTIL.PUB.SYS.
Reference: HP:HPSBMP0006-007
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of
service via malformed ICMP packets.
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
libX11 X library allows remote attackers to cause a denial of service
via a resource mask of 0, which causes libX11 to go into an infinite
loop.
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x,
allow remote attackers to read files on the client's system via a
malformed HTML message that stores files outside of the cache, aka the
"Cache Bypass" vulnerability.
Reference: MS:MS00-046
Buffer overflow in Webfind CGI program in O'Reilly WebSite
Professional web server 2.x allows remote attackers to execute
arbitrary commands via a URL containing a long "keywords" parameter.
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to
execute arbitrary commands via a long #EXTINF: extension in the M3U
playlist.
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
BlackBoard CourseInfo 4.0 does not properly authenticate users, which
allows local users to modify CourseInfo database information and gain
privileges by directly calling the supporting CGI programs such as
user_update_passwd.pl and user_update_admin.pl.
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
The source.asp example script in the Apache ASP module Apache::ASP
1.93 and earlier allows remote attackers to modify files.
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source
code by appending a +.htr to the URL, a variant of the "File Fragment
Reading via .HTR" vulnerability.
Reference: MS:MS00-044
An administrative script from IIS 3.0, later included in IIS 4.0 and
5.0, allows remote attackers to cause a denial of service by accessing
the script without a particular argument, aka the "Absent Directory
Browser Argument" vulnerability.
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Buffer overflow in the web archive component of L-Soft Listserv 1.8d
and earlier allows remote attackers to execute arbitrary commands via
a long query string.
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Vulnerability in Mandrake Linux usermode package allows local users to
to reboot or halt the system.
Reference: REDHAT:RHSA-2000:053-01
The web administration interface for CommuniGate Pro 3.2.5 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot)
attack.
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
The view_page.html sample page in the MiniVend shopping cart program
allows remote attackers to execute arbitrary commands via shell
metacharacters.
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
remote attackers to cause a denial of service via a malformed FTP
quote command.
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary
commands by specifying a malicious .dll using the Register.ID
function, aka the "Excel REGISTER.ID Function" vulnerability.
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Big Brother 1.4h1 and earlier allows remote attackers to read
arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
The default configuration of Big Brother 1.4h2 and earlier does not
include proper access restrictions, which allows remote attackers to
execute arbitrary commands by using bbd to upload a file whose
extension will cause it to be executed as a CGI script by the web
server.
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Guild FTPd allows remote attackers to determine the existence of files
outside the FTP root via a .. (dot dot) attack, which provides
different error messages depending on whether the file exists or not.
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Savant web server allows remote attackers to execute arbitrary
commands via a long GET request.
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
The default configuration of WebActive HTTP Server 1.00 stores the web
access log active.log in the document root, which allows remote
attackers to view the logs by directly requesting the page.
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
to cause a denial of service via a long URL.
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing a STAT command while the LIST command is still
executing.
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
The default installation of VirusScan 4.5 and NetShield 4.5 has
insecure permissions for the registry key that identifies the
AutoUpgrade directory, which allows local users to execute arbitrary
commands by replacing SETUP.EXE in that directory with a Trojan Horse.
Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
The ClientTrust program in Novell BorderManager does not properly
verify the origin of authentication requests, which could allow remote
attackers to impersonate another user by replaying the authentication
requests and responses from port 3024 of the victim's machine.
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
IBM WebSphere allows remote attackers to read source code for
executable web files by directly calling the default InvokerServlet
using a URL which contains the "/servlet/file" string.
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Microsoft Enterprise Manager allows local users to obtain database
passwords via the Data Transformation Service (DTS) package Registered
Servers Dialog dialog, aka a variant of the "DTS Password"
vulnerability.
Reference: MS:MS00-041
Netscape Communicator 4.73 and earlier allows remote attackers to
cause a denial of service or execute arbitrary commands via a JPEG
image containing a comment with an illegal field length of 1.
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
The WDaemon web server for WorldClient 2.1 allows remote attackers to
read arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of
service via a long string to the server port.
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to
read arbitrary files by redirecting the contents of an IFRAME using
the DHTML Edit Control (DHTMLED).
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
The registry entry for the Windows Shell executable (Explorer.exe) in
Windows NT and Windows 2000 uses a relative path name, which allows
local users to execute arbitrary commands by inserting a Trojan Horse
named Explorer.exe into the %Systemdrive% directory, aka the "Relative
Shell Path" vulnerability.
Reference: MS:MS00-052
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read
arbitrary files via a modified .. (dot dot) attack that uses the %2E
URL encoding for the dots.
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
cause a denial of service via a long username.
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
rpc.statd in the nfs-utils package in various Linux distributions does
not properly cleanse untrusted format strings, which allows remote
attackers to gain root privileges.
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
pam_console PAM module in Linux systems allows a user to access the
system console and reboot the system when a display manager such as
gdm or kdm has XDMCP enabled.
Reference: REDHAT:RHSA-2000:044-02
Novell NetWare 5.0 allows remote attackers to cause a denial of
service by flooding port 40193 with random data.
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with
write access to a CVS repository to execute arbitrary commands via
shell metacharacters.
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Roxen web server earlier than 2.0.69 allows allows remote attackers to
bypass access restrictions, list directory contents, and read source
code by inserting a null character (%00) to the URL.
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
The default configuration of Jakarta Tomcat does not restrict access
to the /admin context, which allows remote attackers to read arbitrary
files by directly calling the administrative servlets to add a context
for the root directory.
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
The NetBIOS Name Server (NBNS) protocol does not perform
authentication, which allows remote attackers to cause a denial of
service by sending a spoofed Name Conflict or Name Release datagram,
aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
ftp.pl CGI program for Virtual Visions FTP browser allows remote
attackers to read directories outside of the document root via a
.. (dot dot) attack.
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
attackers to execute arbitrary commands via a long string.
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Netscape Communicator and Navigator 4.04 through 4.74 allows remote
attackers to read arbitrary files by using a Java applet to open a
connection to a URL using the "file", "http", "https", and "ftp"
protocols, as demonstrated by Brown Orifice.
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Buffer overflow in IBM Net.Data db2www CGI program allows remote
attackers to execute arbitrary commands via a long PATH_INFO
environmental variable.
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
PGP 5.5.x through 6.5.3 does not properly check if an Additional
Decryption Key (ADK) is stored in the signed portion of a public
certificate, which allows an attacker who can modify a victim's public
certificate to decrypt any data that has been encrypted with the
modified certificate.
Reference: CERT:CA-2000-18
The CVS 1.10.8 client trusts pathnames that are provided by the CVS
server, which allows the server to force the client to create
arbitrary files.
Reference: BUGTRAQ:20000728 cvs security problem
Buffer overflow in BEA WebLogic server proxy plugin allows remote
attackers to execute arbitrary commands via a long URL with a .JSP
extension.
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the
FileServlet.
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /*.shtml/ into the URL, which invokes the
SSIServlet.
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
BEA WebLogic 5.1.x does not properly restrict access to the
JSPServlet, which could allow remote attackers to compile and execute
Java JSP code by directly invoking the servlet on any source file.
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
BEA WebLogic 5.1.x does not properly restrict access to the
PageCompileServlet, which could allow remote attackers to compile and
execute Java JHTML code by directly invoking the servlet on any source
file.
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
pgxconfig in the Raptor GFX configuration tool uses a relative path
name for a system call to the "cp" program, which allows local users
to execute arbitrary commands by modifying their path to point to an
alternate "cp" program.
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
pgxconfig in the Raptor GFX configuration tool allows local users to
gain privileges via a symlink attack.
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Minicom 1.82.1 and earlier on some Linux systems allows local users to
create arbitrary files owned by the uucp user via a symlink attack.
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Format string vulnerability in ftpd in HP-UX 10.20 allows remote
attackers to cause a denial of service or execute arbitrary commands
via format strings in the PASS command.
Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit
Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and
some versions of 12.0, do not properly handle line card failures,
which allows remote attackers to bypass ACLs or force the interface to
stop forwarding packets.
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
The net.init rc script in HP-UX 11.00 (S008net.init) allows local
users to overwrite arbitrary files via a symlink attack that points
from /tmp/stcp.conf to the targeted file.
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
suidperl (aka sperl) does not properly cleanse the escape sequence
"~!" before calling /bin/mail to send an error report, which allows
local users to gain privileges by setting the "interactive"
environmental variable and calling suidperl with a filename that
contains the escape sequence.
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
ntop running in web mode allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Buffer overflows in ntop running in web mode allows remote attackers
to execute arbitrary commands.
Reference: FREEBSD:FreeBSD-SA-00:36
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the
file dbconnect.inc within the web root, which allows remote attackers
to obtain sensitive information such as the administrative password.
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows
remote attackers to cause a denial of service via a long series of
null characters to the rexec port.
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Netscape Communicator does not properly prevent a ServerSocket object
from being created by untrusted entities, which allows remote
attackers to create a server on the victim's system via a malicious
applet, as demonstrated by Brown Orifice.
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to
gain root privileges when LIDS is disabled via the security=0 boot
option.
Reference: MISC:http://www.egroups.com/message/lids/1038
WorldClient email client in MDaemon 2.8 includes the session ID in the
referer field of an HTTP request when the user clicks on a URL, which
allows the visited web site to hijcak the session ID and read the
user's email.
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
GoodTech FTP server allows remote attackers to cause a denial of
service via a large number of RNTO commands.
Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
A race condition in MandrakeUpdate allows local users to modify RPM
files while they are in the /tmp directory before they are installed.
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
news.cgi in GWScripts News Publisher does not properly authenticate
requests to add an author to the author index, which allows remote
attackers to add new authors by directly posting an HTTP request to
the new.cgi program with an addAuthor parameter, and setting the
Referer to the news.cgi program.
Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability
Zope before 2.2.1 does not properly restrict access to the getRoles
method, which allows users who can edit DTML to add or modify roles by
modifying the roles list that is included in a request.
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote
attackers to read arbitrary files by specifying the file in the
$Attach$ hidden form variable.
Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files
xpdf PDF viewer client earlier than 0.91 does not properly launch a
web browser for embedded URL's, which allows an attacker to execute
arbitrary commands via a URL that contains shell metacharacters.
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
xpdf PDF viewer client earlier than 0.91 allows local users to
overwrite arbitrary files via a symlink attack.
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of
service by executing a program with a malformed ELF image header.
Reference: FREEBSD:FreeBSD-SA-00:41
Vulnerability in newgrp command in HP-UX 11.0 allows local users to
gain privileges.
Reference: HP:HPSBUX0008-118
Directory traversal vulnerability in Worm HTTP server allows remote
attackers to read arbitrary files via a .. (dot dot) attack.
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Worm HTTP server allows remote attackers to cause a denial of service
via a long URL.
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans
user-injected format strings, which allows remote attackers to execute
arbitrary commands via a long RLD variable in the
IAC-SB-TELOPT_ENVIRON request.
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
The Service Control Manager (SCM) in Windows 2000 creates predictable
named pipes, which allows a local user with console access to gain
administrator privileges, aka the "Service Control Manager Named Pipe
Impersonation" vulnerability.
Reference: MS:MS00-053
WebShield SMTP 4.5 allows remote attackers to cause a denial of
service by sending e-mail with a From: address that has a . (period)
at the end, which causes WebShield to continuously send itself copies
of the e-mail.
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Directory traversal vulnerability in strong.exe program in NAI Net
Tools PKI server 1.0 before HotFix 3 allows remote attackers to read
arbitrary files via a .. (dot dot) attack in an HTTPS request to the
enrollment server.
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0
before HotFix 3 allows remote attackers to execute arbitrary commands
via a long URL in the HTTPS port.
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Format string vulnerability in strong.exe program in NAI Net Tools PKI
server 1.0 before HotFix 3 allows remote attackers to execute
arbitrary code via format strings in a URL with a .XUDA extension.
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
The IPX protocol implementation in Microsoft Windows 95 and 98 allows
remote attackers to cause a denial of service by sending a ping packet
with a source IP address that is a broadcast address, aka the
"Malformed IPX Ping Packet" vulnerability.
Reference: BUGTRAQ:20000602 ipx storm
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows
remote attackers to execute arbitrary commands via a DES key
generation request (GDESkey) that contains a long ticket value.
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
DEPRECATED. This entry has been deprecated. It is a duplicate of
CVE-2000-0743.
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke
administrator password, which allows remote attackers to gain
privileges by requesting a URL that does not specify the aid or pwd
parameter.
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Buffer overflow in the Linux binary compatibility module in FreeBSD
3.x through 5.x allows local users to gain root privileges via long
filenames in the linux shadow file system.
Reference: FREEBSD:FreeBSD-SA-00:42
Buffer overflow in mopd (Maintenance Operations Protocol loader
daemon) allows remote attackers to execute arbitrary commands via a
long file name.
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
mopd (Maintenance Operations Protocol loader daemon) does not properly
cleanse user-injected format strings, which allows remote attackers to
execute arbitrary commands.
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
The Microsoft Outlook mail client identifies the physical path of the
sender's machine within a winmail.dat attachment to Rich Text Format
(RTF) files.
Reference: BUGTRAQ:20000824 Outlook winmail.dat
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1
related to passwords.
Reference: HP:HPSBUX0008-119
The web interface for Lyris List Manager 3 and 4 allows list
subscribers to obtain administrative access by modifying the value of
the list_admin hidden form field.
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of
service via a long username.
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
The default installation of eTrust Access Control (formerly SeOS) uses
a default encryption key, which allows remote attackers to spoof the
eTrust administrator and gain privileges.
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
xlockmore and xlockf do not properly cleanse user-injected format
strings, which allows local users to gain root privileges via the -d
option.
Reference: BUGTRAQ:20000816 xlock vulnerability
Intel Express 500 series switches allow a remote attacker to cause a
denial of service via a malformed IP packet.
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Buffer overflow in the HTML interpreter in Microsoft Office 2000
allows an attacker to execute arbitrary commands via a long embedded
object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
Reference: MS:MS00-056
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to
cause a denial of service or possibly gain privileges via a long HTTP
GET request.
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x
and 5.x renders arbitrary file types instead of HTML, which allows an
attacker to read arbitrary files, aka the "Scriptlet Rendering"
vulnerability.
Reference: MS:MS00-055
A function in Internet Explorer 4.x and 5.x does not properly verify
the domain of a frame within a browser window, which allows a remote
attacker to read client files, aka a variant of the "Frame Domain
Verification" vulnerability.
Reference: MS:MS00-055
IIS 4.0 and 5.0 does not properly restrict access to certain types of
files when their parent folders have less restrictive permissions,
which could allow remote attackers to bypass access restrictions to
some files, aka the "File Permission Canonicalization" vulnerability.
Reference: MS:MS00-057
Microsoft Windows 2000 allows local users to cause a denial of service
by corrupting the local security policy via malformed RPC traffic, aka
the "Local Security Policy Corruption" vulnerability.
Reference: MS:MS00-062
Mediahouse Statistics Server 5.02x allows remote attackers to execute
arbitrary commands via a long HTTP GET request.
Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)
The password protection feature of Microsoft Money can store the
password in plaintext, which allows attackers with physical access to
the system to obtain the password, aka the "Money Password"
vulnerability.
Reference: MS:MS00-061
IIS 5.0 allows remote attackers to obtain source code for .ASP files
and other scripts via an HTTP GET request with a "Translate: f"
header, aka the "Specialized Header" vulnerability.
Reference: MS:MS00-058
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote
attackers to bypass access restrictions and connect to a RSH/REXEC
client via malformed connection requests.
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
The web server in IPSWITCH IMail 6.04 and earlier allows remote
attackers to read and delete arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Watchguard Firebox II allows remote attackers to cause a denial of
service by sending a malformed URL to the authentication service on
port 4100.
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
GNU userv 1.0.0 and earlier does not properly perform file descriptor
swapping, which can corrupt the USERV_GROUPS and USERV_GIDS
environmental variables and allow local users to bypass some access
restrictions.
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to
execute arbitrary commands by encoding shell metacharacters into a URL
which XChat uses to launch a web browser.
Reference: BUGTRAQ: 20000817 XChat URL handler vulnerabilty
The Mail Merge tool in Microsoft Word does not prompt the user before
executing Visual Basic (VBA) scripts in an Access database, which
could allow an attacker to execute arbitrary commands.
Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
The web-based folder display capability in Microsoft Internet Explorer
5.5 on Windows 98 allows local users to insert Trojan horse programs
by modifying the Folder.htt file and using the InvokeVerb method in
the ShellDefView ActiveX control to specify a default execute option
for the first file that is listed in the folder.
Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.
Gnome Lokkit firewall package before 0.41 does not properly restrict
access to some ports, even if a user does not make any services
available.
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to
gain root privileges via a long -n option.
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to
gain root privileges via a long command line option.
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local
users to gain privileges via a symlink attack on the .ilmpAAA
temporary file.
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
GNU Groff uses the current working directory to find a device
description file, which allows a local user to gain additional
privileges by including a malicious postpro directive in the
description file, which is executed when another user runs groff.
Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to bypass the directionality check via fragmented TCP connection
requests or reopening closed TCP connection requests, aka "One-way
Connection Enforcement Bypass."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits
encapsulated FWS packets, even if they do not come from a valid FWZ
client, aka "Retransmission of Encapsulated Packets."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
The inter-module authentication mechanism (fwa1) in Check Point
VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct
a denial of service, aka "Inter-module Communications Bypass."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
The OPSEC communications authentication mechanism (fwn1) in Check
Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to
spoof connections, aka the "OPSEC Authentication Vulnerability."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
The seed generation mechanism in the inter-module S/Key authentication
mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows
remote attackers to bypass authentication via a brute force attack,
aka "One-time (s/key) Password Authentication."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Buffer overflow in Getkey in the protocol checker in the inter-module
communication mechanism in Check Point VPN-1/FireWall-1 4.1 and
earlier allows remote attackers to cause a denial of service.
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Auction Weaver 1.0 through 1.04 does not properly validate the names
of form fields, which allows remote attackers to delete arbitrary
files and directories via a .. (dot dot) attack.
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Auction Weaver 1.0 through 1.04 allows remote attackers to read
arbitrary files via a .. (dot dot) attack on the username or bidfile
form fields.
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to redirect FTP connections to other servers ("FTP Bounce") via
invalid FTP commands that are processed improperly by FireWall-1, aka
"FTP Connection Enforcement Bypass."
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Linux tmpwatch --fuser option allows local users to execute arbitrary
commands by creating files whose names contain shell metacharacters.
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
The default installation for the Oracle listener program 7.3.4, 8.0.6,
and 8.1.6 allows an attacker to cause logging information to be
appended to arbitrary files and execute commands via the SET TRC_FILE
or SET LOG_FILE commands.
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
The unsetenv function in glibc 2.1.1 does not properly unset an
environmental variable if the variable is provided twice to a program,
which could allow local users to execute arbitrary commands in setuid
programs by specifying their own duplicate environmental variables
such as LD_PRELOAD or LD_LIBRARY_PATH.
Reference: BUGTRAQ:19990917 A few bugs...
Ipswitch Imail 6.0 allows remote attackers to cause a denial of
service via a large number of connections in which a long Host: header
is sent, which causes a thread to crash.
Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
The tmpwatch utility in Red Hat Linux forks a new process for each
directory level, which allows local users to cause a denial of service
by creating deeply nested directories in /tmp or /var/tmp/.
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
annclist.exe in webTV for Windows allows remote attackers to cause a
denial of service by via a large, malformed UDP packet to ports 22701
through 22705.
Reference: BUGTRAQ:20000913 trivial DoS in webTV
The Windows 2000 telnet client attempts to perform NTLM authentication
by default, which allows remote attackers to capture and replay the
NTLM challenge/response via a telnet:// URL that points to the
malicious server, aka the "Windows 2000 Telnet Client NTLM
Authentication" vulnerability.
Reference: ATSTAKE:A091400-1
FTP Serv-U 2.5e allows remote attackers to cause a denial of service
by sending a large number of null bytes.
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Fastream FUR HTTP server 1.0b allows remote attackers to cause a
denial of service via a long GET request.
Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of
service via a large number of LPD options to the LPD port (515).
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Some functions that implement the locale subsystem on Unix do not
properly cleanse user-injected format strings, which allows local attackers
to execute arbitrary commands via functions such as gettext and catopen.
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to
execute arbitrary commands via a long username or password.
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Buffer overflow in University of Washington c-client library (used by
pine and other programs) allows remote attackers to execute arbitrary
commands via a long X-Keywords header.
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Buffer overflow in IBM WebSphere web application server (WAS) allows
remote attackers to execute arbitrary commands via a long Host:
request header.
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Race condition in Microsoft Windows Media server allows remote attackers
to cause a denial of service in the Windows Media Unicast Service via a
malformed request, aka the "Unicast Service Race Condition" vulnerability.
Reference: MS:MS00-064
Netegrity SiteMinder before 4.11 allows remote attackers to bypass
its authentication mechanism by appending "$/FILENAME.ext" (where ext
is .ccc, .class, or .jpg) to the requested URL.
Reference: ATSTAKE:A091100-1
Buffer overflow in the Still Image Service in Windows 2000 allows local
users to gain additional privileges via a long WM_USER message, aka the
"Still Image Service Privilege Escalation" vulnerability.
Reference: ATSTAKE:A090700-1
Multiple buffer overflows in eject on FreeBSD and possibly other OSes
allows local users to gain root privileges.
Reference: FREEBSD:FreeBSD-SA-00:49
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
When a Microsoft Office 2000 document is launched, the directory of
that document is first used to locate DLL's such as riched20.dll and
msi.dll, which could allow an attacker to execute arbitrary commands
by inserting a Trojan Horse DLL into the same directory as the
document.
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause
a denial of service or possibly execute arbitrary commands via a long
GET request.
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to
cause a denial of service in IIS by sending it a series of malformed
requests which cause INETINFO.EXE to fail, aka the "Invalid URL"
vulnerability.
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
The web configuration server for NTMail V5 and V6 allows remote
attackers to cause a denial of service via a series of partial HTTP
requests.
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
The file upload capability in PHP versions 3 and 4 allows remote
attackers to read arbitrary files by setting hidden form fields whose
names match the names of internal PHP script variables.
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Mailman 1.1 allows list administrators to execute arbitrary commands
via shell metacharacters in the %(listname) macro expansion.
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Vulnerability in an administrative interface utility for Allaire
Spectra 1.0.1 allows remote attackers to read and modify sensitive
configuration information.
Reference: ALLAIRE:ASB00-23
Buffer overflow in listmanager earlier than 2.105.1 allows local users
to gain additional privileges.
Reference: FREEBSD:FreeBSD-SA-00:50
Race condition in the creation of a Unix domain socket in GNOME esound
0.2.19 and earlier allows a local user to change the permissions of
arbitrary files and directories, and gain additional privileges, via a
symlink attack.
Reference: FREEBSD:FreeBSD-SA-00:45
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows
local users to gain root privileges via a long terminal type argument.
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.
Reference: BUGTRAQ:20000917 klogd format bug
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows
remote attackers to read source code for CGI scripts by replacing the
/cgi-bin/ in the requested URL with /cgi-bin-sdb/.
Reference: ATSTAKE:A090700-2
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables
WebDAV, which allows remote attackers to list arbitrary diretories via
the PROPFIND HTTP request method.
Reference: ATSTAKE:A090700-3
Buffer overflow in EFTP allows remote attackers to cause a denial of
service via a long string.
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Buffer overflow in EFTP allows remote attackers to cause a denial of
service by sending a string that does not contain a newline, then
disconnecting from the server.
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
netstat in AIX 4.x.x does not properly restrict access to the -Zi
option, which allows local users to clear network interface statistics
and possibly hide evidence of unusual network activities.
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Eudora mail client includes the absolute path of the sender's host
within a virtual card (VCF).
Reference: BUGTRAQ:20000907 Eudora disclosure
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a
denial of service by sending a long string of unprintable characters.
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the
full pathname of the server via a "%C" command, which generates an
error message that includes the pathname.
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read
arbitrary files by specifying the file name in the XX-attach_file
parameter, which MailForm then sends to the attacker.
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
The mailto CGI script allows remote attacker to execute arbitrary
commands via shell metacharacters in the emailadd form field.
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
The default configuration of mod_perl for Apache as installed on
Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be
browseable, which allows remote attackers to list the contents of that
directory.
Reference: MANDRAKE:MDKSA-2000:046
IIS 4.0 and 5.0 allows remote attackers to read documents outside of
the web root, and possibly execute arbitrary commands, via malformed
URLs that contain UNICODE encoded characters, aka the "Web Server
Folder Traversal" vulnerability.
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
IIS 5.0 allows remote attackers to execute arbitrary commands via a
malformed request for an executable file whose name is appended with
operating system commands, aka the "Web Server File Request Parsing"
vulnerability.
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by making a compressed zone transfer (ZXFR) request
and performing a name service query on an authoritative record that is
not cached, aka the "zxfr bug."
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by sending an SRV record to the server, aka the "srv
bug."
Reference: CERT:CA-2000-20
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating
systems, allows local users to overwrite arbitrary files via a symlink
attack.
Reference: CERT-VN:VU#626919
A default ECL in Lotus Notes before 5.02 allows remote attackers to
execute arbitrary commands by attaching a malicious program in an
email message that is automatically executed when the user opens the
email.
Reference: CERT-VN:VU#5962
Some telnet clients allow remote telnet servers to request environment
variables from the client that may contain sensitive information, or
remote web servers to obtain the information via a telnet: URL.
Reference: CERT-VN:VU#22404
WatchGuard SOHO firewall allows remote attackers to cause a denial of
service via a flood of fragmented IP packets, which causes the
firewall to drop connections and stop forwarding packets.
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Small HTTP Server 2.03 and earlier allows remote attackers to cause a
denial of service by repeatedly requesting a URL that references a
directory that does not contain an index.html file, which consumes
memory that is not released after the request is completed.
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Directory traversal vulnerability in ssi CGI program in thttpd 2.19
and earlier allows remote attackers to read arbitrary files via a
"%2e%2e" string, a variation of the .. (dot dot) attack.
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Format string vulnerability in screen 3.9.5 and earlier allows local
users to gain root privileges via format characters in the vbell_msg
initialization variable.
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
BrowseGate 2.80 allows remote attackers to cause a denial of service
and possibly execute arbitrary commands via long Authorization or
Referer MIME headers in the HTTP request.
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Buffer overflow in the automatic mail checking component of Pine 4.21
and earlier allows remote attackers to execute arbitrary commands via
a long From: header.
Reference: BUGTRAQ:20000922 [ no subject ]
Horde library 1.02 allows attackers to execute arbitrary commands via
shell metacharacters in the "from" address.
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
IMP 2.2 and earlier allows attackers to read and delete arbitrary
files by modifying the attachment_name hidden form variable, which
causes IMP to send the file to the attacker as an attachment.
Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP
MultiHTML CGI script allows remote attackers to read arbitrary files
and possibly execute arbitrary commands by specifying the file name to
the "multi" parameter.
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to
read arbitrary files if a RewriteRule directive is expanded to include
a filename whose name contains a regular expression.
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of
service by flooding the server with ARP requests.
Reference: BUGTRAQ:20001005 obsd_fun.c
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary
files by specifying the target file name instead of a regular user
name.
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Format string vulnerability in use_syslog() function in LPRng 3.6.24
allows remote attackers to execute arbitrary commands.
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and
earlier allows remote attackers to read arbitrary files via a .. (dot
dot) attack.
Reference: BUGTRAQ:20001007 PHPix advisory
Directory traversal vulnerability in BOA web server 0.94.8.2 and
earlier allows remote attackers to read arbitrary files via a modified
.. (dot dot) attack in the GET HTTP request that uses a "%2E" instead
of a "."
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Directory traversal vulnerability in Hassan Consulting shop.cgi
shopping cart program allows remote attackers to read arbitrary files
via a .. (dot dot) attack on the page parameter.
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Directory traversal vulnerability in Bytes Interactive Web Shopper
shopping cart program (shopper.cgi) 2.0 and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
newpage parameter.
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
authenticate.cgi CGI program in Aplio PRO allows remote attackers to
execute arbitrary commands via shell metacharacters in the password
parameter.
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Directory traversal vulnerability in search.cgi CGI script in Armada
Master Index allows remote attackers to read arbitrary files via a
.. (dot dot) attack in the "catigory" parameter.
Reference: BUGTRAQ:20001009 Master Index traverse advisory
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka
CyberShop) installs the _private directory with world readable
permissions, which allows remote attackers to obtain sensitive
information.
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote
attackers to modify price information by changing the "Price" hidden
form variable.
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they
are stored in alternative data streams, which allows users to bypass
quota restrictions.
Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by
running a report on the targeted shares.
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Microsoft Windows Media Player 7 allows attackers to cause a denial of
service in RTF-enabled email clients via an embedded OCX control that
is not closed properly, aka the "OCX Attachment" vulnerability.
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via
an embedded URL that calls the mailto: protocol with a -F switch.
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA
documents in a ZIP file and hangs, which allows remote attackers to
cause a denial of service.
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
The Input Method Editor (IME) in the Simplified Chinese version of
Windows 2000 does not disable access to privileged functionality that
should normally be restricted, which allows local users to gain
privileges, aka the "Simplified Chinese IME State Recognition"
vulnerability.
Reference: MS:MS00-069
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary
files and cause a denial of service via a symlink attack.
Reference: REDHAT:RHSA-2000:062-03
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users
to overwrite arbitrary files via a symlink attack on the cgi.log file.
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the
cgi.log logging file with world readable permissions, which allows
local users to read sensitive information such as user names and
passwords.
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login
attempts in which the username is correct but the password is wrong,
which allows remote attackers to conduct brute force password guessing
attacks.
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a
different error message when a valid username is provided versus an
invalid name, which allows remote attackers to identify valid users on
the server.
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to
execute arbitrary commands via shell metacharacters in the "whois"
parameter.
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
The CiWebHitsFile component in Microsoft Indexing Services for Windows
2000 allows remote attackers to conduct a cross site scripting (CSS)
attack via a CiRestriction parameter in a .htw request, aka the
"Indexing Services Cross Site Scripting" vulnerability.
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers
to cause a denial of service and possibly execute arbitrary commands
via a long USER command.
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
CGI Script Center News Update 1.1 does not properly validate the
original news administration password during a password change
operation, which allows remote attackers to modify the password
without knowing the original password.
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
The web configuration interface for Catalyst 3500 XL switches allows
remote attackers to execute arbitrary commands without authentication
when the enable password is not set, via a URL containing the /exec/
directory.
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Compaq Easy Access Keyboard software 1.3 does not properly disable
access to custom buttons when the screen is locked, which could allow
an attacker to gain privileges or execute programs without
authorization.
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Format string vulnerability in cfd daemon in GNU CFEngine before
1.6.0a11 allows attackers to execute arbitrary commands via format
characters in the CAUTH command.
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
GnoRPM before 0.95 allows local users to modify arbitrary files via a
symlink attack.
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier
allows a local user to execute arbitrary commands via the -g option.
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
A misconfiguration in IIS 5.0 with Index Server enabled and the Index
property set allows remote attackers to list directories in the web
root via a Web Distributed Authoring and Versioning (WebDAV) search.
Reference: ATSTAKE:A100400-1
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows
remote attackers to execute arbitrary commands via shell
metacharacters.
Reference: NETBSD:NetBSD-SA2000-014
Shambala Server 4.5 allows remote attackers to cause a denial of
service by opening then closing a connection.
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify
the authorization for a local user, which could allow the users to
bypass specified access restrictions.
Reference: REDHAT:RHSA-2000:094-01
The pluggable authentication module for msql (pam_mysql) before 0.4.7
does not properly cleanse user input when constructing SQL statements,
which allows attackers to obtain plaintext passwords or hashes.
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
HotJava Browser 3.0 allows remote attackers to access the DOM of a web
page by opening a javascript: URL in a named window.
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG
environmental variables when a program is spawned from a setuid
program, which could allow local users to overwrite files via a
symlink attack.
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
The POP3 server in Netscape Messaging Server 4.15p1 generates
different error messages for incorrect user names versus incorrect
passwords, which allows remote attackers to determine valid users on
the system and harvest email addresses for spam abuse.
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch
2 allows local users to execute arbitrary commands via a long LIST
command.
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty
AH/ESP packets, which allows remote attackers to cause a denial of
service.
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Buffer overflow in the web administration service for the HiNet LP5100
IP-phone allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a long GET request.
Reference: BUGTRAQ:20000928 Another thingy.
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS
10.24 and 11.04 allows an attacker to cause a denial of service (high
CPU utilization)
Reference: XF:hp-virtualvault-nsapi-dos
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of
HP-UX 11.0 and earlier allows local users to gain privileges.
Reference: HP:HPSBUX0010-125
PHP 3 and 4 do not properly cleanse user-injected format strings,
which allows remote attackers to execute arbitrary commands by
triggering error messages that are improperly written to the error
logs.
Reference: ATSTAKE:A101200-1
Buffer overflow in Half Life dedicated server before build 3104 allows
remote attackers to execute arbitrary commands via a long rcon
command.
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Format string vulnerability in Half Life dedicated server build 3104
and earlier allows remote attackers to execute arbitrary commands by
injecting format strings into the changelevel command, via the system
console or rcon.
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure
and insecure web sessions, which could allow remote attackers to
hijack the secure web session of the user if that user moves to an
insecure session, aka the "Session ID Cookie Marking" vulnerability.
Reference: MS:MS00-080
CVE (version 20030402)
CVE-1999-0002
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: BID:121
Reference: XF:linux-mountd-bo
CVE-1999-0003
Reference: CERT:CA-98.11.tooltalk
Reference: SGI:19981101-01-A
Reference: SGI:19981101-01-PX
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk
Reference: BID:122
CVE-1999-0005
Reference: SUN:00177
Reference: BID:130
Reference: XF:imap-authenticate-bo
CVE-1999-0006
Reference: SGI:19980801-01-I
Reference: AUSCERT:AA-98.01
Reference: XF:qpopper-pass-overflow
Reference: BID:133
CVE-1999-0007
Reference: XF:nt-ssl-fix
CVE-1999-0008
Reference: SUN:00170
Reference: ISS:June10,1998
Reference: XF:nisd-bo-check
CVE-1999-0009
Reference: HP:HPSBUX9808-083
Reference: SUN:00180
Reference: CERT:CA-98.05.bind_problems
Reference: XF:bind-bo
Reference: BID:134
CVE-1999-0010
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: XF:bind-dos
CVE-1999-0011
Reference: SGI:19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: SUN:00180
Reference: XF:bind-axfr-dos
CVE-1999-0012
Reference: XF:nt-web8.3
CVE-1999-0013
Reference: NAI:NAI-24
Reference: XF:ssh-agent
CVE-1999-0014
Reference: SUN:00185
Reference: CERT:CA-98.02.CDE
CVE-1999-0016
Reference: FREEBSD:FreeBSD-SA-98:01
Reference: HP:HPSBUX9801-076
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:95-verv-tcp
Reference: XF:land-patch
Reference: XF:ver-tcpip-sys
CVE-1999-0017
Reference: XF:ftp-bounce
Reference: XF:ftp-privileged-port
CVE-1999-0018
Reference: AUSCERT:AA-97.29
Reference: XF:statd
Reference: BID:127
CVE-1999-0019
Reference: XF:rpc-stat
Reference: SUN:00135
CVE-1999-0021
Reference: CERT:CA-97.24.Count_cgi
Reference: XF:http-cgi-count
Reference: BID:128
CVE-1999-0022
Reference: SUN:00179
Reference: XF:rdist-bo3
Reference: XF:rdist-sept97
CVE-1999-0023
Reference: XF:rdist-bo
Reference: XF:rdist-bo2
CVE-1999-0024
Reference: XF:bind
Reference: NAI:NAI-11
CVE-1999-0025
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: XF:df-bo
CVE-1999-0026
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: XF:pset-bo
CVE-1999-0027
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: XF:eject-bo
CVE-1999-0028
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul
Reference: XF:sgi-schemebo
CVE-1999-0029
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: XF:ordist-bo
CVE-1999-0031
Reference: HP:HPSBUX9707-065
CVE-1999-0032
Reference: AUSCERT:AA-96.12
Reference: CIAC:I-042
Reference: SGI:19980402-01-PX
Reference: XF:bsd-lprbo2
Reference: XF:bsd-lprbo
Reference: XF:lpr-bo
CVE-1999-0034
Reference: XF:perl-suid
CVE-1999-0035
Reference: CERT:CA-97.16.ftpd
Reference: AUSCERT:AA-97.03
CVE-1999-0036
Reference: AUSCERT:AA-97.12
Reference: SGI:19970508-02-PX
Reference: XF:sgi-lockout
CVE-1999-0037
Reference: XF:metamail-header-commands
CVE-1999-0038
Reference: XF:xlock-bo
CVE-1999-0039
Reference: AUSCERT:AA-97.14
Reference: SGI:19970501-02-PX
Reference: BID:374
Reference: XF:http-sgi-webdist
CVE-1999-0040
Reference: XF:libXt-bo
CVE-1999-0041
Reference: XF:nls-bo
CVE-1999-0042
Reference: CERT:CA-97.09.imap_pop
Reference: XF:popimap-bo
CVE-1999-0043
Reference: XF:inn-controlmsg
CVE-1999-0044
Reference: XF:sgi-fsdump
CVE-1999-0045
Reference: XF:http-cgi-nph
CVE-1999-0046
Reference: XF:rlogin-termbo
CVE-1999-0047
Reference: BID:685
Reference: XF:sendmail-mime-bo2
CVE-1999-0048
Reference: FREEBSD:FreeBSD-SA-96:21
Reference: AUSCERT:AA-97.01
Reference: SUN:00147
Reference: XF:talkd-bo
Reference: XF:netkit-talkd
CVE-1999-0049
Reference: CERT:CA-97.03.csetup
CVE-1999-0050
Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability
Reference: XF:hp-newgrpbo
CVE-1999-0051
Reference: CERT:CA-97.01.flex_lm
Reference: AUSCERT:AA-96.03
CVE-1999-0052
Reference: XF:freebsd-ip-frag-dos
CVE-1999-0053
CVE-1999-0054
Reference: XF:sun-ftpd
CVE-1999-0055
Reference: AIXAPAR:IX80543
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: XF:sun-libnsl
CVE-1999-0056
Reference: XF:sun-ping
CVE-1999-0057
Reference: XF:vacation
Reference: HP:HPSBUX9811-087
CVE-1999-0058
Reference: BID:712
Reference: XF:http-cgi-phpbo
CVE-1999-0059
Reference: XF:irix-fam
CVE-1999-0060
Reference: XF:ascend-config-kill
Reference: ASCEND:http://www.ascend.com/2695.html
CVE-1999-0062
Reference: NAI:NAI-28
CVE-1999-0063
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash
CVE-1999-0064
Reference: XF:lquerylv-bo
CVE-1999-0065
Reference: XF:hp-dtmail
CVE-1999-0066
Reference: XF:http-cgi-anyform
CVE-1999-0067
Reference: XF:http-cgi-phf
Reference: BID:629
CVE-1999-0068
Reference: XF:http-cgi-php-mylog
Reference: BID:713
CVE-1999-0069
Reference: XF:sun-ufsrestore
CVE-1999-0070
CVE-1999-0071
Reference: NAI:NAI-2
CVE-1999-0072
Reference: XF:ibm-xdat
CVE-1999-0073
Reference: XF:linkerbug
CVE-1999-0074
CVE-1999-0075
Reference: XF:ftp-pasvcore
CVE-1999-0077
CVE-1999-0079
Reference: XF:ftp-pasvdos
CVE-1999-0080
Reference: XF:ftp-execdotdot
CVE-1999-0081
CVE-1999-0082
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
CVE-1999-0083
CVE-1999-0084
CVE-1999-0085
Reference: XF:rwhod
Reference: XF:rwhod-vuln
CVE-1999-0087
Reference: ERS:ERS-SVA-E01-1998:003.1
CVE-1999-0090
Reference: XF:ibm-rcp
CVE-1999-0091
Reference: XF:ibm-writesrv
CVE-1999-0093
Reference: XF:ibm-nslookup
CVE-1999-0094
Reference: XF:ibm-piodmgrsu
CVE-1999-0095
Reference: CERT:CA-93.14
Reference: XF:smtp-debug
CVE-1999-0096
Reference: CERT:CA-95.05
Reference: CIAC:A-13
Reference: CIAC:A-14
Reference: SUN:00122
Reference: XF:smtp-dcod
CVE-1999-0097
Reference: XF:ibm-ftp
CVE-1999-0099
Reference: XF:smtp-syslog
CVE-1999-0100
Reference: XF:inn-controlmsg
CVE-1999-0101
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: SUN:00137a
Reference: CIAC:H-13
Reference: NAI:NAI-1
Reference: XF:ghbn-bo
CVE-1999-0102
CVE-1999-0103
Reference: XF:echo
Reference: XF:chargen
Reference: XF:chargen-patch
CVE-1999-0108
Reference: XF:printers-bo
CVE-1999-0109
Reference: AUSCERT:AA-97.06
Reference: XF:ffbconfig-bo
CVE-1999-0111
CVE-1999-0112
Reference: XF:dtterm-bo
CVE-1999-0113
Reference: XF:rlogin-froot
CVE-1999-0115
Reference: XF:ibm-bugfiler
Reference: BID:1800
CVE-1999-0116
Reference: SGI:19961202-01-PX
Reference: SUN:00136
CVE-1999-0117
Reference: CERT:CA-92:07.AIX.passwd.vulnerability
CVE-1999-0118
Reference: XF:aix-infod
CVE-1999-0120
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: XF:utmp-write
CVE-1999-0122
Reference: XF:lchangelv-bo
CVE-1999-0124
Reference: XF:gopher-vuln
CVE-1999-0125
Reference: SGI:19980605-01-PX
CVE-1999-0126
Reference: CIAC:J-010
Reference: XF:xfree86-xterm-xaw
Reference: XF:xfree86-xaw
CVE-1999-0128
Reference: CERT:CA-96.26.ping
CVE-1999-0129
CVE-1999-0130
Reference: BID:716
Reference: XF:sendmail-daemon-mode
CVE-1999-0131
Reference: XF:smtp-875bo
Reference: BID:717
CVE-1999-0132
Reference: CERT:CA-96.19.expreserve
CVE-1999-0133
Reference: XF:fmaker-logfile
CVE-1999-0134
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: AUSCERT:AL-96.04
CVE-1999-0135
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: AUSCERT:AL-96.03
CVE-1999-0136
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul
CVE-1999-0137
Reference: CERT:CA-96.13.dip_vul
Reference: XF:dip-bo
CVE-1999-0138
Reference: XF:sperl-suid
CVE-1999-0139
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE
CVE-1999-0141
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134
CVE-1999-0142
Reference: XF:http-java-appletsecmgr
CVE-1999-0143
Reference: XF:kerberos-bf
CVE-1999-0145
Reference: CERT:CA-1993-14
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
CVE-1999-0146
Reference: XF:http-cgi-campas
CVE-1999-0147
Reference: AUSCERT:AA-97.28
CVE-1999-0148
Reference: BID:380
Reference: XF:http-sgi-handler
CVE-1999-0149
Reference: SGI:19970501-02-PX
Reference: XF:http-sgi-wrap
Reference: BID:373
CVE-1999-0150
CVE-1999-0151
Reference: CERT:CA-95.06.satan.vul
CVE-1999-0152
Reference: XF:dgux-fingerd
CVE-1999-0153
CVE-1999-0155
Reference: CERT:CA-95.10.ghostscript
CVE-1999-0157
Reference: XF:cisco-fragmented-attacks
CVE-1999-0158
Reference: XF:cisco-pix-file-exposure
CVE-1999-0159
Reference: XF:cisco-ios-crash
CVE-1999-0160
Reference: XF:cisco-chap
CVE-1999-0161
Reference: XF:cisco-acl-tacacs
CVE-1999-0162
Reference: XF:cisco-acl-established
CVE-1999-0164
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul
CVE-1999-0166
CVE-1999-0167
Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand
CVE-1999-0168
CVE-1999-0170
CVE-1999-0172
Reference: BUGTRAQ:Aug02,1995
CVE-1999-0173
CVE-1999-0174
Reference: XF:http-cgi-viewsrc
CVE-1999-0175
CVE-1999-0176
Reference: XF:http-webgais-query
CVE-1999-0177
CVE-1999-0178
CVE-1999-0179
Reference: XF:nt-samba-dotdot
Reference: XF:nt-351
Reference: XF:nt-35
CVE-1999-0180
CVE-1999-0181
CVE-1999-0182
Reference: CERT:VB-97.10.samba
Reference: XF:nt-samba-bo
CVE-1999-0183
CVE-1999-0184
CVE-1999-0185
Reference: XF:sun-ftpd/logind
CVE-1999-0188
Reference: XF:sun-passwd-dos
CVE-1999-0189
Reference: SUN:00142
Reference: XF:rpc-32771
CVE-1999-0190
Reference: XF:sun-rpcbind
CVE-1999-0191
CVE-1999-0192
Reference: XF:bsd-tel-tgetent
CVE-1999-0194
CVE-1999-0196
Reference: BUGTRAQ:Jul08,1997
CVE-1999-0201
CVE-1999-0202
CVE-1999-0203
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5
CVE-1999-0204
Reference: CIAC:F-13
CVE-1999-0206
Reference: AUSCERT:AA-96.06a
CVE-1999-0207
Reference: CERT:CA-94.11.majordomo.vulnerabilities
CVE-1999-0208
Reference: CERT:CA-95.17.rpc.ypupdated.vul
CVE-1999-0209
Reference: CERT:CA-90.05.sunselection.vulnerability
CVE-1999-0210
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: HP:HPSBUX9910-104
Reference: CERT:CA-99-05
Reference: BID:235
CVE-1999-0211
CVE-1999-0212
Reference: CIAC:I-048
Reference: XF:sun-mountd
CVE-1999-0214
CVE-1999-0215
Reference: CIAC:J-012
Reference: XF:ripapp
CVE-1999-0217
CVE-1999-0218
CVE-1999-0219
CVE-1999-0221
CVE-1999-0223
Reference: SUNBUG:1249320
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches
Reference: XF:sol-syslogd-crash
Reference: BID:1878
CVE-1999-0224
CVE-1999-0225
Reference: MSKB:Q180963
Reference: XF:nt-logondos
CVE-1999-0227
Reference: XF:nt-lsass-crash
CVE-1999-0228
Reference: MSKB:Q162567
CVE-1999-0230
CVE-1999-0233
Reference: MSKB:Q155056
Reference: XF:http-iis-cmd
CVE-1999-0234
Reference: CERT:CA-96.22.bash_vuls
CVE-1999-0236
CVE-1999-0237
Reference: CERT:VB-97.02
CVE-1999-0239
CVE-1999-0244
Reference: XF:radius-accounting-overflow
CVE-1999-0245
Reference: XF:linux-plus
CVE-1999-0247
Reference: BID:1443
Reference: XF:inn-bo
CVE-1999-0248
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
CVE-1999-0251
CVE-1999-0252
CVE-1999-0256
CVE-1999-0259
Reference: XF:cfinger-user-enumeration
CVE-1999-0260
Reference: XF:http-cgi-jj
CVE-1999-0262
Reference: BUGTRAQ:Aug04,1998
CVE-1999-0263
Reference: XF:sun-sunwadmap
CVE-1999-0264
Reference: BUGTRAQ:Jan27,1998
CVE-1999-0265
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: XF:icmp-redirect
CVE-1999-0266
CVE-1999-0267
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability
CVE-1999-0268
Reference: XF:metaweb-server-dot-attack
CVE-1999-0269
CVE-1999-0270
Reference: CIAC:I-041
Reference: XF:sgi-pfdispaly
CVE-1999-0272
CVE-1999-0273
CVE-1999-0274
Reference: XF:nt-dns-dos
CVE-1999-0275
Reference: XF:nt-dnsver
Reference: MS:Q169461
CVE-1999-0276
Reference: SEKURE:sekure.01-99.msql
CVE-1999-0277
Reference: CERT:CA-96.23.workman_vul
CVE-1999-0278
Reference: XF:iis-asp-data-check
CVE-1999-0279
Reference: XF:excite-cgi-search-vuln
CVE-1999-0280
Reference: CIAC:H-38
Reference: XF:http-ie-lnkurl
CVE-1999-0281
CVE-1999-0288
CVE-1999-0289
CVE-1999-0290
Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update
Reference: XF:wingate-dos
CVE-1999-0291
CVE-1999-0292
CVE-1999-0293
Reference: XF:cisco-ios-aaa-auth
CVE-1999-0294
CVE-1999-0295
Reference: SUN:00157
CVE-1999-0296
Reference: XF:sun-volrmmount
CVE-1999-0297
Reference: AUSCERT:AA-96.21
Reference: CIAC:H-17
Reference: XF:vixie-cron
CVE-1999-0299
CVE-1999-0300
Reference: XF:sun-niscache
CVE-1999-0301
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo
CVE-1999-0302
Reference: XF:sun-ftp-server
CVE-1999-0303
Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD
CVE-1999-0304
Reference: FREEBSD:FreeBSD-SA-98:02
CVE-1999-0305
Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem"
CVE-1999-0308
Reference: XF:hpux-gwind-overwrite
Reference: CIAC:H-03: HP-UX suid Vulnerabilities
CVE-1999-0309
Reference: XF:hpux-vgdisplay
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability
CVE-1999-0310
CVE-1999-0311
Reference: HP:HPSBUX9612-042
CVE-1999-0312
Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability
CVE-1999-0313
Reference: SGI:19980701-01-P
CVE-1999-0314
Reference: SGI:19980701-01-P
CVE-1999-0315
Reference: SUN:00138
CVE-1999-0316
Reference: CIAC:G-08
CVE-1999-0318
Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)
Reference: XF:xmcd-envbo
CVE-1999-0320
Reference: XF:sun-rpc.cmsd
CVE-1999-0321
CVE-1999-0322
Reference: XF:freebsd-open
CVE-1999-0323
Reference: NETBSD:1998-003
Reference: XF:bsd-mmap
CVE-1999-0324
Reference: CIAC:H-31
Reference: XF:hp-ppllog
CVE-1999-0325
Reference: HP:HPSBUX9406-013
CVE-1999-0326
Reference: XF:hp-mediainit
CVE-1999-0327
Reference: XF:sgi-syserr
CVE-1999-0328
Reference: XF:sgi-permtool
CVE-1999-0329
Reference: XF:sgi-mediad
CVE-1999-0332
Reference: MSKB:Q184346
CVE-1999-0334
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability
CVE-1999-0335
CVE-1999-0337
Reference: XF:ibm-bsh
CVE-1999-0338
Reference: CERT:CA-94.03.AIX.performance.tools
CVE-1999-0339
Reference: RSI:RSI.0007.05-26-98
CVE-1999-0340
Reference: XF:linux-crond
CVE-1999-0341
Reference: XF:linux-deliver
CVE-1999-0342
Reference: XF:linux-pam-passwd-tmprace
CVE-1999-0343
Reference: XF:palace-malicious-servers-vuln
CVE-1999-0344
Reference: MSKB:Q190288
Reference: XF:nt-priv-fix
CVE-1999-0346
Reference: BID:713
Reference: XF:http-cgi-php-mlog
CVE-1999-0348
Reference: MSKB:Q197003
CVE-1999-0349
Reference: MS:MS99-003
Reference: MSKB:Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: XF:iis-remote-ftp
CVE-1999-0350
Reference: XF:clearcase-temp-race
CVE-1999-0351
CVE-1999-0353
Reference: CIAC:J-026
Reference: XF:pcnfsd-world-write
CVE-1999-0355
Reference: XF:controlit-reboot
CVE-1999-0357
Reference: XF:win98-oshare-dos
CVE-1999-0358
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc
Reference: CIAC:J-027
CVE-1999-0362
Reference: XF:wsftp-remote-dos
Reference: BID:217
CVE-1999-0363
Reference: XF:plp-lpc-bo
Reference: BID:328
CVE-1999-0365
Reference: XF:metamail-header-commands
CVE-1999-0366
Reference: MSKB:Q214840
Reference: XF:nt-sp4-auth-error
CVE-1999-0367
CVE-1999-0368
Reference: CERT:CA-99.03
Reference: XF:palmetto-ftpd-bo
CVE-1999-0369
Reference: XF:sun-sdtcm-convert-bo
CVE-1999-0371
Reference: XF:lynx-temp-files-race
CVE-1999-0372
Reference: XF:nt-backoffice-setup
Reference: MSKB:Q217004
CVE-1999-0373
Reference: XF:linux-super-bo
Reference: XF:linux-super-logging-bo
CVE-1999-0374
Reference: BUGTRAQ:Feb16,1999
Reference: XF:linux-cfengine-symlinks
CVE-1999-0375
Reference: BUGTRAQ:Feb16,1999
Reference: XF:nfr-webd-overflow
CVE-1999-0376
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: XF:nt-knowndlls-list
CVE-1999-0377
CVE-1999-0378
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request
CVE-1999-0379
Reference: MS:MS99-007
Reference: XF:win-resourcekit-taskpads
CVE-1999-0380
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: BID:497
Reference: XF:slmail-ras-ntfs-bypass(5392)
CVE-1999-0382
Reference: XF:nt-screen-saver
CVE-1999-0383
Reference: XF:acc-tigris-login
CVE-1999-0384
Reference: MS:MS99-001
CVE-1999-0385
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos
CVE-1999-0386
Reference: XF:pws-file-access
CVE-1999-0387
Reference: MSKB:Q168115
Reference: BID:829
Reference: XF:9x-plaintext-pwd
CVE-1999-0388
Reference: L0PHT:Jan3,1999
CVE-1999-0390
Reference: CALDERA:CSSA-1999-006.1
Reference: BID:187
CVE-1999-0391
CVE-1999-0392
Reference: XF:http-cgic-library-bo
CVE-1999-0393
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: XF:sendmail-parsing-redirection
CVE-1999-0395
Reference: XF:backweb-polite-agent-protocol
CVE-1999-0396
Reference: OPENBSD:Feb17,1999
Reference: XF:netbsd-tcp-race
CVE-1999-0402
Reference: XF:wget-permissions
Reference: DEBIAN:19990220
CVE-1999-0403
Reference: XF:cyrix-hang
CVE-1999-0404
Reference: XF:mailmax-bo
CVE-1999-0405
Reference: BUGTRAQ:Feb18,1999
Reference: XF:lsof-bo
CVE-1999-0407
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: XF:iis-iisadmpwd
CVE-1999-0408
Reference: XF:cobalt-raq-history-exposure
Reference: BID:337
CVE-1999-0409
Reference: XF:gnuplot-home-overflow
Reference: BID:319
CVE-1999-0410
Reference: XF:sol-cancel
Reference: BID:293
CVE-1999-0412
Reference: XF:iis-isapi-execute
Reference: BID:501
CVE-1999-0413
Reference: XF:irix-font-path-overflow
CVE-1999-0414
Reference: XF:linux-blind-spoof
CVE-1999-0415
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: CIAC:J-034
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config
CVE-1999-0416
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: CIAC:J-034
Reference: XF:cisco-web-crash
CVE-1999-0417
Reference: XF:solaris-psinfo-crash
Reference: BID:448
CVE-1999-0420
CVE-1999-0421
Reference: XF:linux-slackware-install
Reference: BID:338
CVE-1999-0422
CVE-1999-0423
Reference: XF:hp-hpterm-files
CVE-1999-0424
Reference: XF:netscape-talkback-overwrite
CVE-1999-0425
Reference: XF:netscape-talkback-kill
CVE-1999-0428
Reference: XF:ssl-session-reuse
CVE-1999-0429
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: XF:lotus-client-encryption
CVE-1999-0430
Reference: CISCO:Cisco Catalyst Supervisor Remote Reload
Reference: XF:cisco-catalyst-crash
CVE-1999-0432
Reference: XF:hp-ftp
CVE-1999-0433
Reference: BUGTRAQ:Mar21,1999
Reference: XF:xfree86-temp-directories
CVE-1999-0436
Reference: XF:hp-desms-servers
CVE-1999-0437
Reference: XF:webramp-device-crash
CVE-1999-0438
Reference: XF:webramp-ipchange
CVE-1999-0439
Reference: DEBIAN:19990422
Reference: CALDERA:CSSA-1999:007
Reference: XF:procmail-overflow
CVE-1999-0440
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: XF:java-unverified-code
CVE-1999-0441
Reference: XF:wingate-redirector-dos
Reference: BID:509
CVE-1999-0442
Reference: BID:327
CVE-1999-0445
Reference: XF:cisco-natacl-leakage
CVE-1999-0446
Reference: XF:netbsd-vfslocking-panic
CVE-1999-0447
Reference: XF:mpeix-debug
CVE-1999-0448
CVE-1999-0449
Reference: XF:iis-exair-dos
Reference: BID:193
CVE-1999-0457
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln
Reference: BID:317
CVE-1999-0458
Reference: XF:l0phtcrack-temp-files
CVE-1999-0463
Reference: XF:sgi-fcagent-dos
CVE-1999-0464
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2
CVE-1999-0466
CVE-1999-0468
Reference: XF:ie-scriplet-fileread
Reference: BUGTRAQ:Apr9,1999
CVE-1999-0470
Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit
CVE-1999-0471
Reference: BUGTRAQ:Apr9,1999
CVE-1999-0472
Reference: BUGTRAQ:Apr7,1999
CVE-1999-0473
Reference: XF:rsync-permissions
Reference: BUGTRAQ:Apr7,1999
CVE-1999-0474
Reference: BUGTRAQ:Apr5,1999
CVE-1999-0475
Reference: BUGTRAQ:Apr5,1999
CVE-1999-0478
Reference: XF:sendmail-headers-dos
CVE-1999-0479
Reference: XF:netscape-server-dos
CVE-1999-0481
CVE-1999-0482
CVE-1999-0483
CVE-1999-0484
CVE-1999-0485
Reference: XF:openbsd-ipintr-race
CVE-1999-0487
Reference: XF:ie-dhtml-control
CVE-1999-0491
Reference: CALDERA:CSSA-1999-008.0
Reference: BID:119
CVE-1999-0493
Reference: SUN:00186
Reference: CIAC:J-045
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: BID:450
CVE-1999-0494
CVE-1999-0496
Reference: XF:nt-getadmin
Reference: XF:nt-getadmin-present
CVE-1999-0513
Reference: FREEBSD:FreeBSD-SA-98:06
Reference: XF:smurf
CVE-1999-0514
CVE-1999-0526
CVE-1999-0551
Reference: XF:hp-openmail
CVE-1999-0566
Reference: XF:syslog-flood
CVE-1999-0608
Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html.
Reference: XF:pdgsoftcart-misconfig(3857)
CVE-1999-0612
Reference: XF:finger-running
CVE-1999-0626
Reference: XF:ruser
CVE-1999-0627
CVE-1999-0628
CVE-1999-0668
Reference: MS:MS99-032
Reference: CIAC:J-064
Reference: BID:598
Reference: XF:ms-scriptlet-eyedog-unsafe
Reference: MSKB:Q240308
CVE-1999-0671
Reference: XF:toxsoft-nextftp-cwd-bo
CVE-1999-0672
Reference: BID:573
CVE-1999-0674
Reference: OPENBSD:Aug 9,1999
Reference: FREEBSD:FreeBSD-SA-99:02
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: BID:570
Reference: CIAC:J-067
Reference: XF:netbsd-profil
CVE-1999-0675
Reference: BID:576
Reference: XF:checkpoint-port
CVE-1999-0676
Reference: XF:sun-sdtcm-convert
Reference: BID:575
CVE-1999-0678
Reference: BUGTRAQ:19990405 An issue with Apache on Debian
Reference: BID:318
CVE-1999-0679
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: BID:581
Reference: XF:hybrid-ircd-minvite-bo
CVE-1999-0680
Reference: MSKB:Q238600
Reference: CIAC:J-057
Reference: BID:571
Reference: XF:nt-terminal-dos
CVE-1999-0681
Reference: XF:frontpage-pws-dos
Reference: BID:568
CVE-1999-0682
Reference: MSKB:Q237927
Reference: BID:567
Reference: CIAC:J-056
Reference: XF:exchange-relay
CVE-1999-0683
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0
Reference: BID:556
CVE-1999-0685
Reference: BID:618
CVE-1999-0686
Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug
Reference: HP:HPSBUX9906-098
Reference: CIAC:J-046
Reference: XF:hp-tgad-dos
CVE-1999-0687
Reference: SUN:00192
Reference: HP:HPSBUX9909-103
Reference: COMPAQ:SSRT0617U_TTSESSION
Reference: CIAC:K-001
Reference: CERT:CA-99-11
Reference: BID:637
Reference: XF:cde-ttsession-rpc-auth
CVE-1999-0688
Reference: XF:hp-sd-bo
CVE-1999-0689
Reference: SUN:00192
Reference: HP:HPSBUX9909-103
Reference: CERT:CA-99-11
Reference: XF:cde-dtspcd-file-auth
Reference: BID:636
CVE-1999-0690
Reference: CIAC:J-053
Reference: XF:hp-cde-directory
CVE-1999-0691
Reference: SUN:00192
Reference: HP:HPSBUX9909-103
Reference: COMPAQ:SSRTO615U_DTACTION
Reference: CERT:CA-99-11
Reference: XF:cde-dtaction-username-bo
Reference: BID:635
CVE-1999-0692
Reference: CIAC:J-052
Reference: SGI:19990701-01-P
Reference: XF:sgi-arrayd
CVE-1999-0693
Reference: SUN:00192
Reference: HP:HPSBUX9909-103
Reference: BID:641
Reference: XF:cde-dtsession-env-bo
CVE-1999-0694
Reference: IBM:ERS-SVA-E01-1999:002.1
Reference: XF:aix-ptrace-halt
CVE-1999-0695
Reference: XF:http-powerdynamo-dotdotslash
Reference: BID:620
CVE-1999-0696
Reference: SCO:SB-99.12
Reference: SUN:00188
Reference: SUNBUG:4230754
Reference: HP:HPSBUX9908-102
Reference: COMPAQ:SSRT0614U_RPC_CMSD
Reference: CERT:CA-99-08
Reference: CIAC:J-051
Reference: XF:sun-cmsd-bo
CVE-1999-0697
Reference: BID:621
Reference: XF:sco-doctor-execute
CVE-1999-0699
CVE-1999-0700
Reference: MS:MS99-026
Reference: XF:nt-malformed-dialer
CVE-1999-0701
Reference: MSKB:Q173039
Reference: BID:626
Reference: XF:nt-install-unattend-file
CVE-1999-0702
Reference: MS:MS99-037
Reference: MSKB:Q241361
Reference: XF:ie5-import-export-favorites
Reference: BID:627
CVE-1999-0703
Reference: OPENBSD:Jul30,1999
Reference: FREEBSD:FreeBSD-SA-99:01
Reference: CIAC:J-066
Reference: XF:openbsd-chflags-fchflags-permitted
CVE-1999-0704
Reference: CALDERA:CSSA-1999:024.0
Reference: FREEBSD:SA-99:06
Reference: DEBIAN:19991018
Reference: BID:614
Reference: CERT:CA-99-12
Reference: XF:amd-bo
CVE-1999-0705
Reference: REDHAT:RHSA1999033_01
Reference: CALDERA:CSSA-1999-026
Reference: SUSE:19990831 Security hole in INN
Reference: DEBIAN:19990907
Reference: BID:616
CVE-1999-0706
Reference: SUSE:19990817 Security hole in i4l (xmonisdn)
Reference: BID:583
CVE-1999-0707
Reference: XF:hp-visualize-conference-ftp
Reference: CIAC:J-050
CVE-1999-0708
Reference: BID:651
CVE-1999-0710
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness
CVE-1999-0711
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: XF:oracle-oratclsh
CVE-1999-0713
Reference: CIAC:J-044
Reference: XF:cde-dtlogin
Reference: COMPAQ:SSRT0600U
CVE-1999-0714
Reference: XF:du-edauth
CVE-1999-0715
Reference: MS:MS99-016
Reference: MSKB:Q230667
Reference: XF:nt-ras-bo
CVE-1999-0716
Reference: MSKB:Q231605
Reference: MS:MS99-015
CVE-1999-0717
Reference: MSKB:Q231304
Reference: XF:excel-virus-warning
CVE-1999-0719
Reference: REDHAT:RHSA-1999:023-01
Reference: XF:gnu-guile-plugin-export
Reference: BID:563
CVE-1999-0720
Reference: BID:597
Reference: XF:linux-pt-chown
CVE-1999-0721
Reference: MSKB:Q231457
Reference: MS:MS99-020
Reference: CIAC:J-049
Reference: XF:msrpc-lsa-lookupnames-dos
CVE-1999-0722
Reference: CERT:CA-99-10
CVE-1999-0723
Reference: CIAC:J-049
Reference: XF:nt-csrss-dos
Reference: MSKB:Q233323
CVE-1999-0724
Reference: XF:openbsd-uio_offset-bo
CVE-1999-0725
Reference: MS:MS99-022
Reference: XF:iis-double-byte-code-page
CVE-1999-0726
Reference: MSKB:Q234557
Reference: XF:nt-malformed-image-header
CVE-1999-0727
Reference: XF:openbsd-ipsec-cleartext
CVE-1999-0728
Reference: MSKB:Q236359
Reference: XF:nt-ioctl-dos
CVE-1999-0729
Reference: CIAC:J-061
Reference: BID:601
Reference: XF:lotus-ldap-bo
CVE-1999-0730
CVE-1999-0731
Reference: CALDERA:CSSA-1999:017
Reference: SUSE:19990629 Security hole in Klock
Reference: BID:489
CVE-1999-0732
Reference: XF:smtp-refuser-tmp
CVE-1999-0733
Reference: XF:vmware-bo
CVE-1999-0734
Reference: XF:ciscosecure-read-write
CVE-1999-0735
Reference: CALDERA:CSSA-1999:016
Reference: REDHAT:RHSA-1999:015-01
CVE-1999-0740
Reference: XF:linux-telnetd-term
Reference: CALDERA:CSSA-1999:022
Reference: REDHAT:RHSA1999029_01
CVE-1999-0742
Reference: BID:480
CVE-1999-0743
Reference: DEBIAN:19990823c
Reference: SUSE:19990824 Security hole in trn
CVE-1999-0744
Reference: BID:603
CVE-1999-0745
Reference: CIAC:J-059
Reference: BID:590
Reference: XF:aix-pdnsd-bo
CVE-1999-0746
Reference: SUSE:19990824 Security hole in netcfg
Reference: BID:587
Reference: XF:suse-identd-dos
CVE-1999-0747
Reference: BID:589
Reference: XF:bsdi-smp-dos
CVE-1999-0749
Reference: MS:MS99-033
Reference: XF:win-ie5-telnet-heap-overflow
Reference: BID:586
CVE-1999-0751
Reference: BID:631
CVE-1999-0752
CVE-1999-0753
Reference: XF:mini-sql-w3-msql-cgi
Reference: BID:591
CVE-1999-0754
Reference: CALDERA:CSSA-1999-011.0
Reference: SUSE:19990518 Security hole in INN
Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html
Reference: BID:255
Reference: XF:inn-innconf-env
CVE-1999-0755
Reference: MSKB:Q230681
Reference: MS:MS99-017
CVE-1999-0756
Reference: XF:coldfusion-admin-dos(2207)
CVE-1999-0758
Reference: XF:netscape-space-view
CVE-1999-0759
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: BID:634
Reference: XF:fuseware-popmail-bo
CVE-1999-0760
Reference: BID:550
Reference: XF:coldfusion-server-cfml-tags
CVE-1999-0761
Reference: XF:freebsd-fts-lib-bo
Reference: BID:644
CVE-1999-0762
Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability
CVE-1999-0763
Reference: XF:netbsd-arp
CVE-1999-0764
Reference: XF:netbsd-arp
CVE-1999-0765
Reference: SGI:19990501-01-A
Reference: XF:irix-midikeys
CVE-1999-0766
Reference: MSKB:Q240346
Reference: BID:600
Reference: XF:msvm-verifier-java
CVE-1999-0768
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron
CVE-1999-0769
Reference: CALDERA:CSSA-1999:023.0
Reference: SUSE:19990829 Security hole in cron
Reference: DEBIAN:19990830 cron
Reference: BID:611
CVE-1999-0770
Reference: BID:549
Reference: CHECKPOINT:ACK DOS ATTACK
CVE-1999-0771
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-file-read
CVE-1999-0772
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-dos
CVE-1999-0773
Reference: XF:sol-lpset-bo
CVE-1999-0774
Reference: REDHAT:RHSA1999037_01
Reference: SUSE:19990916 Security hole in mars nwe
Reference: BID:617
CVE-1999-0775
Reference: XF:cisco-gigaswitch
CVE-1999-0777
Reference: MSKB:Q241407
Reference: MSKB:Q242559
Reference: XF:iis-ftp-no-access-files
Reference: BID:658
CVE-1999-0778
Reference: XF:accelx-display-bo
CVE-1999-0779
Reference: XF:hp-sharedx
CVE-1999-0780
Reference: XF:kde-klock-process-kill
CVE-1999-0781
Reference: XF:kde-klock-bindir-trojans
CVE-1999-0782
Reference: XF:kde-kppp-directory-create
CVE-1999-0783
Reference: CIAC:I-057
Reference: XF:freebsd-nfs-link-dos
CVE-1999-0785
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-pathrun
Reference: BID:254
CVE-1999-0786
Reference: BID:659
CVE-1999-0787
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: XF:ssh-socket-auth-symlink-dos
Reference: BID:660
CVE-1999-0788
Reference: BID:662
Reference: XF:arkiea-backup-nlserverd-remote-dos
CVE-1999-0789
Reference: IBM:ERS-SVA-E01-1999:004.1
Reference: CIAC:J-072
Reference: XF:aix-ftpd-bo
Reference: BID:679
CVE-1999-0790
Reference: XF:netscape-javascript
CVE-1999-0791
Reference: KSRT:012
Reference: BID:695
Reference: XF:hybrid-anon-cable-modem-reconfig
CVE-1999-0793
Reference: XF:ie-java-redirect
CVE-1999-0794
Reference: XF:excel-sylk
Reference: MSKB:Q241900
Reference: MSKB:Q241901
Reference: MSKB:Q241902
CVE-1999-0796
Reference: XF:freebsd-ttcp-spoof
CVE-1999-0797
Reference: CIAC:I-070
Reference: XF:sun-nis-nisplus
CVE-1999-0799
Reference: XF:bootpd-bo
CVE-1999-0800
Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug
Reference: XF:allaire-forums-file-read(1748)
CVE-1999-0801
Reference: XF:bmc-patrol-frames(2075)
CVE-1999-0802
Reference: MS:MS99-018
Reference: MSKB:Q231450
Reference: XF:ie-favicon
CVE-1999-0803
Reference: XF:ibm-enfirewall-tmpfiles
CVE-1999-0804
Reference: DEBIAN:19990607
Reference: CALDERA:CSSA-1999:013
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel
Reference: REDHAT:19990603 Kernel Update
Reference: BID:302
CVE-1999-0806
Reference: XF:cde-dtprintinfo
CVE-1999-0807
CVE-1999-0809
CVE-1999-0810
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
CVE-1999-0811
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
Reference: XF:samba-message-bo
Reference: BID:536
CVE-1999-0812
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
CVE-1999-0813
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: DEBIAN:19990814
Reference: XF:cfingerd-privileges
CVE-1999-0814
CVE-1999-0815
Reference: XF:nt-snmpagent-leak(1974)
CVE-1999-0817
CVE-1999-0819
Reference: BUGTRAQ:19991130 NTmail and VRFY
Reference: XF:nt-mail-vrfy
CVE-1999-0820
Reference: BID:838
Reference: XF:freebsd-seyon-dir-add
CVE-1999-0823
Reference: BID:839
Reference: XF:freebsd-xmindpath
CVE-1999-0824
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)
CVE-1999-0826
Reference: BID:840
Reference: XF:angband-bo
CVE-1999-0831
Reference: REDHAT:RHSA1999055-01
Reference: SUSE:19991118 syslogd-1.3.33 (a1)
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: BID:809
Reference: XF:slackware-syslogd-dos
CVE-1999-0832
Reference: DEBIAN:19991111 buffer overflow in nfs server
Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita
Reference: CALDERA:CSSA-1999-033.0
Reference: REDHAT:RHSA-1999:053-01
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: XF:linux-nfs-maxpath-bo
Reference: BID:782
CVE-1999-0833
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: CERT:CA-99-14
Reference: BID:788
Reference: XF:bind-nxt-bo
CVE-1999-0834
Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
Reference: CERT:CA-99-15
Reference: BID:843
Reference: XF:rsaref-bo
CVE-1999-0835
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: CERT:CA-99-14
Reference: XF:bind-sigrecord-dos
Reference: BID:788
CVE-1999-0836
Reference: SCO:SB-99.22a
Reference: BID:842
Reference: XF:unixware-uid-admin
CVE-1999-0837
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: CERT:CA-99-14
Reference: XF:bind-solinger-dos
Reference: BID:788
CVE-1999-0838
Reference: XF:servu-ftp-site-bo
CVE-1999-0839
Reference: MS:MS99-051
Reference: MSKB:Q246972
Reference: XF:ie-task-scheduler-privs
Reference: BID:828
CVE-1999-0842
Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: BID:827
Reference: XF:symantec-mail-dir-traversal
CVE-1999-0847
Reference: XF:fics-board-bo
CVE-1999-0848
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: XF:bind-fdmax-dos
CVE-1999-0849
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: XF:bind-maxdname-bo
CVE-1999-0851
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: XF:bind-naptr-dos
CVE-1999-0853
Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Reference: XF:netscape-fasttrack-auth-bo
CVE-1999-0854
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-ultimate-bbs
CVE-1999-0856
Reference: XF:slackware-remote-login
CVE-1999-0858
Reference: MSKB:Q247333
Reference: BID:846
Reference: XF:ie-wpad-proxy-settings
CVE-1999-0859
Reference: SUNBUG:4296166
Reference: BID:837
Reference: XF:sol-arp-parse
CVE-1999-0861
Reference: MSKB:Q244613
Reference: XF:iis-ssl-isapi-filter
CVE-1999-0864
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: XF:sco-coredump-symlink
Reference: BID:851
CVE-1999-0865
Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow
Reference: BID:860
Reference: XF:communigate-pro-bo
CVE-1999-0866
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: SCO:SB-99.24a
Reference: XF:sco-xauto-bo
Reference: BID:848
CVE-1999-0867
Reference: MSKB:Q238349
Reference: CIAC:J-058
Reference: XF:http-iis-malformed-header
Reference: BID:579
CVE-1999-0868
Reference: XF:inn-ucbmail-shell-meta
CVE-1999-0869
Reference: MSKB:167614
Reference: XF:http-frame-spoof
CVE-1999-0870
Reference: MSKB:169245
Reference: XF:ie-usp-cuartango
CVE-1999-0871
Reference: XF:ie-crossframe-file-read
CVE-1999-0873
Reference: XF:skyfull-mail-from-bo
CVE-1999-0874
Reference: MSKB:Q234905
Reference: EEYE:AD06081999
Reference: CERT:CA-99-07
Reference: CIAC:J-048
Reference: XF:iis-htr-overflow
CVE-1999-0875
Reference: MSKB:Q216141
Reference: BID:578
Reference: XF:irdp-gateway-spoof
CVE-1999-0876
Reference: MSKB:Q176697
CVE-1999-0877
Reference: MS:MS99-042
Reference: XF:ie-iframe-exec
CVE-1999-0878
Reference: CERT:CA-99-13
Reference: REDHAT:RHSA1999031_01
Reference: XF:wu-ftpd-dir-name
Reference: BID:599
CVE-1999-0879
Reference: XF:wuftp-message-file-root
CVE-1999-0880
Reference: XF:wuftp-site-newer-dos
CVE-1999-0881
Reference: BINDVIEW:Falcon Web Server
Reference: BID:743
Reference: XF:falcon-path-parsing
CVE-1999-0883
Reference: BID:742
CVE-1999-0884
Reference: BID:742
CVE-1999-0886
Reference: MS:MS99-041
Reference: BID:645
Reference: XF:nt-rasman-pathname
CVE-1999-0887
Reference: EEYE:AD05261999
CVE-1999-0888
Reference: XF:oracle-dbsnmp
Reference: BID:585
CVE-1999-0889
Reference: XF:cisco-cbos-telnet
CVE-1999-0890
Reference: XF:ihtml-merchant-file-access
CVE-1999-0891
Reference: MSKB:Q242542
Reference: XF:ie-download-behavior
CVE-1999-0892
CVE-1999-0893
Reference: XF:sco-openserver-userosa-script
CVE-1999-0894
CVE-1999-0895
Reference: BID:725
Reference: XF:checkpoint-ldap-auth
CVE-1999-0896
Reference: MISC:http://service.real.com/help/faq/servg260.html
Reference: XF:realserver-g2-pw-bo
Reference: BID:767
CVE-1999-0897
Reference: XF:ichat-file-read-vuln
CVE-1999-0898
Reference: MSKB:Q243649
Reference: XF:nt-printer-spooler-bo
Reference: BID:768
CVE-1999-0899
Reference: MSKB:Q243649
Reference: BID:769
Reference: XF:nt-printer-spooler-bo
CVE-1999-0900
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
CVE-1999-0901
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
CVE-1999-0902
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
CVE-1999-0903
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: XF:aix-genfilt-filtering
CVE-1999-0904
Reference: XF:bftelnet-username-dos
Reference: BID:771
CVE-1999-0905
Reference: BID:736
Reference: XF:raptor-ipoptions-dos
CVE-1999-0906
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: BID:656
Reference: XF:linux-sccw-bo
CVE-1999-0907
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier
CVE-1999-0908
Reference: BID:655
Reference: XF:sun-tcp-mutex-enter-dos
CVE-1999-0909
Reference: MS:MS99-038
Reference: MSKB:Q238453
Reference: BID:646
Reference: XF:nt-ip-source-route
CVE-1999-0912
Reference: BID:653
Reference: XF:freebsd-vfscache-dos
CVE-1999-0914
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: BID:324
CVE-1999-0915
Reference: BID:746
CVE-1999-0916
CVE-1999-0917
Reference: MSKB:Q231452
Reference: XF:legacy-activex-local-drive
CVE-1999-0918
Reference: MSKB:Q238329
Reference: MS:MS99-034
Reference: XF:igmp-dos
Reference: BID:514
CVE-1999-0920
Reference: DEBIAN:19990607a Vulnerability in POP-2 daemon
Reference: BID:283
Reference: XF:pop2-fold-bo
CVE-1999-0921
Reference: XF:bmc-patrol-udp-dos(4291)
Reference: BID:1879
CVE-1999-0922
Reference: XF:coldfusion-sourcewindow
CVE-1999-0924
Reference: XF:coldfusion-syntax-checker(1742)
CVE-1999-0927
Reference: BID:279
Reference: XF:ntmail-fileread
CVE-1999-0928
Reference: XF:websuite-dos
Reference: BID:278
CVE-1999-0930
Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml
Reference: XF:http-cgi-wwwboard(2344)
Reference: BID:1795
CVE-1999-0931
Reference: BID:734
Reference: XF:mediahouse-stats-login-bo
CVE-1999-0932
Reference: BID:735
Reference: XF:mediahouse-stats-adminpw-cleartext
CVE-1999-0933
Reference: BID:689
CVE-1999-0934
CVE-1999-0935
CVE-1999-0936
CVE-1999-0937
CVE-1999-0938
Reference: XF:sdr-execute
CVE-1999-0939
Reference: DEBIAN:19990826
Reference: BID:605
CVE-1999-0940
Reference: SUSE:19990927 Security hole in mutt
CVE-1999-0942
Reference: XF:sco-unixware-dos7utils-root-privs
CVE-1999-0943
CVE-1999-0945
Reference: CIAC:I-080
Reference: MSKB:Q169174
Reference: XF:exchange-dos(1223)
CVE-1999-0946
Reference: XF:yamaha-midiplug-embed
Reference: BID:760
CVE-1999-0947
Reference: BID:762
CVE-1999-0950
Reference: BID:747
Reference: XF:wftpd-mkd-bo
CVE-1999-0951
Reference: BID:739
Reference: XF:http-cgi-imagemap-bo
CVE-1999-0953
Reference: BUGTRAQ:19990916 More fun with WWWBoard
CVE-1999-0954
Reference: BID:649
CVE-1999-0955
Reference: CIAC:E-17
Reference: XF:ftp-exec
CVE-1999-0956
Reference: XF:next-netinfo
CVE-1999-0957
Reference: XF:majorcool-file-overwrite-vuln
CVE-1999-0958
Reference: XF:sudo-dot-dot-attack
CVE-1999-0959
Reference: SGI:19980301-01-PX
Reference: XF:irix-startmidi-file-creation
CVE-1999-0960
Reference: SGI:19980301-01-PX
Reference: XF:irix-cdplayer-directory-create
CVE-1999-0961
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink
CVE-1999-0962
Reference: HP:HPSBUX9701-045
Reference: XF:hp-password-cmd-bo
CVE-1999-0963
Reference: CERT:VB-96.06
Reference: XF:freebsd-mount-union-root
CVE-1999-0964
Reference: XF:freebsd-setlocale-bo
CVE-1999-0965
Reference: XF:xterm
CVE-1999-0966
CVE-1999-0967
CVE-1999-0968
Reference: XF:bnc-proxy-bo(1546)
Reference: BID:1927
CVE-1999-0969
Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork
Reference: MS:MS98-014
Reference: MSKB:Q193233
Reference: XF:snork-dos
CVE-1999-0971
Reference: XF:exim-include-overflow
CVE-1999-0972
Reference: BID:863
CVE-1999-0973
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:858
CVE-1999-0974
Reference: SUN:00190
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:864
CVE-1999-0975
Reference: BID:868
CVE-1999-0976
Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released
Reference: XF:sendmail-bi-alias
Reference: BID:857
CVE-1999-0977
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: CERT:CA-99-16
Reference: SUN:00191
Reference: BID:866
Reference: XF:sol-sadmind-amslverify-bo
CVE-1999-0978
Reference: BID:867
CVE-1999-0979
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: BID:869
CVE-1999-0980
Reference: MSKB:Q246045
CVE-1999-0981
Reference: MSKB:Q246094
CVE-1999-0982
CVE-1999-0986
Reference: BID:870
CVE-1999-0987
Reference: MSKB:Q237923
CVE-1999-0989
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: BID:861
CVE-1999-0991
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BID:862
CVE-1999-0992
CVE-1999-0994
Reference: MS:MS99-056
Reference: MSKB:Q248183
Reference: BID:873
CVE-1999-0995
Reference: MS:MS99-057
Reference: MSKB:Q248185
Reference: BID:875
CVE-1999-0996
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: XF:infoseek-ultraseek-bo
CVE-1999-0997
Reference: XF:wuftp-ftp-conversion
CVE-1999-0998
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-replace
CVE-1999-0999
Reference: MSKB:Q248749
Reference: BID:817
CVE-1999-1000
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-performance
CVE-1999-1001
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
CVE-1999-1004
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy
CVE-1999-1005
Reference: XF:groupwise-web-read-files
Reference: BID:879
CVE-1999-1007
Reference: XF:vdolive-bo-execute
Reference: BID:872
CVE-1999-1008
Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2
Reference: BID:871
Reference: XF:unix-xsoldier-overflow
CVE-1999-1010
Reference: XF:ssh-policy-bypass
CVE-1999-1011
Reference: MS:MS99-025
Reference: CIAC:J-054
Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service
Reference: BID:529
Reference: XF:nt-iis-rds
CVE-1999-1014
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: SUNBUG:4276509
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: BID:672
CVE-1999-1019
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: BID:495
CVE-1999-1021
Reference: SUN:00117
Reference: BID:47
Reference: XF:nfs-uid(82)
CVE-1999-1027
Reference: SUNBUG:4178998
Reference: XF:solaris-admintool-world-writable(7296)
Reference: BID:290
CVE-1999-1028
Reference: BID:288
Reference: XF:pcanywhere-dos(2256)
CVE-1999-1032
Reference: CIAC:B-36
Reference: BID:26
Reference: XF:ultrix-telnet(584)
CVE-1999-1034
Reference: CIAC:B-28
Reference: BID:23
Reference: XF:sysv-login(583)
CVE-1999-1035
Reference: MSKB:Q192296
Reference: XF:iis-get-dos(1823)
CVE-1999-1037
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: XF:satan-rexsatan-symlink(7167)
CVE-1999-1044
Reference: CIAC:I-050
Reference: XF:dgux-advfs-softlinks(7431)
CVE-1999-1045
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: MISC:http://service.real.com/help/faq/serv501.html
Reference: XF:realserver-pnserver-remote-dos(7297)
CVE-1999-1047
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: XF:gauntlet-bsdi-bypass(3397)
CVE-1999-1048
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: XF:linux-bash-bo(3414)
CVE-1999-1055
Reference: BID:179
Reference: XF:excel-call(1737)
CVE-1999-1057
Reference: CIAC:B-04
Reference: BID:12
Reference: XF:vms-analyze-processdump-privileges(7137)
CVE-1999-1059
Reference: BID:36
Reference: XF:att-rexecd(3159)
CVE-1999-1074
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html
Reference: BID:98
CVE-1999-1080
Reference: BUGTRAQ:19991011
Reference: BID:250
Reference: SUNBUG:4205437
Reference: XF:solaris-rmmount-gain-root(8350)
CVE-1999-1085
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: CERT-VN:VU#13877
Reference: XF:ssh-insert(1126)
CVE-1999-1087
Reference: MSKB:Q168617
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: XF:ie-dotless(2209)
CVE-1999-1090
Reference: XF:ftp-ncsa(1844)
CVE-1999-1093
Reference: MSKB:Q191200
Reference: XF:java-script-patch(1276)
CVE-1999-1094
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: XF:iemk-bug(917)
CVE-1999-1098
Reference: CIAC:F-12
Reference: XF:bsd-telnet(516)
CVE-1999-1099
Reference: XF:kerberos-user-grab(65)
CVE-1999-1100
Reference: CIAC:I-056
Reference: XF:cisco-pix-parse-error(1579)
CVE-1999-1102
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: CIAC:E-25a
CVE-1999-1103
Reference: CIAC:G-18
Reference: MISC:http://www.tao.ca/fire/bos/0209.html
Reference: XF:osf-dxconsole-gain-privileges(7138)
CVE-1999-1104
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: MSKB:Q140557
Reference: XF:win95-nbsmbpwl(71)
CVE-1999-1105
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html
Reference: XF:win95-netware-hidden-share(7231)
CVE-1999-1109
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: BID:904
Reference: XF:sendmail-etrn-dos(7760)
CVE-1999-1111
Reference: BID:786
Reference: XF:immunix-stackguard-bo(3524)
CVE-1999-1114
Reference: AUSCERT:AA-96.17
Reference: SGI:19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: BID:467
CVE-1999-1115
Reference: CIAC:A-30
Reference: BID:7
Reference: XF:apollo-suidexec-unauthorized-access(6721)
CVE-1999-1116
Reference: BID:462
Reference: XF:sgi-runpriv(2108)
CVE-1999-1117
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: CIAC:H-13
Reference: BID:455
Reference: XF:ibm-lquerypv(1752)
CVE-1999-1118
Reference: BID:433
Reference: XF:sun-ndd(817)
CVE-1999-1119
Reference: BID:41
Reference: XF:aix-anon-ftp(3154)
CVE-1999-1120
Reference: SGI:19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: BID:395
Reference: XF:sgi-netprint(2107)
CVE-1999-1121
Reference: BID:38
Reference: XF:ibm-uucp(554)
CVE-1999-1122
Reference: CIAC:CIAC-08
Reference: SUNBUG:1019265
Reference: BID:3
Reference: XF:sun-restore-gain-privileges(6695)
CVE-1999-1127
Reference: MSKB:Q195733
Reference: XF:nt-spoolss(523)
CVE-1999-1131
Reference: CIAC:I-060
Reference: SGI:19980601-01-PX
Reference: XF:sgi-osf-dce-dos(1123)
CVE-1999-1132
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: MSKB:Q179157
Reference: XF:token-ring-dos(1399)
CVE-1999-1136
Reference: HP:HPSBMP9807-005
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: CIAC:I-081
Reference: XF:mpeix-predictive(1413)
CVE-1999-1137
Reference: SUN:00122
Reference: XF:sun-audio(549)
CVE-1999-1138
Reference: XF:sco-homedir(546)
CVE-1999-1139
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: HP:HPSBUX9801-074
Reference: CIAC:I-027B
Reference: XF:hp-cue(2007)
CVE-1999-1140
Reference: CERT:VB-97.16
Reference: XF:cracklib-bo(1539)
CVE-1999-1142
Reference: XF:sun-env(3152)
CVE-1999-1143
Reference: SGI:19970504-01-PX
Reference: XF:sgi-rld(2109)
CVE-1999-1144
Reference: XF:hp-mpower(2056)
CVE-1999-1145
Reference: CIAC:H-21
Reference: XF:hp-glanceplus(2059)
CVE-1999-1146
Reference: XF:hp-glanceplus-gpm(2060)
CVE-1999-1147
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: XF:pcm-dos-execute(1430)
CVE-1999-1148
Reference: MSKB:Q189262
Reference: XF:iis-passive-ftp(1215)
CVE-1999-1156
Reference: XF:bisonware-port-crash(2254)
CVE-1999-1157
Reference: XF:tcpipsys-icmp-dos(3894)
CVE-1999-1159
Reference: XF:ssh-privileged-port-forward(1471)
CVE-1999-1160
Reference: CIAC:H-33
Reference: XF:hp-ftpd-kftpd(7437)
CVE-1999-1161
Reference: BUGTRAQ:19961104 ppl bugs
Reference: HP:HPSBUX9704-057
Reference: CIAC:H-32
Reference: AUSCERT:AA-97.07
Reference: XF:hp-ppl(7438)
CVE-1999-1162
Reference: XF:sco-passwd-deny(542)
CVE-1999-1163
Reference: XF:hp-ssp(7439)
CVE-1999-1167
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html
Reference: XF:thirdvoice-cross-site-scripting(7252)
CVE-1999-1175
Reference: CIAC:I-054
Reference: XF:cisco-wccp-vuln(1577)
CVE-1999-1177
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish
Reference: XF:http-cgi-nphpublish(2055)
CVE-1999-1181
Reference: CIAC:J-003
Reference: XF:irix-register(7441)
CVE-1999-1188
Reference: XF:mysql-readable-log-files(1568)
CVE-1999-1191
Reference: AUSCERT:AA-97.18
Reference: SUN:00144
Reference: BID:207
Reference: XF:solaris-chkey-bo(7442)
CVE-1999-1192
Reference: BID:206
Reference: XF:solaris-eeprom-bo(7444)
CVE-1999-1193
Reference: XF:next-me(581)
Reference: BID:20
CVE-1999-1194
Reference: BID:17
Reference: XF:dec-chroot(577)
CVE-1999-1197
Reference: BID:14
Reference: XF:sunos-tioccons-console-redirection(7140)
CVE-1999-1198
Reference: CIAC:B-01
Reference: BID:11
Reference: XF:nextstep-builddisk-root-access(7141)
CVE-1999-1203
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: XF:ascend-ppp-isdn-dos(7498)
CVE-1999-1204
Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html
Reference: XF:fw1-user-defined-keywords-access(7293)
CVE-1999-1205
Reference: HP:HPSBUX9607-035
Reference: CIAC:G-34
Reference: XF:hp-nettune(414)
CVE-1999-1208
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: XF:ping-bo(803)
CVE-1999-1209
Reference: CERT:VB-97.14
Reference: XF:sco-scoterm(690)
CVE-1999-1214
Reference: XF:openbsd-iosig(556)
CVE-1999-1215
Reference: CERT:CA-1993-12
Reference: XF:novell-login(545)
CVE-1999-1222
Reference: XF:dns-netbtsys-dos(3893)
CVE-1999-1223
Reference: XF:url-asp-av(3892)
CVE-1999-1226
Reference: XF:netscape-huge-key-dos(3436)
CVE-1999-1233
Reference: MSKB:241562
Reference: BID:657
Reference: XF:iis-unresolved-domain-access(3306)
CVE-1999-1243
Reference: SGI:19950301-01-P373
Reference: XF:sgi-permissions(2113)
CVE-1999-1246
Reference: XF:siteserver-directmail-passwords(2068)
CVE-1999-1249
Reference: XF:hp-movemail(2057)
CVE-1999-1258
Reference: XF:sun-pwdauthd(1782)
CVE-1999-1259
Reference: XF:office-extraneous-data(1780)
CVE-1999-1262
Reference: XF:java-socket-open(1727)
CVE-1999-1263
Reference: XF:metamail-file-creation(1677)
CVE-1999-1276
Reference: XF:fte-console-privileges(1609)
CVE-1999-1279
Reference: XF:snaserver-shared-folders(1548)
CVE-1999-1284
Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks
Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt
Reference: XF:nukenabber-timeout-dos(1540)
CVE-1999-1288
Reference: CALDERA:SA-1998.35
Reference: XF:samba-wsmbconf(1406)
CVE-1999-1290
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
CVE-1999-1294
Reference: XF:nt-filemgr(562)
CVE-1999-1297
Reference: XF:sun-cmdtool-echo(7482)
CVE-1999-1298
Reference: XF:freebsd-sysinstall-ftp-password(7537)
CVE-1999-1301
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: XF:rzsz-command-execution(7540)
CVE-1999-1309
Reference: BUGTRAQ:19940315 so...
Reference: BUGTRAQ:19940315 anyone know details?
Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x
Reference: BUGTRAQ:19940327 sendmail exploit script - resend
Reference: CERT:CA-1994-12
Reference: XF:sendmail-debug-gain-root(7155)
CVE-1999-1316
Reference: XF:passfilt-fullname(7391)
CVE-1999-1317
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: MSKB:Q222159
Reference: XF:nt-symlink-case(7398)
CVE-1999-1318
Reference: XF:sun-su-path(7480)
CVE-1999-1320
Reference: XF:netware-packet-spoofing-privileges(7213)
CVE-1999-1321
CVE-1999-1324
Reference: XF:openvms-sysgen-enabled(7225)
CVE-1999-1325
Reference: XF:vaxvms-sas-gain-privileges(7261)
CVE-1999-1326
Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH
Reference: XF:wuftpd-abor-gain-privileges(7169)
CVE-1999-1327
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-lang-bo(7239)
CVE-1999-1328
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-symlink-gain-privileges(7232)
CVE-1999-1329
Reference: XF:sysvinit-root-bo(7250)
CVE-1999-1330
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db
Reference: XF:linux-libdb-snprintf-bo(7244)
CVE-1999-1331
Reference: XF:netcfg-ethernet-dos(7245)
CVE-1999-1332
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip
Reference: XF:gzip-gzexe-tmp-symlink(7241)
CVE-1999-1333
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp
Reference: XF:ncftp-autodownload-command-execution(7240)
CVE-1999-1335
Reference: XF:cmusnmp-read-write(7251)
CVE-1999-1336
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
CVE-1999-1337
Reference: XF:midnight-commander-data-disclosure(9873)
CVE-1999-1339
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
Reference: XF:ipchains-ping-route-dos(7257)
CVE-1999-1341
Reference: XF:linux-tiocsetd-forge-packets(7858)
CVE-1999-1351
Reference: XF:kvirc-dot-directory-traversal(7761)
CVE-1999-1356
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: XF:compaq-smartstart-legal-notice(7763)
CVE-1999-1358
Reference: XF:nt-user-policy-update(7400)
CVE-1999-1359
Reference: XF:nt-group-policy-longname(7401)
CVE-1999-1360
Reference: XF:nt-kernel-handle-dos(7402)
CVE-1999-1362
Reference: XF:nt-win32k-dos(7403)
CVE-1999-1363
Reference: XF:nt-nonpagedpool-dos(7405)
CVE-1999-1379
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: AUSCERT:AL-1999.004
Reference: CIAC:J-063
Reference: XF:dns-udp-query-dos(7238)
CVE-1999-1380
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html
Reference: XF:nu-tuneocx-activex-control(7188)
CVE-1999-1382
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551
Reference: XF:netware-nfs-file-ownership(7246)
CVE-1999-1384
Reference: AUSCERT:AA-96.08
Reference: SGI:19961101-01-I
Reference: BID:470
Reference: XF:irix-systour(7456)
CVE-1999-1385
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: XF:ppp-bo(7465)
CVE-1999-1386
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl
Reference: XF:perl-e-tmp-symlink(7243)
CVE-1999-1402
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: BID:456
Reference: XF:sun-domain-socket-permissions(7172)
CVE-1999-1407
Reference: BID:368
Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts
CVE-1999-1409
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: NETBSD:NetBSD-SA1998-004
Reference: BID:331
Reference: XF:at-f-read-files(7577)
CVE-1999-1411
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: BID:316
Reference: XF:fsp-anon-ftp-access(7574)
CVE-1999-1414
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: BID:284
CVE-1999-1419
Reference: BID:219
Reference: XF:sun-nisplus-bo(7535)
CVE-1999-1423
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: SUN:00146
Reference: BID:209
Reference: XF:ping-multicast-loopback-dos(7492)
CVE-1999-1432
Reference: BID:160
Reference: SUNBUG:4024179
CVE-1999-1433
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: BID:157
CVE-1999-1437
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: BID:151
CVE-1999-1452
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: MSKB:Q214802
Reference: BID:198
Reference: XF:nt-gina-clipboard(1975)
CVE-1999-1455
Reference: XF:nt-rshsvc-ale-bypass(7422)
CVE-1999-1456
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
CVE-1999-1468
Reference: CERT:CA-91.20
Reference: BID:31
Reference: XF:rdist-popen-gain-privileges(7160)
CVE-1999-1472
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MSKB:Q176794
Reference: MSKB:Q176697
Reference: XF:http-ie-spy(587)
CVE-1999-1473
Reference: XF:ie-page-redirect(7426)
CVE-1999-1476
Reference: XF:pentium-crash(704)
CVE-1999-1478
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: BID:522
Reference: XF:sun-hotspot-vm(2348)
CVE-1999-1481
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: BID:741
Reference: XF:squid-proxy-auth-access(3433)
CVE-1999-1488
Reference: BID:371
Reference: XF:ibm-sdr-read-files(7217)
CVE-1999-1490
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: BID:362
Reference: XF:linux-xosview-bo(8787)
CVE-1999-1494
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: SGI:19950209-00-P
Reference: XF:sgi-colorview(2112)
Reference: BID:336
CVE-1999-1507
Reference: BID:59
Reference: XF:sun-dir(521)
CVE-1999-1512
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: BID:527
Reference: XF:amavis-command-execute(2349)
CVE-1999-1530
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: BID:777
Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764)
CVE-1999-1531
Reference: BID:763
Reference: XF:ibm-homepageprint-bo(7767)
CVE-1999-1535
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: BID:592
Reference: XF:http-aspupload-bo(3291)
CVE-1999-1542
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: XF:linux-rh-rpmmail(3353)
CVE-1999-1550
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: BUGTRAQ:19991109
Reference: BID:778
Reference: XF:bigip-bigconf-view-files(7771)
CVE-1999-1565
CVE-2000-0001
Reference: BID:888
Reference: XF:realserver-ramgen-dos
CVE-2000-0002
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: BID:889
Reference: XF:zbserver-get-bo
CVE-2000-0003
Reference: BUGTRAQ:20000127 New SCO patches...
CVE-2000-0004
Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: XF:zbserver-url-dot
CVE-2000-0006
Reference: XF:linux-strace(4554)
CVE-2000-0007
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: BID:1740
CVE-2000-0009
Reference: XF:netarchitect-path-vulnerability
Reference: BID:907
CVE-2000-0010
Reference: XF:http-cgi-webwhoplus
CVE-2000-0011
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-get-bo
Reference: BID:906
CVE-2000-0012
Reference: BID:898
Reference: XF:w3-msql-scanf-bo
CVE-2000-0013
Reference: XF:irix-soundplayer-symlink
Reference: BID:909
CVE-2000-0014
Reference: BID:897
Reference: XF:savant-server-null-dos
CVE-2000-0015
Reference: BID:910
Reference: XF:cascadeview-tftp-symlink
CVE-2000-0018
Reference: BID:885
Reference: XF:freebsd-wmmon-root-exploit
CVE-2000-0020
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos
CVE-2000-0022
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
CVE-2000-0023
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
CVE-2000-0024
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401
CVE-2000-0025
Reference: MSKB:Q238606
CVE-2000-0026
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
CVE-2000-0027
Reference: BID:900
Reference: XF:ibm-netstat-race-condition(5381)
CVE-2000-0029
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: BID:901
CVE-2000-0030
Reference: XF:sol-dmispd-fill-disk
Reference: BID:878
CVE-2000-0031
Reference: REDHAT:RHSA-1999:052-04
CVE-2000-0032
Reference: XF:sol-dmispd-dos
Reference: BID:878
CVE-2000-0033
Reference: BID:899
Reference: XF:interscan-viruswall-bypass
CVE-2000-0034
Reference: XF:netscape-password-preferences
CVE-2000-0036
Reference: MSKB:Q249082
CVE-2000-0037
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: BID:903
CVE-2000-0039
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: BID:896
CVE-2000-0040
CVE-2000-0041
Reference: BID:890
CVE-2000-0042
Reference: XF:csm-server-bo
Reference: BID:895
CVE-2000-0043
Reference: BID:905
Reference: XF:camshot-http-get-overflow
CVE-2000-0044
Reference: BID:919
Reference: XF:warftp-macro-access-files
CVE-2000-0045
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant
Reference: BID:926
CVE-2000-0048
Reference: BID:928
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: XF:linux-corel-update
CVE-2000-0050
Reference: XF:allaire-webtop-access
Reference: BID:915
CVE-2000-0051
Reference: BID:916
Reference: XF:allaire-spectra-config-dos
CVE-2000-0052
Reference: REDHAT:RHSA-2000:001-01
Reference: XF:linux-pam-userhelper
Reference: BID:913
CVE-2000-0053
Reference: MSKB:Q246731
Reference: BID:912
Reference: XF:mcis-malformed-imap
CVE-2000-0056
Reference: BID:914
Reference: XF:imail-imonitor-status-dos
CVE-2000-0057
Reference: XF:coldfusion-cfcache
Reference: BID:917
CVE-2000-0060
Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: BID:894
Reference: XF:avirt-rover-pop3-dos(3765)
CVE-2000-0062
Reference: BID:922
Reference: XF:zope-dtml
CVE-2000-0063
Reference: XF:http-cgi-cgiproc-file-read
Reference: BID:938
CVE-2000-0064
Reference: BID:938
Reference: XF:http-cgi-cgiproc-dos
CVE-2000-0065
Reference: XF:inetserv-get-bo
CVE-2000-0070
Reference: MS:MS00-003
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: BID:934
CVE-2000-0072
Reference: BID:937
Reference: XF:vcasel-filename-trusting(3867)
CVE-2000-0073
Reference: MSKB:Q249973
Reference: XF:win-malformed-rtf-control-word
CVE-2000-0075
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BID:930
Reference: XF:supermail-memleak-dos
CVE-2000-0076
Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
Reference: XF:nvi-delete-files
Reference: BID:1439
CVE-2000-0080
Reference: BID:931
Reference: XF:aix-techlibss-symbolic-link
CVE-2000-0083
Reference: XF:hp-audio-security-perms
CVE-2000-0087
Reference: XF:netscape-mail-notify-plaintext(4385)
CVE-2000-0088
Reference: XF:office-malformed-convert
Reference: BID:946
CVE-2000-0089
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: MSKB:Q249108
Reference: BID:947
Reference: XF:nt-rdisk-enum-file
CVE-2000-0090
Reference: XF:linux-vmware-symlink
Reference: BID:943
CVE-2000-0091
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/
CVE-2000-0092
Reference: BID:939
Reference: XF:gnu-makefile-tmp-root
CVE-2000-0094
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: XF:netbsd-procfs
Reference: BID:940
CVE-2000-0095
Reference: BID:944
CVE-2000-0097
Reference: MS:MS00-006
Reference: BID:950
Reference: XF:http-indexserver-dirtrans
CVE-2000-0098
CVE-2000-0099
CVE-2000-0100
Reference: MS:MS00-012
CVE-2000-0107
Reference: BID:958
CVE-2000-0111
Reference: BID:953
Reference: XF:avt-rightfax-predict-session
CVE-2000-0112
Reference: BID:960
Reference: XF:debian-mbr-bypass-security
CVE-2000-0113
Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole
Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole
Reference: CONFIRM:http://www.sybergen.com/support/fix.htm
Reference: BID:952
CVE-2000-0116
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BID:954
Reference: XF:http-script-bypass
CVE-2000-0117
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords
Reference: BID:951
CVE-2000-0120
Reference: BID:955
Reference: XF:allaire-spectra-ras-access(4025)
CVE-2000-0121
Reference: MS:MS00-007
Reference: MSKB:Q248399
Reference: BID:963
CVE-2000-0127
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: BID:969
Reference: XF:webspeed-adminutil-auth
CVE-2000-0128
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: XF:finger-server-input
CVE-2000-0130
Reference: SCO:SB-00.02a
Reference: XF:sco-help-bo
CVE-2000-0131
Reference: BID:966
CVE-2000-0139
Reference: BID:982
CVE-2000-0140
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
CVE-2000-0141
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: BID:991
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb
CVE-2000-0144
Reference: BID:971
CVE-2000-0145
CVE-2000-0146
Reference: BID:972
Reference: XF:novell-groupwise-url-dos
CVE-2000-0148
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released
Reference: BID:975
CVE-2000-0149
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: BID:977
CVE-2000-0150
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: BID:979
CVE-2000-0152
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.
CVE-2000-0156
CVE-2000-0157
Reference: XF:netbsd-ptrace
CVE-2000-0159
CVE-2000-0161
Reference: BID:994
CVE-2000-0162
CVE-2000-0164
Reference: SUNBUG:4316521
Reference: BID:1004
Reference: XF:sims-temp-world-readable
CVE-2000-0165
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: CIAC:K-023
Reference: XF:delegate-proxy-bo
CVE-2000-0166
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: BID:995
Reference: XF:interaccess-telnet-login-bo
CVE-2000-0168
Reference: MS:MS00-017
Reference: BID:1043
Reference: XF:win-dos-devicename-dos
CVE-2000-0169
Reference: BID:1053
Reference: XF:oracle-weblistener-remote-attack
CVE-2000-0170
Reference: BID:1011
CVE-2000-0171
Reference: XF:atsar-root-access
Reference: BID:1048
CVE-2000-0172
Reference: DEBIAN:20000309 mtr
Reference: FREEBSD:FreeBSD-SA-00:09
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: BID:1038
CVE-2000-0174
Reference: BID:1040
Reference: XF:staroffice-scheduler-fileread
CVE-2000-0175
Reference: XF:staroffice-scheduler-bo
Reference: BID:1039
CVE-2000-0178
Reference: MISC:http://www.foundrynet.com/bugTraq.html
Reference: BID:1017
CVE-2000-0179
Reference: HP:HPSBUX0006-115
Reference: BID:1015
Reference: XF:omniback-connection-dos
CVE-2000-0180
Reference: BID:1052
Reference: XF:sojourn-file-read(4197)
CVE-2000-0181
Reference: BID:1054
CVE-2000-0182
CVE-2000-0183
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: BID:1046
CVE-2000-0184
Reference: BID:1037
CVE-2000-0185
Reference: BID:1049
CVE-2000-0186
Reference: TURBO:TLSA200007-1
Reference: BID:1020
CVE-2000-0189
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: BID:1021
CVE-2000-0191
Reference: XF:axis-storpoint-auth
Reference: BID:1025
CVE-2000-0192
Reference: BID:1036
CVE-2000-0193
Reference: BID:1030
Reference: XF:linux-dosemu-config
CVE-2000-0194
Reference: BID:1007
CVE-2000-0195
Reference: BID:1008
Reference: XF:corel-linux-setxconf-root
CVE-2000-0196
Reference: BID:1018
CVE-2000-0200
Reference: BID:1034
CVE-2000-0201
Reference: BID:1033
CVE-2000-0202
Reference: BID:1041
CVE-2000-0206
Reference: BID:1035
CVE-2000-0207
Reference: SGI:20000501-01-P
Reference: XF:irix-infosrch-fname
Reference: BID:1031
CVE-2000-0208
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: DEBIAN:20000226 remote users can read files with webserver uid
Reference: TURBO:TLSA200005-1
Reference: BID:1026
CVE-2000-0209
Reference: FREEBSD:FreeBSD-SA-00:08
Reference: BID:1012
CVE-2000-0210
Reference: BID:998
CVE-2000-0211
Reference: XF:win-media-dos
Reference: BID:1000
CVE-2000-0212
Reference: BID:1001
CVE-2000-0215
Reference: BID:1019
CVE-2000-0217
Reference: BID:1006
CVE-2000-0218
Reference: CALDERA:CSSA-2000-002.0
CVE-2000-0221
Reference: BID:1009
CVE-2000-0222
Reference: BID:990
CVE-2000-0223
Reference: BID:1047
CVE-2000-0224
Reference: SCO:SSE063
Reference: XF:sco-openserver-arc-symlink
CVE-2000-0225
Reference: BID:1032
Reference: XF:telnet-pocsag
CVE-2000-0226
Reference: BID:1066
Reference: XF:iis-chunked-encoding-dos
CVE-2000-0228
Reference: BID:1058
Reference: XF:mwmt-malformed-media-license
CVE-2000-0229
Reference: SUSE:20000405 Security hole in gpm < 1.18.1
Reference: REDHAT:RHSA-2000:009-02
Reference: BID:1069
Reference: XF:linux-gpm-root
CVE-2000-0230
Reference: REDHAT:RHSA-2000:016-02
Reference: XF:linux-imwheel-bo
Reference: BID:1060
CVE-2000-0231
Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b
Reference: XF:linux-kreatecd-path
Reference: BID:1061
CVE-2000-0232
Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability
Reference: BID:1082
Reference: XF:win-tcpip-printing-dos
CVE-2000-0233
Reference: XF:linux-imap-remote-unauthorized-access
CVE-2000-0234
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: BID:1083
Reference: XF:cobalt-raq-remote-access
CVE-2000-0235
Reference: BID:1070
Reference: XF:freebsd-orvillewrite-bo
CVE-2000-0236
Reference: BID:1063
Reference: XF:netscape-server-directory-indexing
CVE-2000-0237
Reference: BID:1075
Reference: XF:netscape-webpublisher-invalid-access
CVE-2000-0238
Reference: XF:nav-email-gateway-dos
Reference: BID:1064
CVE-2000-0240
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: XF:vqserver-dir-traverse
Reference: BID:1067
CVE-2000-0243
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-exception-dos(4189)
Reference: BID:1076
CVE-2000-0245
Reference: SGI:20000303-01-PX
Reference: XF:irix-objectserver-create-accounts
Reference: BID:1079
CVE-2000-0246
Reference: MSKB:Q249599
Reference: BID:1081
Reference: XF:iis-virtual-unc-share
CVE-2000-0249
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: XF:aix-frcactrl
Reference: BID:1152
CVE-2000-0251
Reference: BID:1090
Reference: XF:hp-virtual-vault
CVE-2000-0252
Reference: BID:1115
Reference: XF:dansie-shell-metacharacters
CVE-2000-0253
Reference: BID:1115
Reference: XF:shopping-cart-form-tampering
CVE-2000-0254
Reference: BID:1115
Reference: XF:dansie-form-variables
CVE-2000-0255
Reference: BID:1091
Reference: XF:nbase-xyplex-router
CVE-2000-0257
Reference: BID:1118
Reference: XF:netware-remote-admin-overflow
CVE-2000-0258
Reference: BID:1101
CVE-2000-0260
Reference: BID:1109
CVE-2000-0261
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: XF:ken-download-files
Reference: BID:1103
CVE-2000-0262
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: BID:1103
Reference: XF:ken-dos
CVE-2000-0263
Reference: XF:redhat-fontserver-dos
Reference: BID:1111
CVE-2000-0264
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges
Reference: BID:1119
CVE-2000-0265
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: BID:1119
Reference: XF:panda-uninstall-program
CVE-2000-0267
Reference: XF:cisco-catalyst-password-bypass
Reference: BID:1122
CVE-2000-0268
Reference: BID:1123
Reference: XF:cisco-ios-option-handling
CVE-2000-0272
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos
Reference: BID:1128
CVE-2000-0273
Reference: BID:1095
Reference: XF:pcanywhere-login-dos
CVE-2000-0274
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: XF:linux-trustees-patch-dos
Reference: BID:1096
CVE-2000-0276
Reference: BID:1098
Reference: XF:beos-syscall-dos
CVE-2000-0277
Reference: BID:1087
CVE-2000-0278
Reference: BID:1089
Reference: XF:eviewer-admin-request-dos
CVE-2000-0279
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: XF:beos-networking-dos
CVE-2000-0282
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: BID:1102
Reference: XF:talentsoft-web-input
CVE-2000-0283
Reference: BID:1106
Reference: XF:irix-pmcd-info
CVE-2000-0285
Reference: BID:1306
Reference: XF:xfree86-xkbmap-parameter-bo
CVE-2000-0287
Reference: BID:1104
Reference: XF:http-cgi-bizdb
CVE-2000-0289
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: BID:1078
Reference: XF:linux-masquerading-dos
CVE-2000-0290
Reference: XF:macos-webstar-get-bo(4792)
Reference: BID:1822
CVE-2000-0292
Reference: BID:1129
Reference: XF:adtran-ping-dos
CVE-2000-0294
Reference: BID:1107
Reference: XF:freebsd-healthd
CVE-2000-0296
Reference: BID:1086
Reference: XF:fcheck-shell
CVE-2000-0297
Reference: BID:1085
Reference: XF:allaire-forums-allaccess
CVE-2000-0298
Reference: XF:win2k-unattended-install(4278)
Reference: BID:1758
CVE-2000-0301
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: BID:1094
Reference: XF:ipswitch-imail-dos
CVE-2000-0302
Reference: MS:MS00-006
Reference: BID:1084
Reference: XF:http-indexserver-asp-source
CVE-2000-0303
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: BID:1169
Reference: XF:quake3-auto-download
CVE-2000-0304
Reference: MS:MS00-031
Reference: BID:1191
Reference: XF:iis-authchangeurl-dos
CVE-2000-0305
Reference: MS:MS00-029
Reference: BID:1236
Reference: XF:ip-fragment-reassembly-dos
CVE-2000-0306
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
CVE-2000-0307
CVE-2000-0308
CVE-2000-0309
CVE-2000-0310
CVE-2000-0311
Reference: XF:ms-mixed-object
Reference: BID:1145
CVE-2000-0313
CVE-2000-0314
Reference: NETBSD:NetBSD-SA1999-004
CVE-2000-0315
Reference: NETBSD:NetBSD-SA1999-004
CVE-2000-0316
Reference: SUNBUG:4314312
Reference: BID:1143
Reference: XF:solaris-lp-bo
CVE-2000-0318
Reference: BID:1144
Reference: XF:mercur-remote-dot-attack
CVE-2000-0319
Reference: XF:sendmail-maillocal-dos
Reference: BID:1146
CVE-2000-0320
Reference: BID:1133
Reference: XF:qpopper-fgets-spoofing
CVE-2000-0322
Reference: REDHAT:RHSA-2000014-16
Reference: BID:1149
Reference: XF:piranha-passwd-execute
CVE-2000-0323
Reference: MS:MS99-030
Reference: XF:jet-text-isam
Reference: BID:595
CVE-2000-0324
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: BID:1150
Reference: XF:pcanywhere-tcpsyn-dos(4347)
CVE-2000-0327
Reference: MS:MS99-045
Reference: XF:msvm-verifier-java
CVE-2000-0328
Reference: MS:MS99-046
Reference: BID:604
Reference: XF:nt-sequence-prediction-sp4
Reference: XF:tcp-seq-predict
CVE-2000-0329
Reference: XF:ie-active-setup-control
CVE-2000-0330
Reference: XF:win-fileurl-overflow
CVE-2000-0331
Reference: MS:MS00-027
Reference: BID:1135
Reference: XF:nt-cmd-overflow
CVE-2000-0332
Reference: BID:1164
Reference: XF:ultraboard-printabletopic-fileread
CVE-2000-0334
Reference: BID:1181
Reference: XF:allaire-spectra-container-editor-preview
CVE-2000-0335
Reference: BID:1166
Reference: XF:glibc-resolver-id-predictable
CVE-2000-0336
Reference: CALDERA:CSSA-2000-009.0
Reference: TURBO:TLSA2000010-1
Reference: BID:1232
Reference: XF:openldap-symlink-attack
CVE-2000-0337
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo
Reference: BID:1140
CVE-2000-0338
Reference: BID:1136
Reference: XF:cvs-tempfile-dos
CVE-2000-0339
Reference: BID:1137
Reference: XF:zonealarm-portscan
CVE-2000-0340
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: BID:1155
Reference: XF:linux-gnomelib-bo
CVE-2000-0341
Reference: BID:1156
Reference: XF:nntpserver-cassandra-bo
CVE-2000-0342
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: XF:eudora-warning-message
CVE-2000-0344
Reference: BID:1160
Reference: XF:linux-knfsd-dos
CVE-2000-0346
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range
Reference: BID:1162
CVE-2000-0347
Reference: BID:1163
Reference: XF:win-netbios-source-null
CVE-2000-0348
CVE-2000-0349
CVE-2000-0350
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: BID:1216
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default
CVE-2000-0351
CVE-2000-0352
Reference: CALDERA:CSSA-1999-036.0
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: XF:pine-remote-exe
Reference: BID:810
CVE-2000-0353
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: BID:1247
Reference: XF:pine-lynx-execute-commands
CVE-2000-0354
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: SUSE:19991001 Security hole in mirror
Reference: BID:681
Reference: XF:mirror-perl-remote-file-creation
CVE-2000-0356
Reference: XF:linux-pam-nis-login
Reference: BID:697
CVE-2000-0359
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248
CVE-2000-0360
Reference: CALDERA:CSSA-1999-038.0
Reference: XF:inn-remote-dos
Reference: BID:1249
CVE-2000-0361
Reference: XF:wvdial-gain-dialup-info
CVE-2000-0362
Reference: BID:738
Reference: XF:linux-cdda2cdr
CVE-2000-0363
Reference: BID:738
Reference: XF:linux-cdda2cdr
CVE-2000-0366
Reference: XF:debian-dump-modify-ownership
Reference: BID:1442
CVE-2000-0367
Reference: XF:linux-eterm
CVE-2000-0368
Reference: CIAC:J-009
CVE-2000-0369
Reference: BID:1266
Reference: XF:caldera-ident-server-dos
CVE-2000-0370
Reference: BID:1268
Reference: XF:caldera-smail-rmail-command
CVE-2000-0371
Reference: BID:1269
Reference: XF:kde-mediatool
CVE-2000-0372
Reference: XF:linux-rmt
CVE-2000-0373
Reference: REDHAT:RHSA-1999:015-01
Reference: XF:kde-kvt
CVE-2000-0374
Reference: BID:1446
Reference: XF:caldera-kdm-default-configuration
CVE-2000-0375
CVE-2000-0376
Reference: BID:1324
Reference: XF:idrive-filo-bo
CVE-2000-0377
Reference: MSKB:Q264684
Reference: XF:nt-registry-request-dos
Reference: BID:1331
CVE-2000-0378
Reference: BID:1176
Reference: XF:linux-pam-sniff-activities
CVE-2000-0379
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: XF:netopia-snmp-comm-strings
CVE-2000-0380
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: XF:cisco-ios-http-dos
Reference: BID:1154
CVE-2000-0381
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
CVE-2000-0382
Reference: BID:1179
Reference: XF:allaire-clustercats-url-redirect
CVE-2000-0387
Reference: BID:1184
Reference: XF:golddig-overwrite-files
CVE-2000-0388
Reference: BID:1185
Reference: XF:libmytinfo-bo
CVE-2000-0389
Reference: CERT:CA-2000-06
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: REDHAT:RHSA-2000-025
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
CVE-2000-0390
Reference: CERT:CA-2000-06
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: REDHAT:RHSA-2000-025
Reference: BID:1220
Reference: XF:kerberos-krb425-conv-principal-bo
CVE-2000-0391
Reference: CERT:CA-2000-06
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: REDHAT:RHSA-2000-025
Reference: XF:kerberos-krshd-bo
Reference: BID:1220
CVE-2000-0392
Reference: CERT:CA-2000-06
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: REDHAT:RHSA-2000-025
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
CVE-2000-0393
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
CVE-2000-0394
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
CVE-2000-0395
Reference: XF:cproxy-http-dos
Reference: BID:1213
CVE-2000-0396
Reference: BID:1245
Reference: XF:carello-file-duplication
CVE-2000-0397
Reference: XF:emurl-account-access
Reference: BID:1203
CVE-2000-0398
Reference: BID:1244
Reference: XF:mailsite-get-overflow
CVE-2000-0399
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
CVE-2000-0402
Reference: MSKB:Q263968
Reference: BID:1281
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog
CVE-2000-0403
Reference: MSKB:Q263307
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
CVE-2000-0404
Reference: MSKB:Q262694
Reference: BID:1262
Reference: XF:win-browser-reset-frame
CVE-2000-0405
Reference: BID:1207
Reference: XF:antisniff-dns-overflow
CVE-2000-0406
Reference: CERT:CA-2000-05
Reference: REDHAT:RHSA-2000:028-02
Reference: BID:1188
CVE-2000-0407
Reference: XF:sol-netpr-bo
Reference: BID:1200
CVE-2000-0408
Reference: MS:MS00-030
Reference: MSKB:Q260205
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
CVE-2000-0409
Reference: BID:1201
Reference: XF:netscape-import-certificate-symlink
CVE-2000-0410
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
CVE-2000-0411
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
CVE-2000-0414
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
CVE-2000-0416
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy
Reference: BID:1196
CVE-2000-0417
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: XF:cayman-router-dos
Reference: BID:1219
CVE-2000-0418
Reference: XF:cayman-dsl-dos
Reference: BID:1240
CVE-2000-0419
Reference: MSKB:Q262767
Reference: BID:1197
Reference: XF:office-ua-control
CVE-2000-0421
Reference: XF:bugzilla-unchecked-system-call
Reference: BID:1199
CVE-2000-0424
Reference: BID:1202
Reference: XF:http-cgi-burgyan-counter
CVE-2000-0425
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
CVE-2000-0426
Reference: BID:1175
Reference: XF:ultraboard-cgi-dos
CVE-2000-0427
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
CVE-2000-0428
Reference: BID:1168
Reference: XF:interscan-viruswall-bo
CVE-2000-0430
Reference: XF:cart32-expdate
Reference: BID:1358
CVE-2000-0431
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: XF:cobalt-cgiwrap-bypass
CVE-2000-0432
Reference: BID:1215
Reference: XF:http-cgi-calendar-execute
CVE-2000-0435
Reference: XF:http-cgi-allmanage-account-access
Reference: BID:1217
CVE-2000-0436
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: XF:offline-explorer-directory-traversal
CVE-2000-0437
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
CVE-2000-0438
Reference: XF:linux-fdmount-bo
Reference: BID:1239
CVE-2000-0439
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: MS:MS00-033
Reference: BID:1194
Reference: XF:ie-cookie-disclosure
CVE-2000-0440
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: BID:1173
Reference: XF:netbsd-unaligned-ip-options
CVE-2000-0441
Reference: BID:1241
Reference: XF:aix-local-filesystem
CVE-2000-0442
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: BID:1242
Reference: XF:qualcomm-qpopper-euidl
CVE-2000-0443
Reference: XF:hp-jetadmin-directory-traversal
Reference: BID:1243
CVE-2000-0445
Reference: CERT:CA-2000-09
Reference: BID:1251
Reference: XF:pgp-key-predictable
CVE-2000-0446
Reference: XF:mdbms-bo
Reference: BID:1252
CVE-2000-0447
Reference: XF:nai-webshield-bo
Reference: BID:1254
CVE-2000-0448
Reference: XF:nai-webshield-getconfig
Reference: BID:1253
CVE-2000-0451
Reference: XF:intel-8100-remote-dos
Reference: BID:1228
CVE-2000-0452
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
CVE-2000-0453
Reference: CALDERA:CSSA-2000-012.0
Reference: BID:1235
CVE-2000-0454
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: BID:1265
Reference: XF:linux-cdrecord-execute
CVE-2000-0455
Reference: NETBSD:NetBSD-SA2000-003
Reference: TURBO:TLSA2000012-1
Reference: BID:1267
Reference: XF:xlock-bo-read-passwd
CVE-2000-0456
Reference: BID:1272
Reference: XF:bsd-syscall-cpu-dos
CVE-2000-0457
Reference: MS:MS00-031
Reference: BID:1193
Reference: XF:iis-ism-file-access(4448)
CVE-2000-0458
Reference: BID:1360
Reference: XF:imp-tmpfile-view
CVE-2000-0459
Reference: BID:1361
Reference: XF:imp-wordfile-dos
CVE-2000-0460
Reference: BID:1274
Reference: XF:kde-display-environment-overflow
CVE-2000-0461
Reference: NETBSD:NetBSD-SA2000-004
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: XF:bsd-semaphore-dos
Reference: BID:1270
CVE-2000-0462
Reference: BID:1273
Reference: XF:netbsd-ftpchroot-parsing
CVE-2000-0463
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
CVE-2000-0464
Reference: MSKB:Q261257
Reference: XF:ie-malformed-component-attribute
Reference: BID:1223
CVE-2000-0465
Reference: MSKB:Q251108
Reference: MSKB:Q255676
Reference: BID:1224
Reference: XF:ie-frame-domain-verification
CVE-2000-0466
Reference: XF:aix-cdmount-insecure-call
Reference: BID:1384
CVE-2000-0467
Reference: DEBIAN:20000605 root exploit in splitvt
Reference: BID:1346
Reference: XF:splitvt-screen-lock-bo
CVE-2000-0468
Reference: BID:1302
Reference: XF:hp-man-file-overwrite
CVE-2000-0469
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: BID:1347
Reference: XF:webbanner-input-validation-exe
CVE-2000-0470
Reference: BID:1290
Reference: XF:rompager-malformed-dos
CVE-2000-0471
Reference: SUNBUG:4339366
Reference: BID:1348
Reference: XF:sol-ufsrestore-bo
CVE-2000-0472
Reference: CALDERA:CSSA-2000-016.0
Reference: BUGTRAQ:20000707 inn update
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: BID:1316
Reference: XF:innd-cancel-overflow
CVE-2000-0474
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: BID:1288
Reference: XF:realserver-malformed-remote-dos
CVE-2000-0475
Reference: BID:1350
Reference: XF:win2k-desktop-separation
CVE-2000-0477
Reference: BID:1351
Reference: XF:antivirus-nav-zip-bo
CVE-2000-0478
Reference: BID:1351
Reference: XF:antivirus-nav-fail-open
CVE-2000-0481
Reference: BID:1380
Reference: XF:kde-kmail-attachment-dos
CVE-2000-0482
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: BID:1312
Reference: XF:fw1-packet-fragment-dos
CVE-2000-0483
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: REDHAT:RHSA-2000:038-01
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: BID:1354
Reference: XF:zope-dtml-remote-modify
CVE-2000-0484
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: BID:1355
Reference: XF:small-http-get-overflow-dos
CVE-2000-0485
Reference: MS:MS00-041
Reference: BID:1292
Reference: XF:mssql-dts-reveal-passwords
CVE-2000-0486
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: BID:1293
Reference: XF:tacacsplus-packet-length-dos
CVE-2000-0488
Reference: BID:1285
Reference: XF:ithouse-rcpt-overflow(4580)
CVE-2000-0489
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: BID:622
Reference: XF:bsd-setsockopt-dos
CVE-2000-0490
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: BID:1297
Reference: XF:dmail-etrn-dos
CVE-2000-0493
Reference: BID:1289
Reference: XF:timesync-bo-execute
CVE-2000-0494
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: BID:1356
Reference: XF:veritas-volume-manager
CVE-2000-0495
Reference: BID:1282
Reference: XF:ms-malformed-media-dos
CVE-2000-0497
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: BID:1328
Reference: XF:websphere-jsp-source-read
CVE-2000-0498
Reference: BID:1328
Reference: XF:ewave-servletexec-jsp-source-read(4649)
CVE-2000-0499
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: BID:1328
Reference: XF:weblogic-jsp-source-read
CVE-2000-0500
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: BID:1378
Reference: XF:weblogic-file-source-read
CVE-2000-0501
Reference: BID:1366
Reference: XF:mdaemon-pass-dos
CVE-2000-0502
Reference: BID:1326
Reference: XF:mcafee-alerting-dos(4641)
CVE-2000-0504
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: BID:1369
Reference: XF:linux-libice-dos
CVE-2000-0505
Reference: BID:1284
Reference: XF:ibm-http-file-retrieve
CVE-2000-0506
Reference: REDHAT:RHSA-2000:037-05
Reference: TURBO:TLSA2000013-1
Reference: SGI:20000802-01-P
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: BID:1322
Reference: XF:linux-kernel-capabilities
CVE-2000-0507
Reference: BID:1286
Reference: XF:nt-webmail-dos
CVE-2000-0508
Reference: BID:1372
Reference: XF:linux-lockd-remote-dos
CVE-2000-0510
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: XF:debian-cups-malformed-ipp
CVE-2000-0511
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: XF:debian-cups-posts
CVE-2000-0512
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: XF:debian-cups-posts
CVE-2000-0513
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: XF:debian-cups-posts
CVE-2000-0514
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: BID:1374
Reference: XF:kerberos-gssftpd-dos
CVE-2000-0515
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: BID:1327
Reference: XF:hpux-snmp-daemon
CVE-2000-0516
Reference: BID:1329
Reference: XF:shiva-plaintext-ldap-password
CVE-2000-0517
Reference: BID:1260
Reference: XF:netscape-ssl-certificate
CVE-2000-0518
Reference: BID:1309
Reference: XF:ie-invalid-frame-image-certificate
CVE-2000-0519
Reference: BID:1309
Reference: XF:ie-revalidate-certificate
CVE-2000-0521
Reference: BID:1313
Reference: XF:savant-source-read
CVE-2000-0522
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: BID:1332
Reference: XF:aceserver-udp-packet-dos
CVE-2000-0523
Reference: BID:1315
Reference: XF:eserv-logging-overflow
CVE-2000-0525
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: BID:1334
Reference: XF:openssh-uselogin-remote-exec
CVE-2000-0528
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1364
Reference: XF:nettools-pki-unauthenticated-access
CVE-2000-0529
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1363
Reference: XF:nettools-pki-http-bo
CVE-2000-0530
Reference: CALDERA:CSSA-2000-015.0
Reference: BID:1291
Reference: XF:kde-configuration-file-creation
CVE-2000-0532
Reference: BID:1323
Reference: XF:freebsd-ssh-ports
CVE-2000-0533
Reference: BID:1379
Reference: XF:irix-workshop-cvconnect-overwrite
CVE-2000-0534
Reference: BID:1325
Reference: XF:apsfilter-elevate-privileges
CVE-2000-0536
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: BID:1381
Reference: XF:xinetd-improper-restrictions
CVE-2000-0537
Reference: CALDERA:CSSA-2000-018.0
Reference: BID:1321
Reference: XF:bru-execlog-env-variable
CVE-2000-0538
Reference: ALLAIRE:ASB00-14
Reference: BID:1314
Reference: XF:coldfusion-parse-dos
CVE-2000-0539
Reference: BID:1386
Reference: XF:jrun-read-sample-files
CVE-2000-0540
Reference: BID:1386
Reference: XF:jrun-read-sample-files
CVE-2000-0541
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: BID:1359
CVE-2000-0542
Reference: BID:1345
Reference: XF:tigris-radius-login-failure
CVE-2000-0548
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: CIAC:K-051
Reference: XF:kerberos-emsg-bo
CVE-2000-0549
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: CIAC:K-051
CVE-2000-0550
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: CIAC:K-051
Reference: XF:kerberos-free-memory
Reference: BID:1465
CVE-2000-0551
Reference: BID:1263
Reference: XF:danware-netop-bypass-security(4569)
CVE-2000-0552
Reference: BID:1307
Reference: XF:icq-temp-link
CVE-2000-0553
Reference: BID:1308
Reference: XF:ipfilter-firewall-race-condition
CVE-2000-0555
Reference: BID:1320
Reference: XF:ceilidh-post-dos
CVE-2000-0556
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: BID:1319
Reference: XF:cmail-long-username-dos
CVE-2000-0557
Reference: BID:1318
Reference: XF:cmail-get-overflow-execute
CVE-2000-0558
Reference: BID:1317
CVE-2000-0561
Reference: BID:1365
Reference: XF:webbbs-get-request-overflow
CVE-2000-0565
Reference: BID:1344
Reference: XF:smartftp-directory-traversal
CVE-2000-0566
Reference: REDHAT:RHSA-2000:041-02
Reference: BID:1434
Reference: CALDERA:CSSA-2000-021.0
Reference: BUGTRAQ:20000707 [Security Announce] man update
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
Reference: XF:linux-man-makewhatis-tmp
CVE-2000-0567
Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients
Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients
Reference: BID:1481
Reference: XF:outlook-date-overflow
CVE-2000-0568
Reference: XF:sybergen-routing-table-modify
Reference: BID:1417
CVE-2000-0569
Reference: BID:1420
Reference: XF:sygate-udp-packet-dos(5049)
CVE-2000-0570
Reference: XF:firstclass-large-bcc-dos(4843)
Reference: BID:1421
CVE-2000-0571
Reference: BID:1423
Reference: XF:localweb-get-bo
CVE-2000-0573
Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit
Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit
Reference: BUGTRAQ:20000623 ftpd: the advisory version
Reference: AUSCERT:AA-2000.02
Reference: CERT:CA-2000-13
Reference: DEBIAN:20000622 wu-ftp: remote root exploit in wu-ftp
Reference: CALDERA:CSSA-2000-020.0
Reference: REDHAT:RHSA-2000:039-02
Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update
Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
Reference: FREEBSD:FreeBSD-SA-00:29
Reference: NETBSD:NetBSD-SA2000-009
Reference: XF:wuftp-format-string-stack-overwrite
Reference: BID:1387
Reference: XF:wuftp-format-string-stack-overwrite(4773)
CVE-2000-0575
Reference: BID:1426
Reference: XF:ssh-kerberos-tickets-disclosure(4903)
CVE-2000-0576
Reference: BID:1427
CVE-2000-0577
Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd)
Reference: BID:1411
Reference: XF:netscape-ftpserver-chroot
CVE-2000-0579
Reference: BID:1413
Reference: XF:irix-cron-modify-crontab
CVE-2000-0581
Reference: XF:win2k-telnetserver-dos
Reference: BID:1414
CVE-2000-0582
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
Reference: XF:fw1-resource-overload-dos
Reference: BID:1416
CVE-2000-0583
Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog
Reference: BID:1418
Reference: XF:vpopmail-format-string
CVE-2000-0584
Reference: DEBIAN:20000701 canna server: buffer overflow
Reference: FREEBSD:FreeBSD-SA-00:31
Reference: BID:1445
Reference: XF:canna-bin-execute-bo
CVE-2000-0585
Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client
Reference: FREEBSD:FreeBSD-SA-00:34
Reference: BUGTRAQ:20000702 [Security Announce] dhcp update
Reference: SUSE:20000711 Security Hole in dhclient < 2.0
Reference: NETBSD:NetBSD-SA2000-008
Reference: BID:1388
Reference: XF:openbsd-isc-dhcp
CVE-2000-0586
Reference: XF:ircd-dalnet-summon-bo
Reference: BID:1404
CVE-2000-0587
Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix
Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix
Reference: BID:1401
CVE-2000-0588
Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available
Reference: BID:1402
Reference: XF:sawmill-file-access
CVE-2000-0590
Reference: BID:1431
Reference: XF:http-cgi-pollit-variable-overwrite(4878)
CVE-2000-0591
Reference: BID:1432
Reference: XF:bordermanager-bypass-url-restriction
CVE-2000-0593
Reference: XF:winproxy-get-dos(4831)
Reference: BID:1400
CVE-2000-0594
Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS
Reference: REDHAT:RHSA-2000:042-01
Reference: FREEBSD:FreeBSD-SA-00:32
Reference: CALDERA:CSSA-2000-022.0
Reference: BUGTRAQ:20000707 BitchX update
Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
Reference: BID:1436
Reference: XF:irc-bitchx-invite-dos
CVE-2000-0595
Reference: BID:1437
Reference: XF:bsd-libedit-editrc
CVE-2000-0596
Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs
Reference: MS:MS00-049
Reference: CERT:CA-2000-16
Reference: XF:ie-access-vba-code-execute
Reference: BID:1398
CVE-2000-0597
Reference: MS:MS00-049
Reference: BID:1399
Reference: XF:ie-powerpoint-activex-object-execute
CVE-2000-0598
Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm
Reference: BID:1395
Reference: XF:fortech-proxy-telnet-gateway
CVE-2000-0599
Reference: MISC:http://www.imesh.com/download/download.html
Reference: XF:imesh-tcp-port-overflow
Reference: BID:1407
CVE-2000-0600
Reference: BID:1393
Reference: XF:netscape-virtual-directory-bo(4780)
CVE-2000-0601
Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
Reference: XF:irc-leafchat-dos
Reference: BID:1396
CVE-2000-0602
Reference: XF:redhat-secure-locate-path
Reference: BID:1385
CVE-2000-0603
Reference: BID:1444
Reference: XF:mssql-procedure-perms
CVE-2000-0604
Reference: BID:1383
Reference: XF:redhat-gkermit
CVE-2000-0610
Reference: BID:1390
Reference: XF:netwin-dmailweb-newline
CVE-2000-0611
Reference: BID:1391
Reference: XF:netwin-dmailweb-auth
CVE-2000-0613
Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability
Reference: BID:1454
Reference: XF:cisco-pix-firewall-tcp
CVE-2000-0615
Reference: BID:1447
Reference: XF:lpd-suid-root(7361)
CVE-2000-0616
Reference: BID:1405
Reference: XF:hp-turboimage-dbutil
CVE-2000-0619
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: BID:1258
Reference: XF:toplayer-icmp-dos(7364)
CVE-2000-0620
Reference: BID:1409
Reference: XF:libx11-infinite-loop-dos(4996)
CVE-2000-0621
Reference: CERT:CA-2000-14
Reference: BID:1501
Reference: XF:outlook-cache-bypass
CVE-2000-0622
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: XF:website-webfind-bo(4962)
Reference: BID:1487
CVE-2000-0624
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: BID:1496
Reference: XF:winamp-playlist-parser-bo
CVE-2000-0627
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: BID:1486
Reference: XF:blackboard-courseinfo-dbase-modification
CVE-2000-0628
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: BID:1457
Reference: XF:apache-source-asp-file-write
CVE-2000-0630
Reference: BID:1488
Reference: XF:iis-htr-obtain-code
CVE-2000-0631
Reference: MS:MS00-044
Reference: BID:1476
Reference: XF:iis-absent-directory-dos
CVE-2000-0632
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: BID:1490
Reference: XF:lsoft-listserv-querystring-bo
CVE-2000-0633
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: BID:1489
Reference: XF:linux-usermode-dos
CVE-2000-0634
Reference: BID:1493
Reference: XF:communigate-pro-file-read
CVE-2000-0635
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: BID:1449
Reference: XF:minivend-viewpage-sample
CVE-2000-0636
Reference: BID:1491
Reference: XF:hp-jetdirect-quote-dos
CVE-2000-0637
Reference: MS:MS00-051
Reference: BID:1451
Reference: XF:excel-register-function
CVE-2000-0638
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: BID:1455
Reference: XF:http-cgi-bigbrother-bbhostsvc
CVE-2000-0639
Reference: BID:1494
Reference: XF:big-brother-filename-extension
CVE-2000-0640
Reference: BID:1452
Reference: XF:guild-ftpd-disclosure
CVE-2000-0641
Reference: BID:1453
Reference: XF:savant-get-bo
CVE-2000-0642
Reference: BID:1497
Reference: XF:webactive-active-log
CVE-2000-0643
Reference: BID:1470
Reference: XF:webactive-long-get-dos
CVE-2000-0644
Reference: BID:1506
Reference: XF:wftpd-stat-dos
CVE-2000-0650
Reference: BID:1458
Reference: XF:nai-virusscan-netshield-autoupgrade(5177)
CVE-2000-0651
Reference: BID:1440
Reference: XF:novell-bordermanager-verification
CVE-2000-0652
Reference: BID:1500
Reference: XF:websphere-showcode
CVE-2000-0654
Reference: BID:1466
Reference: XF:mssql-dts-reveal-passwords
CVE-2000-0655
Reference: REDHAT:RHSA-2000:046-02
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: TURBO:TLSA2000017-1
Reference: NETBSD:NetBSD-SA2000-011
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: BID:1503
Reference: XF:netscape-jpg-comment
CVE-2000-0660
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: BID:1462
Reference: XF:worldclient-dir-traverse
CVE-2000-0661
Reference: BID:1448
Reference: XF:wircsrv-character-flood-dos
CVE-2000-0662
Reference: BID:1474
Reference: XF:ie-dhtmled-file-read(5107)
CVE-2000-0663
Reference: MSKB:Q269049
Reference: BID:1507
Reference: XF:explorer-relative-path-name
CVE-2000-0664
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1508
Reference: XF:analogx-simpleserver-directory-path
CVE-2000-0665
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: BID:1478
Reference: XF:gamsoft-telsrv-dos
CVE-2000-0666
Reference: DEBIAN:20000715 rpc.statd: remote root exploit
Reference: REDHAT:RHSA-2000:043-03
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: CALDERA:CSSA-2000-025.0
Reference: CERT:CA-2000-17
Reference: BID:1480
Reference: XF:linux-rpcstatd-format-overwrite
CVE-2000-0668
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: BID:1513
Reference: XF:linux-pam-console
CVE-2000-0669
Reference: BID:1467
Reference: XF:netware-port40193-dos
CVE-2000-0670
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: DEBIAN:20000716
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: TURBO:TLSA2000016-1
Reference: BID:1469
Reference: XF:cvsweb-shell-access
CVE-2000-0671
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: BID:1510
Reference: XF:roxen-null-char-url
CVE-2000-0672
Reference: BID:1548
Reference: XF:jakarta-tomcat-admin
CVE-2000-0673
Reference: MS:MS00-047
Reference: BID:1514
Reference: BID:1515
Reference: XF:netbios-name-server-spoofing
CVE-2000-0674
Reference: BID:1471
Reference: XF:virtualvision-ftp-browser
CVE-2000-0675
Reference: BID:1477
Reference: XF:gatekeeper-long-string-bo
CVE-2000-0676
Reference: REDHAT:RHSA-2000:054-01
Reference: CALDERA:CSSA-2000-027.1
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: CERT:CA-2000-15
Reference: BID:1546
Reference: XF:java-brownorifice
CVE-2000-0677
Reference: XF:ibm-netdata-db2www-bo
CVE-2000-0678
Reference: BID:1606
CVE-2000-0679
Reference: BID:1523
Reference: XF:cvs-client-creates-file
CVE-2000-0681
Reference: BID:1570
Reference: XF:weblogic-plugin-bo
CVE-2000-0682
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1518
Reference: XF:weblogic-fileservlet-show-code
CVE-2000-0683
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: BID:1517
CVE-2000-0684
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: XF:html-malicious-tags
CVE-2000-0685
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: XF:html-malicious-tags
CVE-2000-0693
Reference: BID:1563
CVE-2000-0694
CVE-2000-0698
Reference: BID:1599
Reference: XF:minicom-capture-groupown
CVE-2000-0699
Reference: BID:1560
CVE-2000-0700
Reference: BID:1541
CVE-2000-0702
Reference: BID:1602
Reference: XF:hp-netinit-symlink
CVE-2000-0703
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: CALDERA:CSSA-2000-026.0
Reference: DEBIAN:20000808 mailx: local exploit
Reference: REDHAT:RHSA-2000:048-03
Reference: TURBO:TLSA2000018-1
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: BID:1547
Reference: XF:perl-shell-escape
CVE-2000-0705
Reference: REDHAT:RHSA-2000:049-02
Reference: BID:1550
Reference: XF:ntop-remote-file-access
CVE-2000-0706
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: BID:1576
Reference: XF:ntop-bo
CVE-2000-0707
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: BID:1557
Reference: XF:pccs-mysql-admin-tool
CVE-2000-0708
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: BID:1605
Reference: XF:telnetserver-rpc-bo
CVE-2000-0711
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: CERT:CA-2000-15
Reference: BID:1545
CVE-2000-0712
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: BID:1549
CVE-2000-0716
Reference: BID:1553
Reference: XF:mdaemon-session-id-hijack
CVE-2000-0717
Reference: BID:1619
Reference: XF:ftp-goodtech-rnto-dos(5166)
CVE-2000-0718
Reference: BID:1567
CVE-2000-0720
Reference: BID:1621
Reference: XF:news-publisher-add-author(5169)
CVE-2000-0725
Reference: REDHAT:RHSA-2000:052-02
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: BID:1577
CVE-2000-0726
Reference: BID:1623
Reference: XF:mailers-cgimail-spoof(5165)
CVE-2000-0727
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: REDHAT:RHSA-2000:060-03
Reference: CALDERA:CSSA-2000-031.0
Reference: BID:1624
CVE-2000-0728
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: REDHAT:RHSA-2000:060-03
Reference: CALDERA:CSSA-2000-031.0
Reference: BID:1624
CVE-2000-0729
Reference: BID:1625
Reference: XF:freebsd-elf-dos(5967)
CVE-2000-0730
Reference: BID:1580
CVE-2000-0731
Reference: BID:1626
Reference: XF:wormhttp-dir-traverse(5148)
CVE-2000-0732
Reference: BID:1626
Reference: XF:wormhttp-filename-dos
CVE-2000-0733
Reference: SGI:20000801-02-P
Reference: BID:1572
CVE-2000-0737
Reference: BID:1535
CVE-2000-0738
Reference: BID:1589
Reference: XF:webshield-smtp-dos
CVE-2000-0739
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1537
Reference: XF:nettools-pki-dir-traverse(5066)
CVE-2000-0740
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1536
Reference: XF:nai-nettools-strong-bo(5026)
CVE-2000-0741
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1538
CVE-2000-0742
Reference: MS:MS00-054
Reference: BID:1544
Reference: XF:win-ipx-ping-packet(5079)
CVE-2000-0743
Reference: BID:1569
CVE-2000-0744
CVE-2000-0745
Reference: BID:1592
CVE-2000-0749
Reference: BID:1628
Reference: XF:freebsd-linux-module-bo(5968)
CVE-2000-0750
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: REDHAT:RHSA-2000-050-01
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1558
CVE-2000-0751
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: REDHAT:RHSA-2000-050-01
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1559
CVE-2000-0753
Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
Reference: BID:1631
Reference: XF:outlook-reveal-path(5508)
CVE-2000-0754
Reference: BID:1581
CVE-2000-0758
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html
Reference: BID:1584
CVE-2000-0761
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README
Reference: BID:1582
CVE-2000-0762
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: BID:1583
Reference: XF:etrust-access-control-default
CVE-2000-0763
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: BID:1585
CVE-2000-0764
Reference: BID:1609
Reference: XF:intel-express-switch-dos
CVE-2000-0765
Reference: BID:1561
CVE-2000-0766
Reference: BID:1610
Reference: XF:vqserver-get-dos
CVE-2000-0767
Reference: BID:1564
CVE-2000-0768
Reference: BID:1564
CVE-2000-0770
Reference: BID:1565
CVE-2000-0771
Reference: BID:1613
CVE-2000-0776
Reference: BID:1568
Reference: XF:mediahouse-stats-livestats-bo(5113)
CVE-2000-0777
Reference: BID:1615
CVE-2000-0778
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: BID:1578
CVE-2000-0779
Reference: BID:1534
CVE-2000-0780
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:1617
CVE-2000-0782
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: BID:1587
CVE-2000-0783
Reference: BID:1573
Reference: XF:firebox-url-dos
CVE-2000-0786
Reference: DEBIAN:20000727 userv: local exploit
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2
Reference: BID:1516
CVE-2000-0787
Reference: BID:1601
Reference: REDHAT:RHSA-2000:055-03
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
CVE-2000-0788
Reference: MS:MS00-071
Reference: BID:1566
Reference: XF:word-mail-merge(5322)
CVE-2000-0790
Reference: BID:1571
Reference: XF:ie-folder-remote-exe(5097)
CVE-2000-0792
Reference: BID:1590
CVE-2000-0795
Reference: BID:1529
CVE-2000-0796
Reference: BID:1528
Reference: XF:irix-dmplay-bo(5064)
CVE-2000-0799
Reference: SGI:20001101-01-I
Reference: BID:1530
Reference: XF:irix-inpview-symlink(5065)
CVE-2000-0803
Reference: XF:gnu-groff-utilities(5280)
CVE-2000-0804
Reference: XF:fw1-remote-bypass
CVE-2000-0805
Reference: XF:fw1-client-spoof
CVE-2000-0806
Reference: XF:fw1-fwa1-auth-replay
CVE-2000-0807
Reference: XF:fw1-opsec-auth-spoof
CVE-2000-0808
Reference: XF:fw1-localhost-auth
CVE-2000-0809
Reference: XF:fw1-getkey-bo
CVE-2000-0810
Reference: BID:1782
Reference: XF:auction-weaver-delete-files
CVE-2000-0811
Reference: BID:1783
Reference: XF:auction-weaver-username-bidfile
CVE-2000-0813
Reference: XF:fw1-ftp-redirect
CVE-2000-0816
Reference: REDHAT:RHSA-2000:080-01
Reference: MANDRAKE:MDKSA-2000:056
Reference: BID:1785
Reference: XF:linux-tmpwatch-fuser(5320)
CVE-2000-0818
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
Reference: XF:oracle-listener-connect-statements(5380)
CVE-2000-0824
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: CALDERA:CSSA-2000-028.0
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: MANDRAKE:MDKSA-2000:040
Reference: MANDRAKE:MDKSA-2000:045
Reference: REDHAT:RHSA-2000:057-04
Reference: TURBO:TLSA2000020-1
Reference: SUSE:20000924 glibc locale security problem
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: BID:648
Reference: BID:1639
Reference: XF:glibc-ld-unsetenv
CVE-2000-0825
Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2
Reference: XF:ipswitch-imail-remote-dos(5475)
Reference: BID:2011
CVE-2000-0829
Reference: BID:1664
Reference: XF:linux-tmpwatch-fork-dos
CVE-2000-0830
Reference: MS:MS00-074
Reference: BID:1671
Reference: XF:webtv-udp-dos
CVE-2000-0834
Reference: MS:MS00-067
Reference: BID:1683
Reference: XF:win2k-telnet-ntlm-authentication
CVE-2000-0837
Reference: BID:1543
Reference: XF:servu-null-character-dos
CVE-2000-0838
Reference: XF:fur-get-dos(5237)
CVE-2000-0839
Reference: BID:1701
Reference: XF:wincom-lpd-dos(5258)
CVE-2000-0844
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: CALDERA:CSSA-2000-030.0
Reference: REDHAT:RHSA-2000-057-02
Reference: SUSE:20000906 glibc locale security problem
Reference: TURBO:TLSA2000020-1
Reference: AIXAPAR:IY13753
Reference: COMPAQ:SSRT0689U
Reference: SGI:20000901-01-P
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: BID:1634
Reference: XF:unix-locale-format-string(5176)
CVE-2000-0846
Reference: BID:1598
Reference: XF:darxite-login-bo
CVE-2000-0847
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: BID:1646
Reference: BID:1687
Reference: XF:c-client-dos(5223)
CVE-2000-0848
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: BID:1691
Reference: XF:websphere-header-dos
CVE-2000-0849
Reference: BID:1655
Reference: XF:unicast-service-dos(5193)
CVE-2000-0850
Reference: BID:1681
Reference: XF:siteminder-bypass-authentication
CVE-2000-0851
Reference: MS:MS00-065
Reference: BID:1651
Reference: XF:w2k-still-image-service
CVE-2000-0852
Reference: BID:1686
Reference: XF:freebsd-eject-port
CVE-2000-0853
Reference: BID:1668
Reference: XF:yabb-file-access
CVE-2000-0854
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: BID:1699
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: XF:office-dll-execution(5263)
CVE-2000-0856
Reference: BID:1638
CVE-2000-0858
Reference: MS:MS00-063
Reference: BID:1642
Reference: XF:iis-invald-url-dos
CVE-2000-0859
Reference: BID:1640
Reference: XF:ntmail-incomplete-http-requests
CVE-2000-0860
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: BID:1649
Reference: XF:php-file-upload
CVE-2000-0861
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: BID:1667
Reference: XF:mailman-execute-external-commands(5493)
CVE-2000-0862
Reference: XF:allaire-spectra-admin-access
CVE-2000-0863
Reference: XF:listmanager-port-bo
CVE-2000-0864
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: MANDRAKE:MDKSA-2000:051
Reference: REDHAT:RHSA-2000:077-03
Reference: DEBIAN:20001008 esound: race condition
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: SUSE:20001012 esound daemon race condition
Reference: BID:1659
Reference: XF:gnome-esound-symlink
CVE-2000-0865
Reference: BID:1697
Reference: XF:doublevision-dvtermtype-bo
CVE-2000-0867
Reference: REDHAT:RHSA-2000:061-02
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: CALDERA:CSSA-2000-032.0
Reference: TURBO:TLSA2000022-2
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: XF:klogd-format-string
CVE-2000-0868
Reference: SUSE:20000907
Reference: BID:1658
Reference: XF:suse-apache-cgi-source-code
CVE-2000-0869
Reference: SUSE:20000907
Reference: BID:1656
Reference: XF:apache-webdav-directory-listings
CVE-2000-0870
Reference: BID:1675
Reference: XF:eftp-bo
CVE-2000-0871
Reference: BID:1677
Reference: XF:eftp-newline-dos
CVE-2000-0873
Reference: BID:1660
Reference: XF:aix-clear-netstat
CVE-2000-0874
Reference: BID:1653
Reference: XF:eudora-path-disclosure
CVE-2000-0875
Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm
Reference: XF:wftpd-long-string-dos
CVE-2000-0876
Reference: XF:wftpd-path-disclosure
CVE-2000-0877
Reference: BID:1670
Reference: XF:mailform-attach-file
CVE-2000-0878
Reference: BID:1669
Reference: XF:mailto-piped-address
CVE-2000-0883
Reference: BID:1678
Reference: XF:linux-mod-perl
CVE-2000-0884
Reference: MS:MS00-078
Reference: BID:1806
Reference: XF:iis-unicode-translation
CVE-2000-0886
Reference: MS:MS00-086
Reference: BID:1912
Reference: XF:iis-invalid-filename-passing(5470)
CVE-2000-0887
Reference: CERT:CA-2000-20
Reference: REDHAT:RHSA-2000:107-01
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: SUSE:SuSE-SA:2000:45
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: CONECTIVA:CLSA-2000:339
Reference: BID:1923
Reference: XF:bind-zxfr-dos(5540)
CVE-2000-0888
Reference: REDHAT:RHSA-2000:107-01
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: CONECTIVA:CLSA-2000:339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: SUSE:SuSE-SA:2000:45
Reference: XF:bind-srv-dos(5814)
CVE-2000-0890
Reference: FREEBSD:FreeBSD-SA-01:12
Reference: XF:periodic-temp-file-symlink(6047)
Reference: BID:2325
CVE-2000-0891
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S
Reference: XF:lotus-notes-bypass-ecl(5045)
CVE-2000-0892
Reference: XF:telnet-obtain-env-variable(6644)
CVE-2000-0896
Reference: XF:watchguard-soho-fragmented-packets
Reference: BID:2113
CVE-2000-0897
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:1941
Reference: XF:small-http-nofile-dos(5524)
CVE-2000-0900
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: XF:acme-thttpd-ssi
Reference: BID:1737
CVE-2000-0901
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: DEBIAN:20000902 screen: local exploit
Reference: MANDRAKE:MDKSA-2000:044
Reference: SUSE:20000906 screen format string parsing security problem
Reference: REDHAT:RHSA-2000:058-03
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: BID:1641
Reference: XF:screen-format-string
CVE-2000-0908
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: XF:browsegate-http-dos
Reference: BID:1702
CVE-2000-0909
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: REDHAT:RHSA-2000-102-04
Reference: MANDRAKE:MDKSA-2000:073
Reference: BID:1709
Reference: XF:pine-check-mail-bo
CVE-2000-0910
Reference: DEBIAN:20000910 imp: remote compromise
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: BID:1674
Reference: XF:horde-imp-sendmail-command
CVE-2000-0911
Reference: BID:1679
Reference: XF:imp-attach-file
CVE-2000-0912
Reference: XF:http-cgi-multihtml
CVE-2000-0913
Reference: MANDRAKE:MDKSA-2000:060
Reference: REDHAT:RHSA-2000:088-04
Reference: CALDERA:CSSA-2000-035.0
Reference: HP:HPSBUX0010-126
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: BID:1728
Reference: XF:apache-rewrite-view-files
CVE-2000-0914
Reference: BID:1759
Reference: XF:bsd-arp-request-dos
CVE-2000-0915
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: BID:1803
Reference: XF:freebsd-fingerd-files
CVE-2000-0917
Reference: CERT:CA-2000-22
Reference: CALDERA:CSSA-2000-033.0
Reference: REDHAT:RHSA-2000:065-06
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: XF:lprng-format-string
Reference: BID:1712
CVE-2000-0919
Reference: BID:1773
Reference: XF:phpix-dir-traversal
CVE-2000-0920
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: BID:1770
Reference: XF:boa-webserver-get-dir-traversal
CVE-2000-0921
Reference: BID:1777
Reference: XF:hassan-shopping-cart-dir-traversal
CVE-2000-0922
Reference: BID:1776
Reference: XF:web-shopper-directory-traversal
CVE-2000-0923
Reference: XF:uclinux-apliophone-bin-execute
Reference: BID:1784
CVE-2000-0924
Reference: BID:1772
Reference: XF:master-index-directory-traversal
CVE-2000-0925
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: BID:1734
Reference: XF:cyberoffice-world-readable-directory
CVE-2000-0926
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: BID:1733
Reference: XF:cyberoffice-price-modification
CVE-2000-0927
Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: BID:1724
Reference: XF:quotaadvisor-quota-bypass
CVE-2000-0928
Reference: BID:1765
Reference: XF:quotaadvisor-list-files
CVE-2000-0929
Reference: MS:MS00-068
Reference: BID:1714
Reference: XF:mediaplayer-outlook-dos
CVE-2000-0930
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: BID:1738
Reference: XF:pegasus-file-forwarding
CVE-2000-0932
Reference: XF:mailsweeper-smtp-dos
CVE-2000-0933
Reference: BID:1729
Reference: XF:win2k-simplified-chinese-ime
CVE-2000-0934
Reference: BID:1703
Reference: XF:glint-symlink
CVE-2000-0935
Reference: BID:1872
Reference: XF:samba-swat-logging-sym-link
CVE-2000-0936
Reference: BID:1874
Reference: XF:samba-swat-logfile-info
CVE-2000-0937
Reference: BID:1873
Reference: XF:samba-swat-brute-force
CVE-2000-0938
Reference: XF:samba-swat-brute-force(5442)
CVE-2000-0941
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: BID:1883
Reference: XF:kw-whois-meta
CVE-2000-0942
Reference: MS:MS00-084
Reference: BID:1861
Reference: XF:iis-htw-cross-scripting
CVE-2000-0943
Reference: BID:1858
Reference: XF:bftpd-user-bo
CVE-2000-0944
Reference: BID:1881
Reference: XF:news-update-bypass-password
CVE-2000-0945
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: BID:1846
CVE-2000-0946
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: XF:compaq-ea-elevate-privileges
CVE-2000-0947
Reference: MANDRAKE:MDKSA-2000:061
Reference: NETBSD:NetBSD-SA2000-013
Reference: BID:1757
Reference: XF:cfengine-cfd-format-string
CVE-2000-0948
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: MANDRAKE:MDKSA-2000:055
Reference: REDHAT:RHSA-2000:072-07
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: BID:1761
Reference: XF:gnorpm-temp-symlink
CVE-2000-0949
Reference: CALDERA:CSSA-2000-034.0
Reference: MANDRAKE:MDKSA-2000:053
Reference: REDHAT:RHSA-2000:078-02
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: TURBO:TLSA2000023-1
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: BID:1739
Reference: XF:traceroute-heap-overflow
CVE-2000-0951
Reference: MSKB:Q272079
Reference: BID:1756
Reference: XF:iis-index-dir-traverse
CVE-2000-0952
Reference: XF:global-execute-remote-commands
CVE-2000-0953
Reference: BID:1778
Reference: XF:shambala-connection-dos
CVE-2000-0956
Reference: BID:1875
Reference: XF:cyrus-sasl-gain-access
CVE-2000-0957
Reference: XF:pammysql-auth-input
CVE-2000-0958
Reference: XF:hotjava-browser-dom-access
CVE-2000-0959
Reference: BID:1719
Reference: XF:glibc-unset-symlink
CVE-2000-0960
Reference: BID:1787
Reference: XF:netscape-messaging-email-verify
CVE-2000-0961
Reference: BID:1721
Reference: XF:netscape-messaging-list-dos
CVE-2000-0962
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: BID:1723
Reference: XF:openbsd-nmap-dos
CVE-2000-0964
Reference: BID:1727
Reference: XF:hinet-ipphone-get-bo
CVE-2000-0965
Reference: HP:HPSBUX0010-124
CVE-2000-0966
Reference: XF:hp-lpspooler-bo
CVE-2000-0967
Reference: MANDRAKE:MDKSA-2000:062
Reference: DEBIAN:20001014 php3: possible remote exploit
Reference: DEBIAN:20001014 php4: possible remote exploit
Reference: CALDERA:CSSA-2000-037.0
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: BID:1786
Reference: XF:php-logging-format-string
CVE-2000-0968
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: BID:1799
Reference: XF:halflife-server-changelevel-bo
CVE-2000-0969
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: XF:halflife-rcon-format-string
CVE-2000-0970
Reference: XF:session-cookie-remote-retrieval
C