CVE (version 20061101)


Name: CVE-1999-0002

Description:

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Status:Entry
Reference: BID:121
Reference: URL:http://www.securityfocus.com/bid/121
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml
Reference: SGI:19981006-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I
Reference: XF:linux-mountd-bo

Name: CVE-1999-0003

Description:

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

Status:Entry
Reference: BID:122
Reference: URL:http://www.securityfocus.com/bid/122
Reference: CERT:CA-98.11.tooltalk
Reference: NAI:NAI-29
Reference: SGI:19981101-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
Reference: SGI:19981101-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk

Name: CVE-1999-0005

Description:

Arbitrary command execution via IMAP buffer overflow in authenticate command.

Status:Entry
Reference: BID:130
Reference: URL:http://www.securityfocus.com/bid/130
Reference: CERT:CA-98.09.imapd
Reference: SUN:00177
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177
Reference: XF:imap-authenticate-bo

Name: CVE-1999-0006

Description:

Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

Status:Entry
Reference: AUSCERT:AA-98.01
Reference: BID:133
Reference: URL:http://www.securityfocus.com/bid/133
Reference: CERT:CA-98.08.qpopper_vul
Reference: SGI:19980801-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I
Reference: XF:qpopper-pass-overflow

Name: CVE-1999-0007

Description:

Information from SSL-encrypted sessions via PKCS #1.

Status:Entry
Reference: CERT:CA-98.07.PKCS
Reference: MS:MS98-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-002
Reference: XF:nt-ssl-fix

Name: CVE-1999-0008

Description:

Buffer overflow in NIS+, in Sun's rpc.nisd program.

Status:Entry
Reference: CERT:CA-98.06.nisd
Reference: ISS:June10,1998
Reference: SUN:00170
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170
Reference: XF:nisd-bo-check

Name: CVE-1999-0009

Description:

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Status:Entry
Reference: BID:134
Reference: URL:http://www.securityfocus.com/bid/134
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-bo

Name: CVE-1999-0010

Description:

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Status:Entry
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: XF:bind-dos

Name: CVE-1999-0011

Description:

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

Status:Entry
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-axfr-dos

Name: CVE-1999-0012

Description:

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

Status:Entry
Reference: CERT:CA-98.04.Win32.WebServers
Reference: XF:nt-web8.3

Name: CVE-1999-0013

Description:

Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

Status:Entry
Reference: CERT:CA-98.03.ssh-agent
Reference: NAI:NAI-24
Reference: XF:ssh-agent

Name: CVE-1999-0014

Description:

Unauthorized privileged access or denial of service via dtappgather program in CDE.

Status:Entry
Reference: CERT:CA-98.02.CDE
Reference: HP:HPSBUX9801-075
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Reference: SUN:00185
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185

Name: CVE-1999-0016

Description:

Land IP denial of service.

Status:Entry
Reference: CERT:CA-97.28.Teardrop_Land
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml
Reference: FREEBSD:FreeBSD-SA-98:01
Reference: HP:HPSBUX9801-076
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076
Reference: XF:95-verv-tcp
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:land-patch
Reference: XF:ver-tcpip-sys

Name: CVE-1999-0017

Description:

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Status:Entry
Reference: CERT:CA-97.27.FTP_bounce
Reference: XF:ftp-bounce
Reference: XF:ftp-privileged-port

Name: CVE-1999-0018

Description:

Buffer overflow in statd allows root privileges.

Status:Entry
Reference: AUSCERT:AA-97.29
Reference: BID:127
Reference: URL:http://www.securityfocus.com/bid/127
Reference: CERT:CA-97.26.statd
Reference: XF:statd

Name: CVE-1999-0019

Description:

Delete or create a file via rpc.statd, due to invalid information.

Status:Entry
Reference: CERT:CA-96.09.rpc.statd
Reference: SUN:00135
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135
Reference: XF:rpc-stat

Name: CVE-1999-0021

Description:

Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.

Status:Entry
Reference: BID:128
Reference: URL:http://www.securityfocus.com/bid/128
Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
Reference: CERT:CA-97.24.Count_cgi
Reference: XF:http-cgi-count

Name: CVE-1999-0022

Description:

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Status:Entry
Reference: CERT:CA-97.23.rdist
Reference: SUN:00179
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179
Reference: XF:rdist-bo3
Reference: XF:rdist-sept97

Name: CVE-1999-0023

Description:

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Status:Entry
Reference: CERT:CA-96.14.rdist_vul
Reference: XF:rdist-bo
Reference: XF:rdist-bo2

Name: CVE-1999-0024

Description:

DNS cache poisoning via BIND, by predictable query IDs.

Status:Entry
Reference: CERT:CA-97.22.bind
Reference: NAI:NAI-11
Reference: XF:bind

Name: CVE-1999-0025

Description:

root privileges via buffer overflow in df command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: BID:346
Reference: URL:http://www.securityfocus.com/bid/346
Reference: CERT:CA-1997-21
Reference: URL:http://www.cert.org/advisories/CA-1997-21.html
Reference: CERT-VN:VU#20851
Reference: URL:http://www.kb.cert.org/vuls/id/20851
Reference: SGI:SGI:19970505-01-A
Reference: SGI:SGI:19970505-02-PX
Reference: XF:df-bo(440)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/440

Name: CVE-1999-0026

Description:

root privileges via buffer overflow in pset command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: XF:pset-bo

Name: CVE-1999-0027

Description:

root privileges via buffer overflow in eject command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: XF:eject-bo

Name: CVE-1999-0028

Description:

root privileges via buffer overflow in login/scheme command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: XF:sgi-schemebo

Name: CVE-1999-0029

Description:

root privileges via buffer overflow in ordist command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: XF:ordist-bo

Name: CVE-1999-0031

Description:

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

Status:Entry
Reference: CERT:CA-97.20.javascript
Reference: HP:HPSBUX9707-065
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html

Name: CVE-1999-0032

Description:

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Status:Entry
Reference: AUSCERT:AA-96.12
Reference: BID:707
Reference: URL:http://www.securityfocus.com/bid/707
Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload
Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit
Reference: CERT:CA-97.19.bsdlp
Reference: CIAC:H-08
Reference: CIAC:I-042
Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml
Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit
Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.
Reference: SGI:19980402-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX
Reference: XF:bsd-lprbo
Reference: XF:bsd-lprbo2
Reference: XF:lpr-bo

Name: CVE-1999-0034

Description:

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

Status:Entry
Reference: CERT:CA-97.17.sperl
Reference: XF:perl-suid

Name: CVE-1999-0035

Description:

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

Status:Entry
Reference: AUSCERT:AA-97.03
Reference: CERT:CA-97.16.ftpd
Reference: XF:ftp-ftpd

Name: CVE-1999-0036

Description:

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

Status:Entry
Reference: AUSCERT:AA-97.12
Reference: CERT:CA-97.15.sgi_login
Reference: CIAC:H-106
Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml
Reference: OSVDB:990
Reference: URL:http://www.osvdb.org/990
Reference: SGI:19970508-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX
Reference: XF:sgi-lockout(557)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/557

Name: CVE-1999-0037

Description:

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Status:Entry
Reference: CERT:CA-97.14.metamail
Reference: XF:metamail-header-commands

Name: CVE-1999-0038

Description:

Buffer overflow in xlock program allows local users to execute commands as root.

Status:Entry
Reference: CERT:CA-97.13.xlock
Reference: XF:xlock-bo

Name: CVE-1999-0039

Description:

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

Status:Entry
Reference: AUSCERT:AA-97.14
Reference: BID:374
Reference: URL:http://www.securityfocus.com/bid/374
Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi
Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in
Reference: CERT:CA-1997-12
Reference: URL:http://www.cert.org/advisories/CA-1997-12.html
Reference: OSVDB:235
Reference: URL:http://www.osvdb.org/235
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-webdist(333)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/333

Name: CVE-1999-0040

Description:

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Status:Entry
Reference: CERT:CA-97.11.libXt
Reference: XF:libXt-bo

Name: CVE-1999-0041

Description:

Buffer overflow in NLS (Natural Language Service).

Status:Entry
Reference: CERT:CA-97.10.nls
Reference: XF:nls-bo

Name: CVE-1999-0042

Description:

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Status:Entry
Reference: CERT:CA-97.09.imap_pop
Reference: NAI:NAI-21
Reference: XF:popimap-bo

Name: CVE-1999-0043

Description:

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Status:Entry
Reference: CERT:CA-97.08.innd
Reference: XF:inn-controlmsg

Name: CVE-1999-0044

Description:

fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.

Status:Entry
Reference: SGI:19970301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P
Reference: XF:sgi-fsdump

Name: CVE-1999-0045

Description:

List of arbitrary files on Web host via nph-test-cgi script.

Status:Entry
Reference: CERT:CA-97.07.nph-test-cgi_script
Reference: XF:http-cgi-nph

Name: CVE-1999-0046

Description:

Buffer overflow of rlogin program using TERM environmental variable.

Status:Entry
Reference: CERT:CA-97.06.rlogin-term
Reference: XF:rlogin-termbo

Name: CVE-1999-0047

Description:

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Status:Entry
Reference: BID:685
Reference: URL:http://www.securityfocus.com/bid/685
Reference: CERT:CA-97.05.sendmail
Reference: XF:sendmail-mime-bo2

Name: CVE-1999-0048

Description:

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

Status:Entry
Reference: AUSCERT:AA-97.01
Reference: CERT:CA-97.04.talkd
Reference: FREEBSD:FreeBSD-SA-96:21
Reference: SUN:00147
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147
Reference: XF:netkit-talkd
Reference: XF:talkd-bo

Name: CVE-1999-0049

Description:

Csetup under IRIX allows arbitrary file creation or overwriting.

Status:Entry
Reference: CERT:CA-97.03.csetup
Reference: XF:sgi-csetup

Name: CVE-1999-0050

Description:

Buffer overflow in HP-UX newgrp program.

Status:Entry
Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability
Reference: CERT:CA-97.02.hp_newgrp
Reference: XF:hp-newgrpbo

Name: CVE-1999-0051

Description:

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Status:Entry
Reference: AUSCERT:AA-96.03
Reference: CERT:CA-97.01.flex_lm
Reference: XF:sgi-licensemanager

Name: CVE-1999-0052

Description:

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:08
Reference: OSVDB:908
Reference: URL:http://www.osvdb.org/908
Reference: XF:freebsd-ip-frag-dos(1389)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1389

Name: CVE-1999-0053

Description:

TCP RST denial of service in FreeBSD.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:07
Reference: OSVDB:6094
Reference: URL:http://www.osvdb.org/6094

Name: CVE-1999-0054

Description:

Sun's ftpd daemon can be subjected to a denial of service.

Status:Entry
Reference: SUN:00171
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171
Reference: XF:sun-ftpd

Name: CVE-1999-0055

Description:

Buffer overflows in Sun libnsl allow root access.

Status:Entry
Reference: AIXAPAR:IX80543
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: SUN:00172
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172
Reference: XF:sun-libnsl

Name: CVE-1999-0056

Description:

Buffer overflow in Sun's ping program can give root access to local users.

Status:Entry
Reference: SUN:00174
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174
Reference: XF:sun-ping

Name: CVE-1999-0057

Description:

Vacation program allows command execution by remote users through a sendmail command.

Status:Entry
Reference: HP:HPSBUX9811-087
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087
Reference: NAI:NAI-19
Reference: XF:vacation

Name: CVE-1999-0058

Description:

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Status:Entry
Reference: BID:712
Reference: URL:http://www.securityfocus.com/bid/712
Reference: NAI:NAI-12
Reference: XF:http-cgi-phpbo

Name: CVE-1999-0059

Description:

IRIX fam service allows an attacker to obtain a list of all files on the server.

Status:Entry
Reference: BID:353
Reference: URL:http://www.securityfocus.com/bid/353
Reference: NAI:NAI-16
Reference: OSVDB:164
Reference: URL:http://www.osvdb.org/164
Reference: XF:irix-fam(325)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/325

Name: CVE-1999-0060

Description:

Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.

Status:Entry
Reference: ASCEND:http://www.ascend.com/2695.html
Reference: NAI:NAI-26
Reference: XF:ascend-config-kill

Name: CVE-1999-0062

Description:

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

Status:Entry
Reference: NAI:NAI-28
Reference: OSVDB:7559
Reference: URL:http://www.osvdb.org/7559
Reference: XF:openbsd-chpass

Name: CVE-1999-0063

Description:

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

Status:Entry
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash

Name: CVE-1999-0064

Description:

Buffer overflow in AIX lquerylv program gives root access to local users.

Status:Entry
Reference: BUGTRAQ:May28,1997
Reference: XF:lquerylv-bo

Name: CVE-1999-0065

Description:

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Status:Entry
Reference: SUN:00181
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181
Reference: XF:hp-dtmail

Name: CVE-1999-0066

Description:

AnyForm CGI remote execution.

Status:Entry
Reference: BID:719
Reference: URL:http://www.securityfocus.com/bid/719
Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI
Reference: XF:http-cgi-anyform

Name: CVE-1999-0067

Description:

phf CGI program allows remote command execution through shell metacharacters.

Status:Entry
Reference: AUSCERT:AA-96.01
Reference: BID:629
Reference: URL:http://www.securityfocus.com/bid/629
Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family
Reference: CERT:CA-1996-06
Reference: URL:http://www.cert.org/advisories/CA-1996-06.html
Reference: OSVDB:136
Reference: URL:http://www.osvdb.org/136
Reference: XF:http-cgi-phf

Name: CVE-1999-0068

Description:

CGI PHP mylog script allows an attacker to read any file on the target server.

Status:Entry
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: OSVDB:3396
Reference: URL:http://www.osvdb.org/3396
Reference: XF:http-cgi-php-mylog

Name: CVE-1999-0069

Description:

Solaris ufsrestore buffer overflow.

Status:Entry
Reference: OSVDB:8158
Reference: URL:http://www.osvdb.org/8158
Reference: SUN:00169
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169
Reference: XF:sun-ufsrestore

Name: CVE-1999-0070

Description:

test-cgi program allows an attacker to list files on the server.

Status:Entry
Reference: XF:http-cgi-test

Name: CVE-1999-0071

Description:

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

Status:Entry
Reference: NAI:NAI-2
Reference: XF:http-apache-cookie

Name: CVE-1999-0072

Description:

Buffer overflow in AIX xdat gives root access to local users.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: XF:ibm-xdat

Name: CVE-1999-0073

Description:

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

Status:Entry
Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability
Reference: XF:linkerbug

Name: CVE-1999-0074

Description:

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Status:Entry
Reference: XF:seqport

Name: CVE-1999-0075

Description:

PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

Status:Entry
Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd
Reference: OSVDB:5742
Reference: URL:http://www.osvdb.org/5742
Reference: XF:ftp-pasvcore

Name: CVE-1999-0077

Description:

Predictable TCP sequence numbers allow spoofing.

Status:Entry
Reference: XF:tcp-seq-predict(139)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/139

Name: CVE-1999-0079

Description:

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

Status:Entry
Reference: XF:ftp-pasv-dos
Reference: XF:ftp-pasvdos

Name: CVE-1999-0080

Description:

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

Status:Entry
Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)
Reference: CERT:CA-95:16.wu-ftpd.vul
Reference: XF:ftp-execdotdot

Name: CVE-1999-0081

Description:

wu-ftp allows files to be overwritten via the rnfr command.

Status:Entry
Reference: XF:ftp-rnfr

Name: CVE-1999-0082

Description:

CWD ~root command in ftpd allows root access.

Status:Entry
Reference: FARMERVENEMA:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Reference: XF:ftp-cwd

Name: CVE-1999-0083

Description:

getcwd() file descriptor leak in FTP.

Status:Entry
Reference: XF:cwdleak

Name: CVE-1999-0084

Description:

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

Status:Entry
Reference: XF:nfs-mknod(78)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78

Name: CVE-1999-0085

Description:

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Status:Entry
Reference: BUGTRAQ:19960821 rwhod buffer overflow
Reference: XF:rwhod(119)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/119
Reference: XF:rwhod-vuln(118)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/118

Name: CVE-1999-0087

Description:

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

Status:Entry
Reference: ERS:ERS-SVA-E01-1998:003.1
Reference: OSVDB:7992
Reference: URL:http://www.osvdb.org/7992
Reference: XF:ibm-telnetdos

Name: CVE-1999-0090

Description:

Buffer overflow in AIX rcp command allows local users to obtain root access.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-rcp

Name: CVE-1999-0091

Description:

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-writesrv

Name: CVE-1999-0093

Description:

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: XF:ibm-nslookup

Name: CVE-1999-0094

Description:

AIX piodmgrsu command allows local users to gain additional group privileges.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: XF:ibm-piodmgrsu

Name: CVE-1999-0095

Description:

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

Status:Entry
Reference: BID:1
Reference: URL:http://www.securityfocus.com/bid/1
Reference: CERT:CA-88.01
Reference: CERT:CA-93.14
Reference: FULLDISC:20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)
Reference: URL:http://seclists.org/fulldisclosure/2019/Jun/16
Reference: MLIST:[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/05/4
Reference: MLIST:[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/06/1
Reference: OSVDB:195
Reference: URL:http://www.osvdb.org/195
Reference: XF:smtp-debug

Name: CVE-1999-0096

Description:

Sendmail decode alias can be used to overwrite sensitive files.

Status:Entry
Reference: CERT:CA-93.16
Reference: CERT:CA-95.05
Reference: CIAC:A-13
Reference: CIAC:A-14
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:smtp-dcod

Name: CVE-1999-0097

Description:

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:009.1
Reference: XF:ibm-ftp

Name: CVE-1999-0099

Description:

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

Status:Entry
Reference: CERT:CA-95.13.syslog.vul
Reference: XF:smtp-syslog

Name: CVE-1999-0100

Description:

Remote access in AIX innd 1.5.1, using control messages.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: XF:inn-controlmsg

Name: CVE-1999-0101

Description:

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

Status:Entry
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: NAI:NAI-1
Reference: SUN:00137a
Reference: XF:ghbn-bo

Name: CVE-1999-0102

Description:

Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

Status:Entry
Reference: XF:slmail-fromheader-overflow

Name: CVE-1999-0103

Description:

Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.

Status:Entry
Reference: CERT:CA-96.01.UDP_service_denial
Reference: MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01
Reference: XF:chargen
Reference: XF:chargen-patch
Reference: XF:echo

Name: CVE-1999-0108

Description:

The printers program in IRIX has a buffer overflow that gives root access to local users.

Status:Entry
Reference: BUGTRAQ:19970527 another day, another buffer overflow....
Reference: URL:http://seclists.org/bugtraq/1997/May/191
Reference: XF:printers-bo

Name: CVE-1999-0109

Description:

Buffer overflow in ffbconfig in Solaris 2.5.1.

Status:Entry
Reference: AUSCERT:AA-97.06
Reference: SUN:00140
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140
Reference: XF:ffbconfig-bo

Name: CVE-1999-0111

Description:

RIP v1 is susceptible to spoofing.

Status:Entry
Reference: XF:rip

Name: CVE-1999-0112

Description:

Buffer overflow in AIX dtterm program for the CDE.

Status:Entry
Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit
Reference: XF:dtterm-bo(878)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/878

Name: CVE-1999-0113

Description:

Some implementations of rlogin allow root access if given a -froot parameter.

Status:Entry
Reference: BID:458
Reference: URL:http://www.securityfocus.com/bid/458
Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug)
Reference: CERT:CA-94.09.bin.login.vulnerability
Reference: CIAC:E-26
Reference: XF:rlogin-froot

Name: CVE-1999-0115

Description:

AIX bugfiler program allows local users to gain root access.

Status:Entry
Reference: BID:1800
Reference: URL:http://www.securityfocus.com/bid/1800
Reference: BUGTRAQ:19970909 AIX bugfiler
Reference: XF:ibm-bugfiler

Name: CVE-1999-0116

Description:

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

Status:Entry
Reference: CERT:CA-96.21.tcp_syn.flooding
Reference: SGI:19961202-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX
Reference: SUN:00136
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136

Name: CVE-1999-0117

Description:

AIX passwd allows local users to gain root access.

Status:Entry
Reference: CERT:CA-92:07.AIX.passwd.vulnerability
Reference: XF:ibm-passwd

Name: CVE-1999-0118

Description:

AIX infod allows local users to gain root access through an X display.

Status:Entry
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Reference: URL:http://marc.info/?l=bugtraq&m=91158980826979&w=2
Reference: XF:aix-infod

Name: CVE-1999-0120

Description:

Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

Status:Entry
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: SUN:00126
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126
Reference: XF:utmp-write

Name: CVE-1999-0122

Description:

Buffer overflow in AIX lchangelv gives root access.

Status:Entry
Reference: BUGTRAQ:Jul21,1999
Reference: XF:lchangelv-bo

Name: CVE-1999-0124

Description:

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

Status:Entry
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: XF:gopher-vuln

Name: CVE-1999-0125

Description:

Buffer overflow in SGI IRIX mailx program.

Status:Entry
Reference: SGI:19980605-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX
Reference: XF:sgi-mailx-bo

Name: CVE-1999-0126

Description:

SGI IRIX buffer overflow in xterm and Xaw allows root access.

Status:Entry
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010
Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml
Reference: XF:xfree86-xaw
Reference: XF:xfree86-xterm-xaw

Name: CVE-1999-0128

Description:

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Status:Entry
Reference: CERT:CA-96.26.ping
Reference: XF:ping-death

Name: CVE-1999-0129

Description:

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Status:Entry
Reference: CERT:CA-96.25.sendmail_groups

Name: CVE-1999-0130

Description:

Local users can start Sendmail in daemon mode and gain root privileges.

Status:Entry
Reference: BID:716
Reference: URL:http://www.securityfocus.com/bid/716
Reference: CERT:CA-96.24.sendmail.daemon.mode
Reference: XF:sendmail-daemon-mode

Name: CVE-1999-0131

Description:

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Status:Entry
Reference: BID:717
Reference: URL:http://www.securityfocus.com/bid/717
Reference: CERT:CA-96.20.sendmail_vul
Reference: XF:smtp-875bo

Name: CVE-1999-0132

Description:

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

Status:Entry
Reference: CERT:CA-1996-19
Reference: URL:http://www.cert.org/advisories/CA-1996-19.html
Reference: OSVDB:11723
Reference: URL:http://www.osvdb.org/11723
Reference: XF:expreserve(401)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/401

Name: CVE-1999-0133

Description:

fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.

Status:Entry
Reference: CERT:CA-96.18.fm_fls
Reference: XF:fmaker-logfile

Name: CVE-1999-0134

Description:

vold in Solaris 2.x allows local users to gain root access.

Status:Entry
Reference: AUSCERT:AL-96.04
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: OSVDB:8159
Reference: URL:http://www.osvdb.org/8159
Reference: XF:sol-voldtmp

Name: CVE-1999-0135

Description:

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Status:Entry
Reference: AUSCERT:AL-96.03
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: XF:sun-admintool

Name: CVE-1999-0136

Description:

Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

Status:Entry
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul
Reference: XF:sol-KCMSvuln

Name: CVE-1999-0137

Description:

The dip program on many Linux systems allows local users to gain root access via a buffer overflow.

Status:Entry
Reference: CERT:CA-96.13.dip_vul
Reference: XF:dip-bo
Reference: XF:linux-dipbo

Name: CVE-1999-0138

Description:

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Status:Entry
Reference: CERT:CA-96.12.suidperl_vul
Reference: XF:sperl-suid

Name: CVE-1999-0139

Description:

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

Status:Entry
Reference: OSVDB:8205
Reference: URL:http://www.osvdb.org/8205
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE
Reference: XF:sol-mkcookie

Name: CVE-1999-0141

Description:

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

Status:Entry
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134
Reference: XF:http-java-applet

Name: CVE-1999-0142

Description:

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

Status:Entry
Reference: CERT:CA-96.05.java_applet_security_mgr
Reference: XF:http-java-appletsecmgr

Name: CVE-1999-0143

Description:

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Status:Entry
Reference: CERT:CA-96.03.kerberos_4_key_server
Reference: XF:kerberos-bf

Name: CVE-1999-0145

Description:

Sendmail WIZ command enabled, allowing root access.

Status:Entry
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: FARMERVENEMA:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Reference: FULLDISC:20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)
Reference: URL:http://seclists.org/fulldisclosure/2019/Jun/16
Reference: MLIST:[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/05/4
Reference: MLIST:[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/06/1

Name: CVE-1999-0146

Description:

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Status:Entry
Reference: BID:1975
Reference: URL:http://www.securityfocus.com/bid/1975
Reference: BUGTRAQ:19970715 Bug CGI campas
Reference: XF:http-cgi-campas(298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/298

Name: CVE-1999-0147

Description:

The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.

Status:Entry
Reference: AUSCERT:AA-97.28
Reference: XF:http-cgi-glimpse

Name: CVE-1999-0148

Description:

The handler CGI program in IRIX allows arbitrary command execution.

Status:Entry
Reference: BID:380
Reference: URL:http://www.securityfocus.com/bid/380
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-handler

Name: CVE-1999-0149

Description:

The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.

Status:Entry
Reference: BID:373
Reference: URL:http://www.securityfocus.com/bid/373
Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
Reference: OSVDB:247
Reference: URL:http://www.osvdb.org/247
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-wrap(290)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/290

Name: CVE-1999-0150

Description:

The Perl fingerd program allows arbitrary command execution from remote users.

Status:Entry
Reference: XF:perl-fingerd

Name: CVE-1999-0151

Description:

The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.

Status:Entry
Reference: CERT:CA-95.06.satan.vul
Reference: CERT:CA-95.07a.REVISED.satan.vul

Name: CVE-1999-0152

Description:

The DG/UX finger daemon allows remote command execution through shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability
Reference: XF:dgux-fingerd

Name: CVE-1999-0153

Description:

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Status:Entry
Reference: OSVDB:1666
Reference: URL:http://www.osvdb.org/1666
Reference: XF:win-oob

Name: CVE-1999-0155

Description:

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

Status:Entry
Reference: CERT:CA-95.10.ghostscript
Reference: XF:gscript-dsafer

Name: CVE-1999-0157

Description:

Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Reference: OSVDB:1097
Reference: URL:http://www.osvdb.org/1097
Reference: XF:cisco-fragmented-attacks

Name: CVE-1999-0158

Description:

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.

Status:Entry
Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure
Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Reference: OSVDB:685
Reference: URL:http://www.osvdb.org/685
Reference: XF:cisco-pix-file-exposure

Name: CVE-1999-0159

Description:

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Reference: XF:cisco-ios-crash

Name: CVE-1999-0160

Description:

Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

Status:Entry
Reference: CIAC:I-002A
Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication
Reference: OSVDB:1099
Reference: URL:http://www.osvdb.org/1099
Reference: XF:cisco-chap

Name: CVE-1999-0161

Description:

In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
Reference: OSVDB:797
Reference: URL:http://www.osvdb.org/797
Reference: XF:cisco-acl-tacacs

Name: CVE-1999-0162

Description:

The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

Status:Entry
Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter
Reference: XF:cisco-acl-established

Name: CVE-1999-0164

Description:

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

Status:Entry
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul
Reference: OSVDB:8346
Reference: URL:http://www.osvdb.org/8346
Reference: XF:sol-pstmprace

Name: CVE-1999-0166

Description:

NFS allows users to use a "cd .." command to access other directories besides the exported file system.

Status:Entry
Reference: XF:nfs-cd

Name: CVE-1999-0167

Description:

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

Status:Entry
Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand
Reference: XF:nfs-guess

Name: CVE-1999-0168

Description:

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

Status:Entry
Reference: XF:nfs-portmap

Name: CVE-1999-0170

Description:

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

Status:Entry
Reference: XF:nfs-ultrix

Name: CVE-1999-0172

Description:

FormMail CGI program allows remote execution of commands.

Status:Entry
Reference: BUGTRAQ:Aug02,1995
Reference: XF:http-cgi-formmail-exe

Name: CVE-1999-0173

Description:

FormMail CGI program can be used by web servers other than the host server that the program resides on.

Status:Entry
Reference: XF:http-cgi-formmail-use

Name: CVE-1999-0174

Description:

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19970208 view-source
Reference: XF:http-cgi-viewsrc

Name: CVE-1999-0175

Description:

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.

Status:Entry
Reference: XF:http-nov-convert

Name: CVE-1999-0176

Description:

The Webgais program allows a remote user to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:Jul10,1997
Reference: XF:http-webgais-query

Name: CVE-1999-0177

Description:

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

Status:Entry
Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
Reference: XF:http-website-uploader

Name: CVE-1999-0178

Description:

Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

Status:Entry
Reference: BID:2078
Reference: URL:http://www.securityfocus.com/bid/2078
Reference: BUGTRAQ:19970106 Re: signal handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Reference: OSVDB:8
Reference: URL:http://www.osvdb.org/8
Reference: XF:http-website-winsample(295)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/295

Name: CVE-1999-0179

Description:

Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.

Status:Entry
Reference: MSKB:Q140818
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818
Reference: XF:nt-35
Reference: XF:nt-351
Reference: XF:nt-samba-dotdot

Name: CVE-1999-0180

Description:

in.rshd allows users to login with a NULL username and execute commands.

Status:Entry
Reference: XF:rsh-null

Name: CVE-1999-0181

Description:

The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.

Status:Entry
Reference: XF:walld

Name: CVE-1999-0182

Description:

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

Status:Entry
Reference: CERT:VB-97.10.samba
Reference: CIAC:H-110
Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml
Reference: XF:nt-samba-bo

Name: CVE-1999-0183

Description:

Linux implementations of TFTP would allow access to files outside the restricted directory.

Status:Entry
Reference: XF:linux-tftp

Name: CVE-1999-0184

Description:

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.

Status:Entry
Reference: XF:dns-updates

Name: CVE-1999-0185

Description:

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

Status:Entry
Reference: SUN:00156
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156
Reference: XF:sun-ftpd/logind

Name: CVE-1999-0188

Description:

The passwd command in Solaris can be subjected to a denial of service.

Status:Entry
Reference: SUN:00182
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182
Reference: XF:sun-passwd-dos

Name: CVE-1999-0189

Description:

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Status:Entry
Reference: NAI:NAI-15
Reference: SUN:00142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142
Reference: XF:rpc-32771

Name: CVE-1999-0190

Description:

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

Status:Entry
Reference: SUN:00167
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167
Reference: XF:sun-rpcbind

Name: CVE-1999-0191

Description:

IIS newdsn.exe CGI script allows remote users to overwrite files.

Status:Entry
Reference: OSVDB:275
Reference: URL:http://www.osvdb.org/275
Reference: XF:http-cgi-newdsn

Name: CVE-1999-0192

Description:

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

Status:Entry
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

Name: CVE-1999-0194

Description:

Denial of service in in.comsat allows attackers to generate messages.

Status:Entry
Reference: XF:comsat

Name: CVE-1999-0196

Description:

websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

Status:Entry
Reference: BID:2077
Reference: URL:http://www.securityfocus.com/bid/2077
Reference: BUGTRAQ:19970704 Vulnerability in websendmail
Reference: OSVDB:237
Reference: URL:http://www.osvdb.org/237
Reference: XF:http-webgais-smail

Name: CVE-1999-0201

Description:

A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.

Status:Entry
Reference: XF:ftp-home

Name: CVE-1999-0202

Description:

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

Status:Entry
Reference: XF:ftp-exectar

Name: CVE-1999-0203

Description:

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

Status:Entry
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5

Name: CVE-1999-0204

Description:

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

Status:Entry
Reference: CIAC:F-13
Reference: XF:ident-bo

Name: CVE-1999-0206

Description:

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

Status:Entry
Reference: AUSCERT:AA-96.06a
Reference: XF:sendmail-mime-bo

Name: CVE-1999-0207

Description:

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

Status:Entry
Reference: CERT:CA-94.11.majordomo.vulnerabilities
Reference: XF:majordomo-exe

Name: CVE-1999-0208

Description:

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

Status:Entry
Reference: CERT:CA-95.17.rpc.ypupdated.vul
Reference: XF:rpc-update

Name: CVE-1999-0209

Description:

The SunView (SunTools) selection_svc facility allows remote users to read files.

Status:Entry
Reference: BID:8
Reference: URL:http://www.securityfocus.com/bid/8
Reference: CERT:CA-90.05.sunselection.vulnerability
Reference: XF:selsvc

Name: CVE-1999-0210

Description:

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

Status:Entry
Reference: BID:235
Reference: URL:http://www.securityfocus.com/bid/235
Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=88053459921223&w=2
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: HP:HPSBUX9910-104
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104

Name: CVE-1999-0211

Description:

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

Status:Entry
Reference: BID:24
Reference: URL:http://www.securityfocus.com/bid/24
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability

Name: CVE-1999-0212

Description:

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

Status:Entry
Reference: CIAC:I-048
Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml
Reference: SUN:00168
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168
Reference: XF:sun-mountd

Name: CVE-1999-0214

Description:

Denial of service by sending forged ICMP unreachable packets.

Status:Entry
Reference: XF:icmp-unreachable

Name: CVE-1999-0215

Description:

Routed allows attackers to append data to files.

Status:Entry
Reference: CIAC:J-012
Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml
Reference: SGI:19981004-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX
Reference: XF:ripapp

Name: CVE-1999-0217

Description:

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

Status:Entry
Reference: XF:udp-bomb

Name: CVE-1999-0218

Description:

Livingston portmaster machines could be rebooted via a series of commands.

Status:Entry
Reference: XF:portmaster-reboot

Name: CVE-1999-0219

Description:

Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

Status:Entry
Reference: BID:269
Reference: URL:http://www.securityfocus.com/bid/269
Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT
Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.info/?l=ntbugtraq&m=92574916930144&w=2
Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.info/?l=ntbugtraq&m=92582581330282&w=2
Reference: XF:ftp-servu(205)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/205

Name: CVE-1999-0221

Description:

Denial of service of Ascend routers through port 150 (remote administration).

Status:Entry
Reference: XF:ascend-150-kill

Name: CVE-1999-0223

Description:

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

Status:Entry
Reference: BID:1878
Reference: URL:http://www.securityfocus.com/bid/1878
Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches
Reference: SUNBUG:1249320
Reference: XF:sol-syslogd-crash

Name: CVE-1999-0224

Description:

Denial of service in Windows NT messenger service through a long username.

Status:Entry
Reference: XF:nt-messenger

Name: CVE-1999-0225

Description:

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

Status:Entry
Reference: MSKB:Q180963
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963
Reference: NAI:19980214 Windows NT Logon Denial of Service
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp
Reference: XF:nt-logondos

Name: CVE-1999-0227

Description:

Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Status:Entry
Reference: MSKB:Q154087
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087
Reference: XF:nt-lsass-crash

Name: CVE-1999-0228

Description:

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

Status:Entry
Reference: MSKB:Q162567
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567
Reference: XF:nt-rpc-ver

Name: CVE-1999-0230

Description:

Buffer overflow in Cisco 7xx routers through the telnet service.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
Reference: OSVDB:1102
Reference: URL:http://www.osvdb.org/1102

Name: CVE-1999-0233

Description:

IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

Status:Entry
Reference: MSKB:Q148188
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188
Reference: MSKB:Q155056
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056
Reference: XF:http-iis-cmd

Name: CVE-1999-0234

Description:

Bash treats any character with a value of 255 as a command separator.

Status:Entry
Reference: CERT:CA-96.22.bash_vuls
Reference: XF:bash-cmd

Name: CVE-1999-0236

Description:

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Status:Entry
Reference: XF:http-scriptalias

Name: CVE-1999-0237

Description:

Remote execution of arbitrary commands through Guestbook CGI program.

Status:Entry
Reference: CERT:VB-97.02
Reference: XF:http-cgi-guestbook

Name: CVE-1999-0239

Description:

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

Status:Entry
Reference: OSVDB:122
Reference: URL:http://www.osvdb.org/122
Reference: XF:fastrack-get-directory-list

Name: CVE-1999-0244

Description:

Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.

Status:Entry
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow

Name: CVE-1999-0245

Description:

Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".

Status:Entry
Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix
Reference: XF:linux-plus

Name: CVE-1999-0247

Description:

Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

Status:Entry
Reference: BID:1443
Reference: URL:http://www.securityfocus.com/bid/1443
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: XF:inn-bo

Name: CVE-1999-0248

Description:

A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.

Status:Entry
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html

Name: CVE-1999-0251

Description:

Denial of service in talk program allows remote attackers to disrupt a user's display.

Status:Entry
Reference: XF:talkd-flash

Name: CVE-1999-0252

Description:

Buffer overflow in listserv allows arbitrary command execution.

Status:Entry
Reference: XF:smtp-listserv

Name: CVE-1999-0256

Description:

Buffer overflow in War FTP allows remote execution of commands.

Status:Entry
Reference: OSVDB:875
Reference: URL:http://www.osvdb.org/875
Reference: XF:war-ftpd

Name: CVE-1999-0259

Description:

cfingerd lists all users on a system via search.**@target.

Status:Entry
Reference: BUGTRAQ:19970523 cfingerd vulnerability
Reference: XF:cfinger-user-enumeration

Name: CVE-1999-0260

Description:

The jj CGI program allows command execution via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19961224 jj cgi
Reference: XF:http-cgi-jj

Name: CVE-1999-0262

Description:

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

Status:Entry
Reference: BID:2056
Reference: URL:http://www.securityfocus.com/bid/2056
Reference: BUGTRAQ:19980804 PATCH: faxsurvey
Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script
Reference: XF:http-cgi-faxsurvey(1532)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1532

Name: CVE-1999-0263

Description:

Solaris SUNWadmap can be exploited to obtain root access.

Status:Entry
Reference: SUN:00173
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173
Reference: XF:sun-sunwadmap

Name: CVE-1999-0264

Description:

htmlscript CGI program allows remote read access to files.

Status:Entry
Reference: BUGTRAQ:Jan27,1998
Reference: XF:http-htmlscript-file-access

Name: CVE-1999-0265

Description:

ICMP redirect messages may crash or lock up a host.

Status:Entry
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: MSKB:Q154174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174
Reference: XF:icmp-redirect

Name: CVE-1999-0266

Description:

The info2www CGI script allows remote file access or remote command execution.

Status:Entry
Reference: BID:1995
Reference: URL:http://www.securityfocus.com/bid/1995
Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI
Reference: XF:http-cgi-info2www

Name: CVE-1999-0267

Description:

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

Status:Entry
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability
Reference: XF:http-port

Name: CVE-1999-0268

Description:

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.

Status:Entry
Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products
Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities
Reference: OSVDB:110
Reference: URL:http://www.osvdb.org/110
Reference: OSVDB:3969
Reference: URL:http://www.osvdb.org/3969
Reference: XF:metaweb-server-dot-attack

Name: CVE-1999-0269

Description:

Netscape Enterprise servers may list files through the PageServices query.

Status:Entry
Reference: XF:netscape-server-pageservices

Name: CVE-1999-0270

Description:

Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

Status:Entry
Reference: BID:64
Reference: URL:http://www.securityfocus.com/bid/64
Reference: BUGTRAQ:19980317 IRIX performer_tools bug
Reference: CIAC:I-041
Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml
Reference: OSVDB:134
Reference: URL:http://www.osvdb.org/134
Reference: SGI:19980401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P
Reference: XF:sgi-pfdispaly(810)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/810

Name: CVE-1999-0272

Description:

Denial of service in Slmail v2.5 through the POP3 port.

Status:Entry
Reference: XF:slmail-username-bo

Name: CVE-1999-0273

Description:

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

Status:Entry
Reference: XF:sun-telnet-kill

Name: CVE-1999-0274

Description:

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Status:Entry
Reference: NAI:NAI-5
Reference: XF:nt-dns-dos

Name: CVE-1999-0275

Description:

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Status:Entry
Reference: MS:Q169461
Reference: XF:nt-dnscrash
Reference: XF:nt-dnsver

Name: CVE-1999-0276

Description:

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Status:Entry
Reference: SEKURE:sekure.01-99.msql
Reference: XF:msql-debug-bo

Name: CVE-1999-0277

Description:

The WorkMan program can be used to overwrite any file to get root access.

Status:Entry
Reference: CERT:CA-96.23.workman_vul
Reference: XF:workman

Name: CVE-1999-0278

Description:

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

Status:Entry
Reference: MS:MS98-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-003
Reference: OVAL:oval:org.mitre.oval:def:913
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913
Reference: XF:iis-asp-data-check

Name: CVE-1999-0279

Description:

Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers)
Reference: BUGTRAQ:19980115 Excite announcement
Reference: CERT:VB-98.01.excite
Reference: XF:excite-cgi-search-vuln

Name: CVE-1999-0280

Description:

Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

Status:Entry
Reference: CIAC:H-38
Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4
Reference: XF:http-ie-lnkurl

Name: CVE-1999-0281

Description:

Denial of service in IIS using long URLs.

Status:Entry
Reference: XF:http-iis-longurl

Name: CVE-1999-0288

Description:

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Status:Entry
Reference: BUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970815 Re: WINS flooding
Reference: MISC:http://safenetworks.com/Windows/wins.html
Reference: MSKB:155701
Reference: NTBUGTRAQ:19970801 WINS flooding
Reference: XF:nt-winsupd-fix(1233)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1233

Name: CVE-1999-0289

Description:

The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

Status:Entry

Name: CVE-1999-0290

Description:

The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.

Status:Entry
Reference: BUGTRAQ:19980221 WinGate DoS
Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update
Reference: XF:wingate-dos

Name: CVE-1999-0291

Description:

The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.

Status:Entry
Reference: XF:wingate-unpassworded

Name: CVE-1999-0292

Description:

Denial of service through Winpopup using large user names.

Status:Entry
Reference: XF:nt-winpopup

Name: CVE-1999-0293

Description:

AAA authentication on Cisco systems allows attackers to execute commands without authorization.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
Reference: XF:cisco-ios-aaa-auth

Name: CVE-1999-0294

Description:

All records in a WINS database can be deleted through SNMP for a denial of service.

Status:Entry
Reference: XF:nt-wins-snmp2

Name: CVE-1999-0295

Description:

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

Status:Entry
Reference: SUN:00157
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157
Reference: XF:sun-sysdef

Name: CVE-1999-0296

Description:

Solaris volrmmount program allows attackers to read any file.

Status:Entry
Reference: SUN:00162
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162
Reference: XF:sun-volrmmount

Name: CVE-1999-0297

Description:

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

Status:Entry
Reference: AUSCERT:AA-96.21
Reference: CIAC:H-17
Reference: NAI:NAI-3
Reference: XF:vixie-cron

Name: CVE-1999-0299

Description:

Buffer overflow in FreeBSD lpd through long DNS hostnames.

Status:Entry
Reference: NAI:NAI-9
Reference: OSVDB:6093
Reference: URL:http://www.osvdb.org/6093

Name: CVE-1999-0300

Description:

nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

Status:Entry
Reference: SUN:00155
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155
Reference: XF:sun-niscache

Name: CVE-1999-0301

Description:

Buffer overflow in SunOS/Solaris ps command.

Status:Entry
Reference: AUSCERT:AUSCERT-97.17
Reference: SUN:00149
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149
Reference: XF:sun-ps2bo

Name: CVE-1999-0302

Description:

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Status:Entry
Reference: SUN:00176
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176
Reference: XF:sun-ftp-server

Name: CVE-1999-0303

Description:

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

Status:Entry
Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD
Reference: XF:bnu-uucpd-bo

Name: CVE-1999-0304

Description:

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:02
Reference: XF:bsd-mmap

Name: CVE-1999-0305

Description:

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

Status:Entry
Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt
Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem"
Reference: OSVDB:11502
Reference: URL:http://www.osvdb.org/11502
Reference: XF:bsd-sourceroute(736)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/736

Name: CVE-1999-0308

Description:

HP-UX gwind program allows users to modify arbitrary files.

Status:Entry
Reference: CIAC:H-03: HP-UX suid Vulnerabilities
Reference: HP:HPSBUX9410-018
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018
Reference: XF:hpux-gwind-overwrite

Name: CVE-1999-0309

Description:

HP-UX vgdisplay program gives root access to local users.

Status:Entry
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability
Reference: HP:HPSBUX9702-056
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056
Reference: XF:hpux-vgdisplay

Name: CVE-1999-0310

Description:

SSH 1.2.25 on HP-UX allows access to new user accounts.

Status:Entry
Reference: XF:ssh-1225

Name: CVE-1999-0311

Description:

fpkg2swpk in HP-UX allows local users to gain root access.

Status:Entry
Reference: HP:HPSBUX9612-042
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042
Reference: XF:hpux-fpkg2swpk

Name: CVE-1999-0312

Description:

HP ypbind allows attackers with root privileges to modify NIS data.

Status:Entry
Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability
Reference: XF:nis-ypbind

Name: CVE-1999-0313

Description:

disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status:Entry
Reference: BID:214
Reference: URL:http://www.securityfocus.com/bid/214
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: OSVDB:936
Reference: URL:http://www.osvdb.org/936
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: XF:sgi-disk-bandwidth(1441)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1441

Name: CVE-1999-0314

Description:

ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status:Entry
Reference: BID:213
Reference: URL:http://www.securityfocus.com/bid/213
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: OSVDB:6788
Reference: URL:http://www.osvdb.org/6788
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: XF:sgi-ioconfig(1199)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1199

Name: CVE-1999-0315

Description:

Buffer overflow in Solaris fdformat command gives root access to local users.

Status:Entry
Reference: SUN:00138
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138
Reference: XF:fdformat-bo

Name: CVE-1999-0316

Description:

Buffer overflow in Linux splitvt command gives root access to local users.

Status:Entry
Reference: CIAC:G-08
Reference: XF:linux-splitvt

Name: CVE-1999-0318

Description:

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Status:Entry
Reference: BUGTRAQ:19961125 Security Problems in XMCD
Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)
Reference: XF:xmcd-envbo

Name: CVE-1999-0320

Description:

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Status:Entry
Reference: SUN:00166
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166
Reference: XF:sun-rpc.cmsd

Name: CVE-1999-0321

Description:

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Status:Entry
Reference: XF:sun-kcms-configure-bo

Name: CVE-1999-0322

Description:

The open() function in FreeBSD allows local attackers to write to arbitrary files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:05
Reference: OSVDB:6092
Reference: URL:http://www.osvdb.org/6092
Reference: XF:freebsd-open

Name: CVE-1999-0323

Description:

FreeBSD mmap function allows users to modify append-only or immutable files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:04
Reference: NETBSD:1998-003
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc
Reference: XF:bsd-mmap

Name: CVE-1999-0324

Description:

ppl program in HP-UX allows local users to create root files through symlinks.

Status:Entry
Reference: CIAC:H-31
Reference: HP:HPSBUX9702-053
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053
Reference: XF:hp-ppllog

Name: CVE-1999-0325

Description:

vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

Status:Entry
Reference: HP:HPSBUX9406-013
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013
Reference: XF:hp-vhe

Name: CVE-1999-0326

Description:

Vulnerability in HP-UX mediainit program.

Status:Entry
Reference: HP:HPSBUX9710-071
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071
Reference: XF:hp-mediainit

Name: CVE-1999-0327

Description:

SGI syserr program allows local users to corrupt files.

Status:Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-syserr

Name: CVE-1999-0328

Description:

SGI permissions program allows local users to gain root privileges.

Status:Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-permtool

Name: CVE-1999-0329

Description:

SGI mediad program allows local users to gain root access.

Status:Entry
Reference: SGI:19980602-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX
Reference: XF:sgi-mediad

Name: CVE-1999-0332

Description:

Buffer overflow in NetMeeting allows denial of service and remote command execution.

Status:Entry
Reference: MSKB:Q184346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346
Reference: XF:nt-netmeeting

Name: CVE-1999-0334

Description:

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

Status:Entry
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability
Reference: XF:sol-startup

Name: CVE-1999-0335

Description:

DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032.

Status:Entry

Name: CVE-1999-0337

Description:

AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.

Status:Entry
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
Reference: XF:ibm-bsh

Name: CVE-1999-0338

Description:

AIX Licensed Program Product performance tools allow local users to gain root access.

Status:Entry
Reference: CERT:CA-94.03.AIX.performance.tools
Reference: XF:ibm-perf-tools

Name: CVE-1999-0339

Description:

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

Status:Entry
Reference: RSI:RSI.0007.05-26-98
Reference: XF:sol-sun-libauth

Name: CVE-1999-0340

Description:

Buffer overflow in Linux Slackware crond program allows local users to gain root access.

Status:Entry
Reference: KSRT:005
Reference: XF:linux-crond

Name: CVE-1999-0341

Description:

Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

Status:Entry
Reference: KSRT:006
Reference: XF:linux-deliver

Name: CVE-1999-0342

Description:

Linux PAM modules allow local users to gain root access using temporary files.

Status:Entry
Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam
Reference: XF:linux-pam-passwd-tmprace

Name: CVE-1999-0343

Description:

A malicious Palace server can force a client to execute arbitrary programs.

Status:Entry
Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd)
Reference: XF:palace-malicious-servers-vuln

Name: CVE-1999-0344

Description:

NT users can gain debug-level access on a system process using the Sechole exploit.

Status:Entry
Reference: MS:MS98-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-009
Reference: MSKB:Q190288
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288
Reference: XF:nt-priv-fix

Name: CVE-1999-0346

Description:

CGI PHP mlog script allows an attacker to read any file on the target server.

Status:Entry
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: OSVDB:3397
Reference: URL:http://www.osvdb.org/3397
Reference: XF:http-cgi-php-mlog

Name: CVE-1999-0348

Description:

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Status:Entry
Reference: MSKB:Q197003
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003
Reference: NTBUGTRAQ:Jan27,1999
Reference: OSVDB:930
Reference: URL:http://www.osvdb.org/930

Name: CVE-1999-0349

Description:

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:Jan27,1999
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.html
Reference: MS:MS99-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-003
Reference: MSKB:Q188348
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348
Reference: XF:iis-remote-ftp

Name: CVE-1999-0350

Description:

Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

Status:Entry
Reference: L0PHT:Feb8,1999
Reference: XF:clearcase-temp-race

Name: CVE-1999-0351

Description:

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Status:Entry
Reference: INFOWAR:01
Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt
Reference: XF:pasv-pizza-thief-dos(3389)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3389

Name: CVE-1999-0353

Description:

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

Status:Entry
Reference: CIAC:J-026
Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml
Reference: HP:HPSBUX9902-091
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091
Reference: XF:pcnfsd-world-write

Name: CVE-1999-0355

Description:

Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.

Status:Entry
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: XF:controlit-reboot

Name: CVE-1999-0357

Description:

Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

Status:Entry
Reference: BUGTRAQ:19990125 Win98 crash?
Reference: XF:win98-oshare-dos

Name: CVE-1999-0358

Description:

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

Status:Entry
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/12121
Reference: CIAC:J-027
Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc

Name: CVE-1999-0362

Description:

WS_FTP server remote denial of service through cwd command.

Status:Entry
Reference: BID:217
Reference: URL:http://www.securityfocus.com/bid/217
Reference: EEYE:AD02021999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html
Reference: XF:wsftp-remote-dos

Name: CVE-1999-0363

Description:

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.

Status:Entry
Reference: BID:328
Reference: URL:http://www.securityfocus.com/bid/328
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo

Name: CVE-1999-0365

Description:

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Status:Entry
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands

Name: CVE-1999-0366

Description:

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

Status:Entry
Reference: MS:MS99-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-004
Reference: MSKB:Q214840
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840
Reference: XF:nt-sp4-auth-error

Name: CVE-1999-0367

Description:

NetBSD netstat command allows local users to access kernel memory.

Status:Entry
Reference: NETBSD:1999-002
Reference: OSVDB:7571
Reference: URL:http://www.osvdb.org/7571

Name: CVE-1999-0368

Description:

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Status:Entry
Reference: CERT:CA-99.03
Reference: NETECT:palmetto.ftpd
Reference: XF:palmetto-ftpd-bo

Name: CVE-1999-0369

Description:

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

Status:Entry
Reference: SUN:00183
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183
Reference: XF:sun-sdtcm-convert-bo

Name: CVE-1999-0371

Description:

Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

Status:Entry
Reference: BUGTRAQ:19990211 Lynx /tmp problem
Reference: CERT:VB-97.05.lynx
Reference: XF:lynx-temp-files-race

Name: CVE-1999-0372

Description:

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

Status:Entry
Reference: MS:MS99-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005
Reference: MSKB:Q217004
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004
Reference: XF:nt-backoffice-setup

Name: CVE-1999-0373

Description:

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

Status:Entry
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux
Reference: XF:linux-super-bo
Reference: XF:linux-super-logging-bo

Name: CVE-1999-0374

Description:

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Status:Entry
Reference: BUGTRAQ:Feb16,1999
Reference: DEBIAN:19990215
Reference: XF:linux-cfengine-symlinks

Name: CVE-1999-0375

Description:

Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.

Status:Entry
Reference: BUGTRAQ:Feb16,1999
Reference: NAI:February 16, 1999
Reference: XF:nfr-webd-overflow

Name: CVE-1999-0376

Description:

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

Status:Entry
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: MS:MS99-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-006
Reference: XF:nt-knowndlls-list

Name: CVE-1999-0377

Description:

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.

Status:Entry
Reference: BUGTRAQ:Feb22,1999
Reference: SECTRACK:1033881
Reference: URL:http://www.securitytracker.com/id/1033881

Name: CVE-1999-0378

Description:

InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.

Status:Entry
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: OSVDB:6167
Reference: URL:http://www.osvdb.org/6167
Reference: XF:viruswall-http-request

Name: CVE-1999-0379

Description:

Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.

Status:Entry
Reference: BID:498
Reference: URL:http://www.securityfocus.com/bid/498
Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007)
Reference: MS:MS99-007
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-007
Reference: OSVDB:1019
Reference: URL:http://www.osvdb.org/1019
Reference: XF:win-resourcekit-taskpads

Name: CVE-1999-0380

Description:

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.

Status:Entry
Reference: BID:497
Reference: URL:http://www.securityfocus.com/bid/497
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.info/?l=bugtraq&m=91996412724720&w=2
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.info/?l=ntbugtraq&m=91999015212415&w=2
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: URL:http://marc.info/?l=ntbugtraq&m=92110501504997&w=2
Reference: XF:slmail-ras-ntfs-bypass(5392)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5392

Name: CVE-1999-0382

Description:

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

Status:Entry
Reference: MS:MS99-008
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-008
Reference: XF:nt-screen-saver

Name: CVE-1999-0383

Description:

ACC Tigris allows public access without a login.

Status:Entry
Reference: BID:183
Reference: URL:http://www.securityfocus.com/bid/183
Reference: BUGTRAQ:19990103 Tigris vulnerability
Reference: OSVDB:267
Reference: URL:http://www.osvdb.org/267
Reference: XF:acc-tigris-login

Name: CVE-1999-0384

Description:

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

Status:Entry
Reference: MS:MS99-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-001
Reference: XF:forms-vuln-patch

Name: CVE-1999-0385

Description:

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Status:Entry
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: MS:MS99-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-009
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos

Name: CVE-1999-0386

Description:

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

Status:Entry
Reference: MS:MS99-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010
Reference: OSVDB:111
Reference: URL:http://www.osvdb.org/111
Reference: XF:pws-file-access

Name: CVE-1999-0387

Description:

A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.

Status:Entry
Reference: BID:829
Reference: URL:http://www.securityfocus.com/bid/829
Reference: MS:MS99-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-052
Reference: MSKB:Q168115
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115
Reference: XF:9x-plaintext-pwd

Name: CVE-1999-0388

Description:

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.

Status:Entry
Reference: L0PHT:Jan3,1999
Reference: OSVDB:3186
Reference: URL:http://www.osvdb.org/3186
Reference: XF:datalynx-suguard-relative-paths

Name: CVE-1999-0390

Description:

Buffer overflow in Dosemu Slang library in Linux.

Status:Entry
Reference: BID:187
Reference: URL:http://www.securityfocus.com/bid/187
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
Reference: CALDERA:CSSA-1999-006.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt

Name: CVE-1999-0391

Description:

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Status:Entry
Reference: L0PHT:Jan. 5, 1999

Name: CVE-1999-0392

Description:

Buffer overflow in Thomas Boutell's cgic library version up to 1.05.

Status:Entry
Reference: BUGTRAQ:Jan10,1999
Reference: XF:http-cgic-library-bo

Name: CVE-1999-0393

Description:

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

Status:Entry
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.info/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection

Name: CVE-1999-0395

Description:

A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.

Status:Entry
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol

Name: CVE-1999-0396

Description:

A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

Status:Entry
Reference: NETBSD:1999-001
Reference: OPENBSD:Feb17,1999
Reference: XF:netbsd-tcp-race

Name: CVE-1999-0402

Description:

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

Status:Entry
Reference: BUGTRAQ:Feb2,1999
Reference: DEBIAN:19990220
Reference: XF:wget-permissions

Name: CVE-1999-0403

Description:

A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.

Status:Entry
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.info/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang

Name: CVE-1999-0404

Description:

Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.

Status:Entry
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo

Name: CVE-1999-0405

Description:

A buffer overflow in lsof allows local users to obtain root privilege.

Status:Entry
Reference: BUGTRAQ:Feb18,1999
Reference: DEBIAN:19990220a
Reference: HERT:002
Reference: OSVDB:3163
Reference: URL:http://www.osvdb.org/3163
Reference: XF:lsof-bo

Name: CVE-1999-0407

Description:

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Status:Entry
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.info/?l=bugtraq&m=91983486431506&w=2
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.info/?l=bugtraq&m=92000623021036&w=2
Reference: XF:iis-iisadmpwd

Name: CVE-1999-0408

Description:

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

Status:Entry
Reference: BID:337
Reference: URL:http://www.securityfocus.com/bid/337
Reference: BUGTRAQ:19990225 Cobalt root exploit
Reference: XF:cobalt-raq-history-exposure

Name: CVE-1999-0409

Description:

Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.

Status:Entry
Reference: BID:319
Reference: URL:http://www.securityfocus.com/bid/319
Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow
Reference: XF:gnuplot-home-overflow

Name: CVE-1999-0410

Description:

The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

Status:Entry
Reference: BID:293
Reference: URL:http://www.securityfocus.com/bid/293
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel

Name: CVE-1999-0412

Description:

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Status:Entry
Reference: BID:501
Reference: URL:http://www.securityfocus.com/bid/501
Reference: BUGTRAQ:Feb19,1999
Reference: XF:iis-isapi-execute

Name: CVE-1999-0413

Description:

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

Status:Entry
Reference: SGI:19990301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX
Reference: XF:irix-font-path-overflow

Name: CVE-1999-0414

Description:

In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Status:Entry
Reference: NAI:Linux Blind TCP Spoofing
Reference: XF:linux-blind-spoof

Name: CVE-1999-0415

Description:

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

Status:Entry
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config

Name: CVE-1999-0416

Description:

Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.

Status:Entry
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: XF:cisco-web-crash

Name: CVE-1999-0417

Description:

64 bit Solaris 7 procfs allows local users to perform a denial of service.

Status:Entry
Reference: BID:448
Reference: URL:http://www.securityfocus.com/bid/448
Reference: BUGTRAQ:Mar9,1999
Reference: OSVDB:1001
Reference: URL:http://www.osvdb.org/1001
Reference: XF:solaris-psinfo-crash

Name: CVE-1999-0420

Description:

umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.

Status:Entry
Reference: NETBSD:1999-006

Name: CVE-1999-0421

Description:

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.

Status:Entry
Reference: BID:338
Reference: URL:http://www.securityfocus.com/bid/338
Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations
Reference: OSVDB:981
Reference: URL:http://www.osvdb.org/981
Reference: XF:linux-slackware-install

Name: CVE-1999-0422

Description:

In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.

Status:Entry
Reference: NETBSD:1999-007

Name: CVE-1999-0423

Description:

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

Status:Entry
Reference: HP:HPSBUX9903-093
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093
Reference: XF:hp-hpterm-files

Name: CVE-1999-0424

Description:

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

Status:Entry
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-overwrite

Name: CVE-1999-0425

Description:

talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

Status:Entry
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-kill

Name: CVE-1999-0428

Description:

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Status:Entry
Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert
Reference: OSVDB:3936
Reference: URL:http://www.osvdb.org/3936
Reference: XF:ssl-session-reuse

Name: CVE-1999-0429

Description:

The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

Status:Entry
Reference: BUGTRAQ:19990323
Reference: URL:http://marc.info/?l=bugtraq&m=92221437025743&w=2
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: URL:http://marc.info/?l=bugtraq&m=92241547418689&w=2
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: URL:http://marc.info/?l=bugtraq&m=92246997917866&w=2
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: URL:http://marc.info/?l=bugtraq&m=92249282302994&w=2
Reference: XF:lotus-client-encryption

Name: CVE-1999-0430

Description:

Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.

Status:Entry
Reference: CISCO:Cisco Catalyst Supervisor Remote Reload
Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches
Reference: OSVDB:1103
Reference: URL:http://www.osvdb.org/1103
Reference: XF:cisco-catalyst-crash

Name: CVE-1999-0432

Description:

ftp on HP-UX 11.00 allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9903-094
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094
Reference: XF:hp-ftp

Name: CVE-1999-0433

Description:

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Status:Entry
Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem
Reference: SUSE:Mar28,1999
Reference: XF:xfree86-temp-directories

Name: CVE-1999-0436

Description:

Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9903-095
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095
Reference: XF:hp-desms-servers

Name: CVE-1999-0437

Description:

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.

Status:Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: XF:webramp-device-crash

Name: CVE-1999-0438

Description:

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.

Status:Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: XF:webramp-ipchange

Name: CVE-1999-0439

Description:

Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

Status:Entry
Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes
Reference: CALDERA:CSSA-1999:007
Reference: DEBIAN:19990422
Reference: XF:procmail-overflow

Name: CVE-1999-0440

Description:

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Status:Entry
Reference: BID:1939
Reference: URL:http://www.securityfocus.com/bid/1939
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Reference: URL:http://marc.info/?l=bugtraq&m=92333596624452&w=2
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: XF:java-unverified-code

Name: CVE-1999-0441

Description:

Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.

Status:Entry
Reference: BID:509
Reference: URL:http://www.securityfocus.com/bid/509
Reference: EEYE:AD02221999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html
Reference: XF:wingate-redirector-dos

Name: CVE-1999-0442

Description:

Solaris ff.core allows local users to modify files.

Status:Entry
Reference: BID:327
Reference: URL:http://www.securityfocus.com/bid/327
Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris
Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7
Reference: BUGTRAQ:19990408 Solaris7 and ff.core

Name: CVE-1999-0445

Description:

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

Status:Entry
Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT
Reference: OSVDB:1104
Reference: URL:http://www.osvdb.org/1104
Reference: XF:cisco-natacl-leakage

Name: CVE-1999-0446

Description:

Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.

Status:Entry
Reference: NETBSD:1999-008
Reference: OSVDB:7051
Reference: URL:http://www.osvdb.org/7051
Reference: XF:netbsd-vfslocking-panic

Name: CVE-1999-0447

Description:

Local users can gain privileges using the debug utility in the MPE/iX operating system.

Status:Entry
Reference: HP:HPSBMP9904-006
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006
Reference: XF:mpeix-debug

Name: CVE-1999-0448

Description:

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Status:Entry
Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory
Reference: XF:iis-http-request-logging

Name: CVE-1999-0449

Description:

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

Status:Entry
Reference: BID:193
Reference: URL:http://www.securityfocus.com/bid/193
Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS
Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: OSVDB:2
Reference: URL:http://www.osvdb.org/2
Reference: OSVDB:3
Reference: URL:http://www.osvdb.org/3
Reference: OSVDB:4
Reference: URL:http://www.osvdb.org/4
Reference: XF:iis-exair-dos

Name: CVE-1999-0457

Description:

Linux ftpwatch program allows local users to gain root privileges.

Status:Entry
Reference: BID:317
Reference: URL:http://www.securityfocus.com/bid/317
Reference: BUGTRAQ:Jan17,1999
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln

Name: CVE-1999-0458

Description:

L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.

Status:Entry
Reference: BUGTRAQ:Jan6,1999
Reference: OSVDB:915
Reference: URL:http://www.osvdb.org/915
Reference: XF:l0phtcrack-temp-files

Name: CVE-1999-0463

Description:

Remote attackers can perform a denial of service using IRIX fcagent.

Status:Entry
Reference: SGI:19981201-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX
Reference: XF:sgi-fcagent-dos

Name: CVE-1999-0464

Description:

Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.

Status:Entry
Reference: BUGTRAQ:19990104 Tripwire mess..
Reference: URL:http://marc.info/?l=bugtraq&m=91553066310826&w=2
Reference: CONFIRM:http://marc.info/?l=bugtraq&m=91592136122066&w=2
Reference: OSVDB:6609
Reference: URL:http://www.osvdb.org/6609

Name: CVE-1999-0466

Description:

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.

Status:Entry
Reference: NETBSD:1999-009
Reference: OSVDB:905
Reference: URL:http://www.osvdb.org/905

Name: CVE-1999-0468

Description:

Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

Status:Entry
Reference: BUGTRAQ:Apr9,1999
Reference: MS:MS99-012
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-012
Reference: XF:ie-scriplet-fileread

Name: CVE-1999-0470

Description:

A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.

Status:Entry
Reference: BID:482
Reference: URL:http://www.securityfocus.com/bid/482
Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit
Reference: XF:netware-remotenlm-passwords

Name: CVE-1999-0471

Description:

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.

Status:Entry
Reference: BUGTRAQ:Apr9,1999
Reference: XF:winroute-config

Name: CVE-1999-0472

Description:

The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.

Status:Entry
Reference: BUGTRAQ:Apr7,1999
Reference: XF:netcache-snmp

Name: CVE-1999-0473

Description:

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.

Status:Entry
Reference: BID:145
Reference: URL:http://www.securityfocus.com/bid/145
Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix
Reference: CALDERA:CSSA-1999:010.0
Reference: DEBIAN:19990823
Reference: XF:rsync-permissions

Name: CVE-1999-0474

Description:

The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.

Status:Entry
Reference: BUGTRAQ:Apr5,1999
Reference: XF:icq-webserver-read

Name: CVE-1999-0475

Description:

A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.

Status:Entry
Reference: BUGTRAQ:Apr5,1999
Reference: XF:procmail-race

Name: CVE-1999-0478

Description:

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

Status:Entry
Reference: HP:HPSBUX9904-097
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097
Reference: XF:sendmail-headers-dos

Name: CVE-1999-0479

Description:

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

Status:Entry
Reference: HP:HPSBUX9903-092
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092
Reference: XF:netscape-server-dos

Name: CVE-1999-0481

Description:

Denial of service in "poll" in OpenBSD.

Status:Entry
Reference: OPENBSD:Mar22,1999
Reference: OSVDB:7556
Reference: URL:http://www.osvdb.org/7556

Name: CVE-1999-0482

Description:

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Status:Entry
Reference: OPENBSD:Mar21,1999
Reference: OSVDB:7557
Reference: URL:http://www.osvdb.org/7557

Name: CVE-1999-0483

Description:

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Status:Entry
Reference: OPENBSD:Feb25,1999
Reference: OSVDB:6129
Reference: URL:http://www.osvdb.org/6129

Name: CVE-1999-0484

Description:

Buffer overflow in OpenBSD ping.

Status:Entry
Reference: OPENBSD:Feb23,1999
Reference: OSVDB:6130
Reference: URL:http://www.osvdb.org/6130

Name: CVE-1999-0485

Description:

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

Status:Entry
Reference: OPENBSD:Feb19,1999
Reference: OSVDB:7558
Reference: URL:http://www.osvdb.org/7558
Reference: XF:openbsd-ipintr-race

Name: CVE-1999-0487

Description:

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

Status:Entry
Reference: MS:MS99-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-011
Reference: XF:ie-dhtml-control

Name: CVE-1999-0491

Description:

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Status:Entry
Reference: BID:119
Reference: URL:http://www.securityfocus.com/bid/119
Reference: BUGTRAQ:19990420 Bash Bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org
Reference: CALDERA:CSSA-1999-008.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt

Name: CVE-1999-0493

Description:

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Status:Entry
Reference: BID:450
Reference: URL:http://www.securityfocus.com/bid/450
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: CIAC:J-045
Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml
Reference: SUN:00186
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba

Name: CVE-1999-0494

Description:

Denial of service in WinGate proxy through a buffer overflow in POP3.

Status:Entry
Reference: XF:wingate-pop3-user-bo

Name: CVE-1999-0496

Description:

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

Status:Entry
Reference: MSKB:Q146965
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965
Reference: XF:nt-getadmin
Reference: XF:nt-getadmin-present

Name: CVE-1999-0513

Description:

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Status:Entry
Reference: CERT:CA-98.01.smurf
Reference: FREEBSD:FreeBSD-SA-98:06
Reference: XF:smurf

Name: CVE-1999-0514

Description:

UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.

Status:Entry
Reference: XF:fraggle

Name: CVE-1999-0526

Description:

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Status:Entry
Reference: CERT-VN:VU#704969
Reference: URL:http://www.kb.cert.org/vuls/id/704969
Reference: XF:xcheck-keystroke

Name: CVE-1999-0551

Description:

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

Status:Entry
Reference: HP:HPSBUX9804-078
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078
Reference: XF:hp-openmail

Name: CVE-1999-0566

Description:

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

Status:Entry
Reference: XF:ibm-syslogd
Reference: XF:syslog-flood

Name: CVE-1999-0608

Description:

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

Status:Entry
Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data
Reference: URL:http://marc.info/?l=bugtraq&m=92462991805485&w=2
Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html.
Reference: XF:pdgsoftcart-misconfig(3857)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3857

Name: CVE-1999-0612

Description:

A version of finger is running that exposes valid user information to any entity on the network.

Status:Entry
Reference: XF:finger-out
Reference: XF:finger-running

Name: CVE-1999-0626

Description:

A version of rusers is running that exposes valid user information to any entity on the network.

Status:Entry
Reference: XF:ruser
Reference: XF:rusersd

Name: CVE-1999-0627

Description:

The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.

Status:Entry
Reference: XF:rexd

Name: CVE-1999-0628

Description:

The rwho/rwhod service is running, which exposes machine status and user information.

Status:Entry
Reference: XF:rwhod

Name: CVE-1999-0668

Description:

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

Status:Entry
Reference: BID:598
Reference: URL:http://www.securityfocus.com/bid/598
Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs
Reference: CIAC:J-064
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml
Reference: MS:MS99-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-032
Reference: MSKB:Q240308
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308
Reference: XF:ms-scriptlet-eyedog-unsafe

Name: CVE-1999-0671

Description:

Buffer overflow in ToxSoft NextFTP client through CWD command.

Status:Entry
Reference: BID:572
Reference: URL:http://www.securityfocus.com/bid/572
Reference: XF:toxsoft-nextftp-cwd-bo

Name: CVE-1999-0672

Description:

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

Status:Entry
Reference: BID:573
Reference: URL:http://www.securityfocus.com/bid/573
Reference: XF:fujitsu-topic-bo

Name: CVE-1999-0674

Description:

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Status:Entry
Reference: BID:570
Reference: URL:http://www.securityfocus.com/bid/570
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: CIAC:J-067
Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml
Reference: FREEBSD:FreeBSD-SA-99:02
Reference: NETBSD:1999-011
Reference: OPENBSD:Aug 9,1999
Reference: XF:netbsd-profil

Name: CVE-1999-0675

Description:

Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

Status:Entry
Reference: BID:576
Reference: URL:http://www.securityfocus.com/bid/576
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
Reference: URL:http://www.securityfocus.com/archive/1/23615
Reference: OSVDB:1038
Reference: URL:http://www.osvdb.org/1038
Reference: XF:checkpoint-port

Name: CVE-1999-0676

Description:

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Status:Entry
Reference: BID:575
Reference: URL:http://www.securityfocus.com/bid/575
Reference: BUGTRAQ:19990808 sdtcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-sdtcm-convert

Name: CVE-1999-0678

Description:

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Status:Entry
Reference: BID:318
Reference: URL:http://www.securityfocus.com/bid/318
Reference: BUGTRAQ:19990405 An issue with Apache on Debian
Reference: XF:apache-debian-usrdoc

Name: CVE-1999-0679

Description:

Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.

Status:Entry
Reference: BID:581
Reference: URL:http://www.securityfocus.com/bid/581
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: XF:hybrid-ircd-minvite-bo

Name: CVE-1999-0680

Description:

Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

Status:Entry
Reference: BID:571
Reference: URL:http://www.securityfocus.com/bid/571
Reference: CIAC:J-057
Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml
Reference: MS:MS99-028
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-028
Reference: MSKB:Q238600
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600
Reference: XF:nt-terminal-dos

Name: CVE-1999-0681

Description:

Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:568
Reference: URL:http://www.securityfocus.com/bid/568
Reference: BUGTRAQ:19990807 Crash FrontPage Remotely...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html
Reference: XF:frontpage-pws-dos(3117)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3117

Name: CVE-1999-0682

Description:

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Status:Entry
Reference: BID:567
Reference: URL:http://www.securityfocus.com/bid/567
Reference: CIAC:J-056
Reference: URL:http://www.ciac.org/ciac/bulletins/j-056.shtml
Reference: MS:MS99-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-027
Reference: MSKB:Q237927
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927
Reference: XF:exchange-relay

Name: CVE-1999-0683

Description:

Denial of service in Gauntlet Firewall via a malformed ICMP packet.

Status:Entry
Reference: BID:556
Reference: URL:http://www.securityfocus.com/bid/556
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0
Reference: OSVDB:1029
Reference: URL:http://www.osvdb.org/1029
Reference: XF:gauntlet-dos

Name: CVE-1999-0685

Description:

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Status:Entry
Reference: BID:618
Reference: URL:http://www.securityfocus.com/bid/618
Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow

Name: CVE-1999-0686

Description:

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Status:Entry
Reference: BUGTRAQ:19990514 TGAD DoS
Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug
Reference: CIAC:J-046
Reference: URL:http://www.ciac.org/ciac/bulletins/j-046.shtml
Reference: HP:HPSBUX9906-098
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098
Reference: XF:hp-tgad-dos

Name: CVE-1999-0687

Description:

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

Status:Entry
Reference: BID:637
Reference: URL:http://www.securityfocus.com/bid/637
Reference: BUGTRAQ:19990913 Vulnerability in ttsession
Reference: CERT:CA-99-11
Reference: CIAC:K-001
Reference: URL:http://www.ciac.org/ciac/bulletins/k-001.shtml
Reference: COMPAQ:SSRT0617U_TTSESSION
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-ttsession-rpc-auth

Name: CVE-1999-0688

Description:

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Status:Entry
Reference: BID:545
Reference: URL:http://www.securityfocus.com/bid/545
Reference: HP:HPSBUX9907-101
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101
Reference: XF:hp-sd-bo

Name: CVE-1999-0689

Description:

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

Status:Entry
Reference: BID:636
Reference: URL:http://www.securityfocus.com/bid/636
Reference: BUGTRAQ:19990913 Vulnerability in dtspcd
Reference: CERT:CA-99-11
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:1880
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1880
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtspcd-file-auth

Name: CVE-1999-0690

Description:

HP CDE program includes the current directory in root's PATH variable.

Status:Entry
Reference: CIAC:J-053
Reference: URL:http://www.ciac.org/ciac/bulletins/j-053.shtml
Reference: HP:HPSBUX9907-100
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100
Reference: XF:hp-cde-directory

Name: CVE-1999-0691

Description:

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

Status:Entry
Reference: BID:635
Reference: URL:http://www.securityfocus.com/bid/635
Reference: BUGTRAQ:19990913 Vulnerability in dtaction
Reference: CERT:CA-99-11
Reference: COMPAQ:SSRTO615U_DTACTION
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:3078
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3078
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtaction-username-bo

Name: CVE-1999-0692

Description:

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

Status:Entry
Reference: CERT:CA-99-09
Reference: CIAC:J-052
Reference: URL:http://www.ciac.org/ciac/bulletins/j-052.shtml
Reference: SGI:19990701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P
Reference: XF:sgi-arrayd

Name: CVE-1999-0693

Description:

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

Status:Entry
Reference: BID:641
Reference: URL:http://www.securityfocus.com/bid/641
Reference: CERT:CA-99-11
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:4374
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4374
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtsession-env-bo

Name: CVE-1999-0694

Description:

Denial of service in AIX ptrace system call allows local users to crash the system.

Status:Entry
Reference: CIAC:J-055
Reference: URL:http://www.ciac.org/ciac/bulletins/j-055.shtml
Reference: IBM:ERS-SVA-E01-1999:002.1
Reference: XF:aix-ptrace-halt

Name: CVE-1999-0695

Description:

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

Status:Entry
Reference: BID:620
Reference: URL:http://www.securityfocus.com/bid/620
Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
Reference: OSVDB:1064
Reference: URL:http://www.osvdb.org/1064
Reference: XF:http-powerdynamo-dotdotslash

Name: CVE-1999-0696

Description:

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

Status:Entry
Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd
Reference: CERT:CA-99-08
Reference: CIAC:J-051
Reference: URL:http://www.ciac.org/ciac/bulletins/j-051.shtml
Reference: COMPAQ:SSRT0614U_RPC_CMSD
Reference: HP:HPSBUX9908-102
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102
Reference: SCO:SB-99.12
Reference: SUN:00188
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188
Reference: SUNBUG:4230754
Reference: XF:sun-cmsd-bo

Name: CVE-1999-0697

Description:

SCO Doctor allows local users to gain root privileges through a Tools option.

Status:Entry
Reference: BID:621
Reference: URL:http://www.securityfocus.com/bid/621
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
Reference: XF:sco-doctor-execute

Name: CVE-1999-0699

Description:

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.

Status:Entry
Reference: BID:623
Reference: URL:http://www.securityfocus.com/bid/623
Reference: BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web

Name: CVE-1999-0700

Description:

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

Status:Entry
Reference: MS:MS99-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-026
Reference: MSKB:Q237185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185
Reference: XF:nt-malformed-dialer

Name: CVE-1999-0701

Description:

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

Status:Entry
Reference: BID:626
Reference: URL:http://www.securityfocus.com/bid/626
Reference: MS:MS99-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-036
Reference: MSKB:Q173039
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039
Reference: XF:nt-install-unattend-file

Name: CVE-1999-0702

Description:

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

Status:Entry
Reference: BID:627
Reference: URL:http://www.securityfocus.com/bid/627
Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs
Reference: MS:MS99-037
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037
Reference: MSKB:Q241361
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361
Reference: XF:ie5-import-export-favorites

Name: CVE-1999-0703

Description:

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Status:Entry
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Reference: CIAC:J-066
Reference: URL:http://www.ciac.org/ciac/bulletins/j-066.shtml
Reference: FREEBSD:FreeBSD-SA-99:01
Reference: OPENBSD:Jul30,1999
Reference: XF:openbsd-chflags-fchflags-permitted

Name: CVE-1999-0704

Description:

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

Status:Entry
Reference: BID:614
Reference: URL:http://www.securityfocus.com/bid/614
Reference: CALDERA:CSSA-1999:024.0
Reference: CERT:CA-99-12
Reference: DEBIAN:19991018
Reference: FREEBSD:SA-99:06
Reference: REDHAT:RHSA-1999:032-01
Reference: XF:amd-bo

Name: CVE-1999-0705

Description:

Buffer overflow in INN inews program.

Status:Entry
Reference: BID:616
Reference: URL:http://www.securityfocus.com/bid/616
Reference: CALDERA:CSSA-1999-026
Reference: DEBIAN:19990907
Reference: REDHAT:RHSA1999033_01
Reference: SUSE:19990831 Security hole in INN
Reference: XF:inn-inews-bo

Name: CVE-1999-0706

Description:

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

Status:Entry
Reference: BID:583
Reference: URL:http://www.securityfocus.com/bid/583
Reference: DEBIAN:19990807
Reference: SUSE:19990817 Security hole in i4l (xmonisdn)

Name: CVE-1999-0707

Description:

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

Status:Entry
Reference: BID:493
Reference: URL:http://www.securityfocus.com/bid/493
Reference: CIAC:J-050
Reference: URL:http://www.ciac.org/ciac/bulletins/j-050.shtml
Reference: HP:HPSBUX9906-099
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099
Reference: XF:hp-visualize-conference-ftp

Name: CVE-1999-0708

Description:

Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.

Status:Entry
Reference: BID:651
Reference: URL:http://www.securityfocus.com/bid/651
Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow

Name: CVE-1999-0710

Description:

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

Status:Entry
Reference: BID:2059
Reference: URL:http://www.securityfocus.com/bid/2059
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness
Reference: CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid
Reference: DEBIAN:DSA-576
Reference: URL:http://www.debian.org/security/2004/dsa-576
Reference: FEDORA:FEDORA-2005-373
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: REDHAT:RHSA-1999:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-025.html
Reference: REDHAT:RHSA-2005:489
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-489.html
Reference: XF:http-cgi-cachemgr(2385)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2385

Name: CVE-1999-0711

Description:

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.

Status:Entry
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.info/?t=92550157100002&w=2&r=1
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: URL:http://marc.info/?l=bugtraq&m=92609807906778&w=2
Reference: XF:oracle-oratclsh

Name: CVE-1999-0713

Description:

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission
Reference: CIAC:J-044
Reference: URL:http://www.ciac.org/ciac/bulletins/j-044.shtml
Reference: COMPAQ:SSRT0600U
Reference: XF:cde-dtlogin

Name: CVE-1999-0714

Description:

Vulnerability in Compaq Tru64 UNIX edauth command.

Status:Entry
Reference: COMPAQ:SSRT0588U
Reference: XF:du-edauth

Name: CVE-1999-0715

Description:

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

Status:Entry
Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system
Reference: MS:MS99-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-016
Reference: MSKB:Q230677
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677
Reference: XF:nt-ras-bo

Name: CVE-1999-0716

Description:

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

Status:Entry
Reference: MS:MS99-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-015
Reference: MSKB:Q231605
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605
Reference: XF:nt-helpfile-bo

Name: CVE-1999-0717

Description:

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Status:Entry
Reference: MS:MS99-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-014
Reference: MSKB:Q231304
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304
Reference: XF:excel-virus-warning

Name: CVE-1999-0718

Description:

IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.

Status:Entry
Reference: BID:608
Reference: URL:http://www.securityfocus.com/bid/608
Reference: NTBUGTRAQ:19990823 IBM Gina security warning
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534
Reference: XF:ibm-gina-group-add(3166)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3166

Name: CVE-1999-0719

Description:

The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

Status:Entry
Reference: BID:563
Reference: URL:http://www.securityfocus.com/bid/563
Reference: BUGTRAQ:19990802 Gnumeric potential security hole.
Reference: REDHAT:RHSA-1999:023-01
Reference: XF:gnu-guile-plugin-export

Name: CVE-1999-0720

Description:

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

Status:Entry
Reference: BID:597
Reference: URL:http://www.securityfocus.com/bid/597
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: XF:linux-pt-chown

Name: CVE-1999-0721

Description:

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Status:Entry
Reference: BINDVIEW:Phantom Technical Advisory
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: MS:MS99-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-020
Reference: MSKB:Q231457
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457
Reference: XF:msrpc-lsa-lookupnames-dos

Name: CVE-1999-0722

Description:

The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

Status:Entry
Reference: BID:558
Reference: URL:http://www.securityfocus.com/bid/558
Reference: CERT:CA-99-10
Reference: XF:cobalt-raq2-default-config

Name: CVE-1999-0723

Description:

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

Status:Entry
Reference: BID:478
Reference: URL:http://www.securityfocus.com/bid/478
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: MS:MS99-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-021
Reference: MSKB:Q233323
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323
Reference: NTBUGTRAQ:19990411 Death by MessageBox
Reference: XF:nt-csrss-dos

Name: CVE-1999-0724

Description:

Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

Status:Entry
Reference: OPENBSD:Aug12,1999
Reference: OSVDB:6128
Reference: URL:http://www.osvdb.org/6128
Reference: XF:openbsd-uio_offset-bo

Name: CVE-1999-0725

Description:

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

Status:Entry
Reference: BID:477
Reference: URL:http://www.securityfocus.com/bid/477
Reference: MS:MS99-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-022
Reference: MSKB:Q233335
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335
Reference: XF:iis-double-byte-code-page(2302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2302

Name: CVE-1999-0726

Description:

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Status:Entry
Reference: BID:499
Reference: URL:http://www.securityfocus.com/bid/499
Reference: MS:MS99-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-023
Reference: MSKB:Q234557
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557
Reference: XF:nt-malformed-image-header

Name: CVE-1999-0727

Description:

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

Status:Entry
Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
Reference: OSVDB:6127
Reference: URL:http://www.osvdb.org/6127
Reference: XF:openbsd-ipsec-cleartext

Name: CVE-1999-0728

Description:

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Status:Entry
Reference: MS:MS99-024
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-024
Reference: MSKB:Q236359
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359
Reference: XF:nt-ioctl-dos

Name: CVE-1999-0729

Description:

Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Status:Entry
Reference: BID:601
Reference: URL:http://www.securityfocus.com/bid/601
Reference: CIAC:J-061
Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml
Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6
Reference: URL:http://xforce.iss.net/alerts/advise34.php
Reference: OSVDB:1057
Reference: URL:http://www.osvdb.org/1057
Reference: XF:lotus-ldap-bo

Name: CVE-1999-0730

Description:

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: DEBIAN:19990612

Name: CVE-1999-0731

Description:

The KDE klock program allows local users to unlock a session using malformed input.

Status:Entry
Reference: BID:489
Reference: URL:http://www.securityfocus.com/bid/489
Reference: BUGTRAQ:19990623 Security flaw in klock
Reference: CALDERA:CSSA-1999:017
Reference: SUSE:19990629 Security hole in Klock

Name: CVE-1999-0732

Description:

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

Status:Entry
Reference: DEBIAN:19990823b
Reference: XF:smtp-refuser-tmp

Name: CVE-1999-0733

Description:

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.

Status:Entry
Reference: BID:490
Reference: URL:http://www.securityfocus.com/bid/490
Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows
Reference: BUGTRAQ:19990626 VMware Security Alert
Reference: BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit
Reference: XF:vmware-bo

Name: CVE-1999-0734

Description:

A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.

Status:Entry
Reference: CISCO:19990819 CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
Reference: URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-19990819-dbaccess
Reference: XF:ciscosecure-read-write(3133)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3133

Name: CVE-1999-0735

Description:

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

Status:Entry
Reference: BID:300
Reference: URL:http://www.securityfocus.com/bid/300
Reference: CALDERA:CSSA-1999:016
Reference: ISS:KDE K-Mail File Creation Vulnerability
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html

Name: CVE-1999-0740

Description:

Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.

Status:Entry
Reference: BID:594
Reference: URL:http://www.securityfocus.com/bid/594
Reference: CALDERA:CSSA-1999:022
Reference: REDHAT:RHSA1999029_01
Reference: XF:linux-telnetd-term

Name: CVE-1999-0742

Description:

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

Status:Entry
Reference: BID:480
Reference: URL:http://www.securityfocus.com/bid/480
Reference: DEBIAN:19990623

Name: CVE-1999-0743

Description:

Trn allows local users to overwrite other users' files via symlinks.

Status:Entry
Reference: BUGTRAQ:19990819 Insecure use of file in /tmp by trn
Reference: DEBIAN:19990823c
Reference: SUSE:19990824 Security hole in trn
Reference: XF:trn-symlinks(3144)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3144

Name: CVE-1999-0744

Description:

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

Status:Entry
Reference: BID:603
Reference: URL:http://www.securityfocus.com/bid/603
Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers

Name: CVE-1999-0745

Description:

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

Status:Entry
Reference: BID:590
Reference: URL:http://www.securityfocus.com/bid/590
Reference: CIAC:J-059
Reference: URL:http://www.ciac.org/ciac/bulletins/j-059.shtml
Reference: IBM:ERS-SVA-E01-1999:003.1
Reference: XF:aix-pdnsd-bo

Name: CVE-1999-0746

Description:

A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

Status:Entry
Reference: BID:587
Reference: URL:http://www.securityfocus.com/bid/587
Reference: BUGTRAQ:19990814 DOS against SuSE's identd
Reference: SUSE:19990824 Security hole in netcfg
Reference: XF:suse-identd-dos

Name: CVE-1999-0747

Description:

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.

Status:Entry
Reference: BID:589
Reference: URL:http://www.securityfocus.com/bid/589
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: XF:bsdi-smp-dos

Name: CVE-1999-0749

Description:

Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.

Status:Entry
Reference: BID:586
Reference: URL:http://www.securityfocus.com/bid/586
Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable
Reference: MS:MS99-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-033
Reference: XF:win-ie5-telnet-heap-overflow

Name: CVE-1999-0751

Description:

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

Status:Entry
Reference: BID:631
Reference: URL:http://www.securityfocus.com/bid/631
Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
Reference: XF:netscape-accept-bo(3256)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3256

Name: CVE-1999-0752

Description:

Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

Status:Entry
Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug

Name: CVE-1999-0753

Description:

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.

Status:Entry
Reference: BID:591
Reference: URL:http://www.securityfocus.com/bid/591
Reference: BUGTRAQ:19990817 Stupid bug in W3-msql
Reference: XF:mini-sql-w3-msql-cgi

Name: CVE-1999-0754

Description:

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

Status:Entry
Reference: BID:255
Reference: URL:http://www.securityfocus.com/bid/255
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: CALDERA:CSSA-1999-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt
Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-innconf-env

Name: CVE-1999-0755

Description:

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Status:Entry
Reference: MS:MS99-017
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-017
Reference: MSKB:Q230681
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681
Reference: XF:nt-ras-pwcache

Name: CVE-1999-0756

Description:

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.

Status:Entry
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos(2207)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2207

Name: CVE-1999-0758

Description:

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.

Status:Entry
Reference: ALLAIRE:ASB99-06
Reference: XF:netscape-space-view

Name: CVE-1999-0759

Description:

Buffer overflow in FuseMAIL POP service via long USER and PASS commands.

Status:Entry
Reference: BID:634
Reference: URL:http://www.securityfocus.com/bid/634
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: XF:fuseware-popmail-bo

Name: CVE-1999-0760

Description:

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

Status:Entry
Reference: ALLAIRE:ASB99-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full
Reference: BID:550
Reference: URL:http://www.securityfocus.com/bid/550
Reference: XF:coldfusion-server-cfml-tags(3288)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3288

Name: CVE-1999-0761

Description:

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

Status:Entry
Reference: BID:644
Reference: URL:http://www.securityfocus.com/bid/644
Reference: FREEBSD:FreeBSD-SA-99:05
Reference: OSVDB:1074
Reference: URL:http://www.osvdb.org/1074
Reference: XF:freebsd-fts-lib-bo

Name: CVE-1999-0762

Description:

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

Status:Entry
Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability
Reference: XF:netscape-title

Name: CVE-1999-0763

Description:

NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.

Status:Entry
Reference: NETBSD:1999-010
Reference: OSVDB:6540
Reference: URL:http://www.osvdb.org/6540
Reference: XF:netbsd-arp

Name: CVE-1999-0764

Description:

NetBSD allows ARP packets to overwrite static ARP entries.

Status:Entry
Reference: NETBSD:1999-010
Reference: OSVDB:6539
Reference: URL:http://www.osvdb.org/6539
Reference: XF:netbsd-arp

Name: CVE-1999-0765

Description:

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

Status:Entry
Reference: BID:262
Reference: URL:http://www.securityfocus.com/bid/262
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
Reference: SGI:19990501-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A
Reference: XF:irix-midikeys

Name: CVE-1999-0766

Description:

The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.

Status:Entry
Reference: BID:600
Reference: URL:http://www.securityfocus.com/bid/600
Reference: MS:MS99-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-031
Reference: MSKB:Q240346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346
Reference: XF:msvm-verifier-java

Name: CVE-1999-0768

Description:

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Status:Entry
Reference: BID:602
Reference: URL:http://www.securityfocus.com/bid/602
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron

Name: CVE-1999-0769

Description:

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Status:Entry
Reference: BID:611
Reference: URL:http://www.securityfocus.com/bid/611
Reference: CALDERA:CSSA-1999:023.0
Reference: DEBIAN:19990830 cron
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron

Name: CVE-1999-0770

Description:

Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

Status:Entry
Reference: BID:549
Reference: URL:http://www.securityfocus.com/bid/549
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
Reference: CHECKPOINT:ACK DOS ATTACK
Reference: OSVDB:1027
Reference: URL:http://www.osvdb.org/1027

Name: CVE-1999-0771

Description:

The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-file-read

Name: CVE-1999-0772

Description:

Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.

Status:Entry
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-dos

Name: CVE-1999-0773

Description:

Buffer overflow in Solaris lpset program allows local users to gain root access.

Status:Entry
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo

Name: CVE-1999-0774

Description:

Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.

Status:Entry
Reference: BID:617
Reference: URL:http://www.securityfocus.com/bid/617
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Reference: REDHAT:RHSA1999037_01
Reference: SUSE:19990916 Security hole in mars nwe

Name: CVE-1999-0775

Description:

Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

Status:Entry
Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error
Reference: XF:cisco-gigaswitch

Name: CVE-1999-0777

Description:

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

Status:Entry
Reference: BID:658
Reference: URL:http://www.securityfocus.com/bid/658
Reference: MS:MS99-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039
Reference: MSKB:Q241407
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407
Reference: MSKB:Q242559
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559
Reference: XF:iis-ftp-no-access-files

Name: CVE-1999-0778

Description:

Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.

Status:Entry
Reference: BID:488
Reference: URL:http://www.securityfocus.com/bid/488
Reference: BUGTRAQ:19990626 KSR[T] #011: Accelerated-X
Reference: KSRT:011
Reference: XF:accelx-display-bo

Name: CVE-1999-0779

Description:

Denial of service in HP-UX SharedX recserv program.

Status:Entry
Reference: HP:HPSBUX9810-086
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086
Reference: XF:hp-sharedx

Name: CVE-1999-0780

Description:

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-process-kill

Name: CVE-1999-0781

Description:

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-bindir-trojans

Name: CVE-1999-0782

Description:

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-kppp-directory-create

Name: CVE-1999-0783

Description:

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

Status:Entry
Reference: CIAC:I-057
Reference: URL:http://www.ciac.org/ciac/bulletins/i-057.shtml
Reference: FREEBSD:FreeBSD-SA-98:05
Reference: OSVDB:6090
Reference: URL:http://www.osvdb.org/6090
Reference: XF:freebsd-nfs-link-dos

Name: CVE-1999-0785

Description:

The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.

Status:Entry
Reference: BID:254
Reference: URL:http://www.securityfocus.com/bid/254
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-pathrun

Name: CVE-1999-0786

Description:

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

Status:Entry
Reference: BID:659
Reference: URL:http://www.securityfocus.com/bid/659
Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6

Name: CVE-1999-0787

Description:

The SSH authentication agent follows symlinks via a UNIX domain socket.

Status:Entry
Reference: BID:660
Reference: URL:http://www.securityfocus.com/bid/660
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.info/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: URL:http://marc.info/?l=bugtraq&m=93832856804415&w=2
Reference: XF:ssh-socket-auth-symlink-dos

Name: CVE-1999-0788

Description:

Arkiea nlservd allows remote attackers to conduct a denial of service.

Status:Entry
Reference: BID:662
Reference: URL:http://www.securityfocus.com/bid/662
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.info/?l=bugtraq&m=93837184228248&w=2
Reference: XF:arkiea-backup-nlserverd-remote-dos

Name: CVE-1999-0789

Description:

Buffer overflow in AIX ftpd in the libc library.

Status:Entry
Reference: BID:679
Reference: URL:http://www.securityfocus.com/bid/679
Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
Reference: CIAC:J-072
Reference: URL:http://www.ciac.org/ciac/bulletins/j-072.shtml
Reference: IBM:ERS-SVA-E01-1999:004.1
Reference: XF:aix-ftpd-bo

Name: CVE-1999-0790

Description:

A remote attacker can read information from a Netscape user's cache via JavaScript.

Status:Entry
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Reference: XF:netscape-javascript

Name: CVE-1999-0791

Description:

Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.

Status:Entry
Reference: BID:695
Reference: URL:http://www.securityfocus.com/bid/695
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Reference: KSRT:012
Reference: XF:hybrid-anon-cable-modem-reconfig

Name: CVE-1999-0793

Description:

Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

Status:Entry
Reference: MS:MS99-043
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-043
Reference: XF:ie-java-redirect

Name: CVE-1999-0794

Description:

Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.

Status:Entry
Reference: MS:MS99-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-044
Reference: MSKB:Q241900
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900
Reference: MSKB:Q241901
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901
Reference: MSKB:Q241902
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902
Reference: XF:excel-sylk

Name: CVE-1999-0796

Description:

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

Status:Entry
Reference: FREEBSD:SA-98.03
Reference: OSVDB:6089
Reference: URL:http://www.osvdb.org/6089
Reference: XF:freebsd-ttcp-spoof

Name: CVE-1999-0797

Description:

NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

Status:Entry
Reference: CIAC:I-070
Reference: URL:http://www.ciac.org/ciac/bulletins/i-070.shtml
Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.
Reference: XF:sun-nis-nisplus

Name: CVE-1999-0799

Description:

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.

Status:Entry
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
Reference: XF:bootpd-bo

Name: CVE-1999-0800

Description:

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.

Status:Entry
Reference: ALLAIRE:ASB99-05
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full
Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html
Reference: OSVDB:944
Reference: URL:http://www.osvdb.org/944
Reference: XF:allaire-forums-file-read(1748)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1748

Name: CVE-1999-0801

Description:

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

Status:Entry
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-frames(2075)
Reference: URL:http://www.iss.net/security_center/static/2075.php

Name: CVE-1999-0802

Description:

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

Status:Entry
Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG
Reference: MS:MS99-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018
Reference: MSKB:Q231450
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231450
Reference: XF:ie-favicon

Name: CVE-1999-0803

Description:

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.info/?l=bugtraq&m=92765973207648&w=2
Reference: OSVDB:962
Reference: URL:http://www.osvdb.org/962
Reference: XF:ibm-enfirewall-tmpfiles

Name: CVE-1999-0804

Description:

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

Status:Entry
Reference: BID:302
Reference: URL:http://www.securityfocus.com/bid/302
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Reference: CALDERA:CSSA-1999:013
Reference: DEBIAN:19990607
Reference: REDHAT:19990603 Kernel Update
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel

Name: CVE-1999-0806

Description:

Buffer overflow in Solaris dtprintinfo program.

Status:Entry
Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits
Reference: OSVDB:6552
Reference: URL:http://www.osvdb.org/6552
Reference: XF:cde-dtprintinfo

Name: CVE-1999-0807

Description:

The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

Status:Entry
Reference: XF:netscape-dirsvc-password

Name: CVE-1999-0809

Description:

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

Status:Entry
Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings

Name: CVE-1999-0810

Description:

Denial of service in Samba NETBIOS name service daemon (nmbd).

Status:Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba

Name: CVE-1999-0811

Description:

Buffer overflow in Samba smbd program via a malformed message command.

Status:Entry
Reference: BID:536
Reference: URL:http://www.securityfocus.com/bid/536
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731 Samba
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba
Reference: XF:samba-message-bo

Name: CVE-1999-0812

Description:

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

Status:Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba

Name: CVE-1999-0813

Description:

Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Reference: DEBIAN:19990814
Reference: XF:cfingerd-privileges

Name: CVE-1999-0814

Description:

Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.

Status:Entry
Reference: REDHAT:RHSA-1999:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-027.html

Name: CVE-1999-0815

Description:

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.

Status:Entry
Reference: MSKB:Q196270
Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp
Reference: OVAL:oval:org.mitre.oval:def:952
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A952
Reference: XF:nt-snmpagent-leak(1974)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1974

Name: CVE-1999-0817

Description:

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

Status:Entry
Reference: SUSE:19990915 Security hole in lynx

Name: CVE-1999-0819

Description:

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Status:Entry
Reference: BUGTRAQ:19991130 NTmail and VRFY
Reference: URL:http://marc.info/?l=bugtraq&m=94398141118586&w=2
Reference: NTBUGTRAQ:19991130 NTmail and VRFY
Reference: XF:nt-mail-vrfy

Name: CVE-1999-0820

Description:

FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

Status:Entry
Reference: BID:838
Reference: URL:http://www.securityfocus.com/bid/838
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:5996
Reference: URL:http://www.osvdb.org/5996
Reference: XF:freebsd-seyon-dir-add

Name: CVE-1999-0823

Description:

Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

Status:Entry
Reference: BID:839
Reference: URL:http://www.securityfocus.com/bid/839
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:1150
Reference: URL:http://www.osvdb.org/1150
Reference: XF:freebsd-xmindpath

Name: CVE-1999-0824

Description:

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

Status:Entry
Reference: BID:833
Reference: URL:http://www.securityfocus.com/bid/833
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)
Reference: NTBUGTRAQ:19991130 SUBST problem

Name: CVE-1999-0826

Description:

Buffer overflow in FreeBSD angband allows local users to gain privileges.

Status:Entry
Reference: BID:840
Reference: URL:http://www.securityfocus.com/bid/840
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:1151
Reference: URL:http://www.osvdb.org/1151
Reference: XF:angband-bo

Name: CVE-1999-0831

Description:

Denial of service in Linux syslogd via a large number of connections.

Status:Entry
Reference: BID:809
Reference: URL:http://www.securityfocus.com/bid/809
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: CALDERA:CSSA-1999-035.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-035.0.txt
Reference: REDHAT:RHSA1999055-01
Reference: SUSE:19991118 syslogd-1.3.33 (a1)
Reference: XF:slackware-syslogd-dos

Name: CVE-1999-0832

Description:

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Status:Entry
Reference: BID:782
Reference: URL:http://www.securityfocus.com/bid/782
Reference: BUGTRAQ:19991109 undocumented bugs - nfsd
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: CALDERA:CSSA-1999-033.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt
Reference: DEBIAN:19991111 buffer overflow in nfs server
Reference: URL:http://www.debian.org/security/1999/19991111
Reference: REDHAT:RHSA-1999:053-01
Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS
Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_29.html
Reference: XF:linux-nfs-maxpath-bo

Name: CVE-1999-0833

Description:

Buffer overflow in BIND 8.2 via NXT records.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-nxt-bo

Name: CVE-1999-0834

Description:

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.

Status:Entry
Reference: BID:843
Reference: URL:http://www.securityfocus.com/bid/843
Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
Reference: CERT:CA-99-15
Reference: XF:rsaref-bo

Name: CVE-1999-0835

Description:

Denial of service in BIND named via malformed SIG records.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-sigrecord-dos

Name: CVE-1999-0836

Description:

UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:842
Reference: URL:http://www.securityfocus.com/bid/842
Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net
Reference: SCO:SB-99.22a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a
Reference: XF:unixware-uid-admin

Name: CVE-1999-0837

Description:

Denial of service in BIND by improperly closing TCP sessions via so_linger.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-solinger-dos

Name: CVE-1999-0838

Description:

Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.

Status:Entry
Reference: BID:859
Reference: URL:http://www.securityfocus.com/bid/859
Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability
Reference: XF:servu-ftp-site-bo

Name: CVE-1999-0839

Description:

Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

Status:Entry
Reference: BID:828
Reference: URL:http://www.securityfocus.com/bid/828
Reference: MS:MS99-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051
Reference: MSKB:Q246972
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972
Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation
Reference: XF:ie-task-scheduler-privs

Name: CVE-1999-0842

Description:

Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:827
Reference: URL:http://www.securityfocus.com/bid/827
Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com
Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: OSVDB:1144
Reference: URL:http://www.osvdb.org/1144
Reference: XF:symantec-mail-dir-traversal

Name: CVE-1999-0847

Description:

Buffer overflow in free internet chess server (FICS) program, xboard.

Status:Entry
Reference: BUGTRAQ:19991129 FICS buffer overflow
Reference: XF:fics-board-bo

Name: CVE-1999-0848

Description:

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-fdmax-dos

Name: CVE-1999-0849

Description:

Denial of service in BIND named via maxdname.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-maxdname-bo

Name: CVE-1999-0851

Description:

Denial of service in BIND named via naptr.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-naptr-dos

Name: CVE-1999-0853

Description:

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.

Status:Entry
Reference: BID:847
Reference: URL:http://www.securityfocus.com/bid/847
Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Reference: XF:netscape-fasttrack-auth-bo

Name: CVE-1999-0854

Description:

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.

Status:Entry
Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-ultimate-bbs

Name: CVE-1999-0856

Description:

login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.

Status:Entry
Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug
Reference: XF:slackware-remote-login

Name: CVE-1999-0858

Description:

Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

Status:Entry
Reference: BID:846
Reference: URL:http://www.securityfocus.com/bid/846
Reference: MS:MS99-054
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-054
Reference: MSKB:Q247333
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247333
Reference: XF:ie-wpad-proxy-settings

Name: CVE-1999-0859

Description:

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

Status:Entry
Reference: BID:837
Reference: URL:http://www.securityfocus.com/bid/837
Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities
Reference: OSVDB:6994
Reference: URL:http://www.osvdb.org/6994
Reference: SUNBUG:4296166
Reference: XF:sol-arp-parse

Name: CVE-1999-0861

Description:

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Status:Entry
Reference: MS:MS99-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-053
Reference: MSKB:Q244613
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q244613
Reference: XF:iis-ssl-isapi-filter

Name: CVE-1999-0864

Description:

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

Status:Entry
Reference: BID:851
Reference: URL:http://www.securityfocus.com/bid/851
Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.info/?l=bugtraq&m=94581379905584&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: XF:sco-coredump-symlink

Name: CVE-1999-0865

Description:

Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.

Status:Entry
Reference: BID:860
Reference: URL:http://www.securityfocus.com/bid/860
Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS
Reference: URL:http://marc.info/?l=bugtraq&m=94426440413027&w=2
Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow
Reference: URL:http://marc.info/?l=ntbugtraq&m=94454565726775&w=2
Reference: XF:communigate-pro-bo

Name: CVE-1999-0866

Description:

Buffer overflow in UnixWare xauto program allows local users to gain root privilege.

Status:Entry
Reference: BID:848
Reference: URL:http://www.securityfocus.com/bid/848
Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.info/?l=bugtraq&m=94581379905584&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: SCO:SB-99.24a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a
Reference: XF:sco-xauto-bo

Name: CVE-1999-0867

Description:

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Status:Entry
Reference: BID:579
Reference: URL:http://www.securityfocus.com/bid/579
Reference: CIAC:J-058
Reference: URL:http://www.ciac.org/ciac/bulletins/j-058.shtml
Reference: MS:MS99-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-029
Reference: MSKB:Q238349
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238349
Reference: XF:http-iis-malformed-header

Name: CVE-1999-0868

Description:

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

Status:Entry
Reference: CERT:CA-97.08
Reference: XF:inn-ucbmail-shell-meta

Name: CVE-1999-0869

Description:

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Status:Entry
Reference: MS:MS98-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020
Reference: MSKB:167614
Reference: XF:http-frame-spoof

Name: CVE-1999-0870

Description:

Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

Status:Entry
Reference: MS:MS98-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-015
Reference: MSKB:169245
Reference: XF:ie-usp-cuartango

Name: CVE-1999-0871

Description:

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

Status:Entry
Reference: MS:MS98-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-013
Reference: OSVDB:7837
Reference: URL:http://www.osvdb.org/7837
Reference: XF:ie-crossframe-file-read(3668)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3668

Name: CVE-1999-0873

Description:

Buffer overflow in Skyfull mail server via MAIL FROM command.

Status:Entry
Reference: BID:759
Reference: URL:http://www.securityfocus.com/bid/759
Reference: XF:skyfull-mail-from-bo

Name: CVE-1999-0874

Description:

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Status:Entry
Reference: CERT:CA-99-07
Reference: CIAC:J-048
Reference: URL:http://www.ciac.org/ciac/bulletins/j-048.shtml
Reference: EEYE:AD06081999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD06081999.html
Reference: MS:MS99-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019
Reference: MSKB:Q234905
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234905
Reference: OVAL:oval:org.mitre.oval:def:915
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A915
Reference: XF:iis-htr-overflow

Name: CVE-1999-0875

Description:

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

Status:Entry
Reference: BID:578
Reference: URL:http://www.securityfocus.com/bid/578
Reference: L0PHT:19990811
Reference: MSKB:Q216141
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q216141
Reference: XF:irdp-gateway-spoof

Name: CVE-1999-0876

Description:

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

Status:Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: MSKB:Q185959
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959

Name: CVE-1999-0877

Description:

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

Status:Entry
Reference: MS:MS99-042
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-042
Reference: MSKB:Q243638
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243638
Reference: XF:ie-iframe-exec

Name: CVE-1999-0878

Description:

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

Status:Entry
Reference: AUSCERT:AA-1999.01
Reference: BID:599
Reference: URL:http://www.securityfocus.com/bid/599
Reference: CERT:CA-99-13
Reference: COMPAQ:SSRT0622
Reference: REDHAT:RHSA1999031_01
Reference: XF:wu-ftpd-dir-name

Name: CVE-1999-0879

Description:

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

Status:Entry
Reference: CERT:CA-99-13
Reference: XF:wuftp-message-file-root

Name: CVE-1999-0880

Description:

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

Status:Entry
Reference: CERT:CA-99-13
Reference: XF:wuftp-site-newer-dos

Name: CVE-1999-0881

Description:

Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:743
Reference: URL:http://www.securityfocus.com/bid/743
Reference: BINDVIEW:Falcon Web Server
Reference: BUGTRAQ:19991025 Falcon Web Server
Reference: OSVDB:1127
Reference: URL:http://www.osvdb.org/1127
Reference: XF:falcon-path-parsing

Name: CVE-1999-0883

Description:

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

Status:Entry
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: OSVDB:1126
Reference: URL:http://www.osvdb.org/1126
Reference: XF:zeus-remote-root(3380)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3380

Name: CVE-1999-0884

Description:

The Zeus web server administrative interface uses weak encryption for its passwords.

Status:Entry
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: OSVDB:8186
Reference: URL:http://www.osvdb.org/8186
Reference: XF:zeus-weak-password(3833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3833

Name: CVE-1999-0886

Description:

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Status:Entry
Reference: BID:645
Reference: URL:http://www.securityfocus.com/bid/645
Reference: MS:MS99-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-041
Reference: MSKB:Q242294
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242294
Reference: XF:nt-rasman-pathname

Name: CVE-1999-0887

Description:

FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: OSVDB:1137
Reference: URL:http://www.osvdb.org/1137

Name: CVE-1999-0888

Description:

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.

Status:Entry
Reference: BID:585
Reference: URL:http://www.securityfocus.com/bid/585
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Reference: XF:oracle-dbsnmp

Name: CVE-1999-0889

Description:

Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

Status:Entry
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: OSVDB:39
Reference: URL:http://www.osvdb.org/39
Reference: XF:cisco-cbos-telnet

Name: CVE-1999-0890

Description:

iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.

Status:Entry
Reference: BID:694
Reference: URL:http://www.securityfocus.com/bid/694
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities
Reference: CONFIRM:http://www.ihtmlmerchant.com/support_patches_feedback.htm
Reference: XF:ihtml-merchant-file-access

Name: CVE-1999-0891

Description:

The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

Status:Entry
Reference: BID:674
Reference: URL:http://www.securityfocus.com/bid/674
Reference: CERT-VN:VU#37828
Reference: URL:http://www.kb.cert.org/vuls/id/37828
Reference: CIAC:K-002
Reference: URL:http://www.ciac.org/ciac/bulletins/k-002.shtml
Reference: MS:MS99-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-040
Reference: MSKB:Q242542
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242542
Reference: OSVDB:11274
Reference: URL:http://www.osvdb.org/11274
Reference: XF:ie-download-behavior

Name: CVE-1999-0892

Description:

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

Status:Entry
Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow

Name: CVE-1999-0893

Description:

userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow
Reference: XF:sco-openserver-userosa-script

Name: CVE-1999-0894

Description:

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Status:Entry
Reference: REDHAT:RHSA1999042-01

Name: CVE-1999-0895

Description:

Firewall-1 does not properly restrict access to LDAP attributes.

Status:Entry
Reference: BID:725
Reference: URL:http://www.securityfocus.com/bid/725
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: OSVDB:1117
Reference: URL:http://www.osvdb.org/1117
Reference: XF:checkpoint-ldap-auth

Name: CVE-1999-0896

Description:

Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.

Status:Entry
Reference: BID:767
Reference: URL:http://www.securityfocus.com/bid/767
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
Reference: MISC:http://service.real.com/help/faq/servg260.html
Reference: XF:realserver-g2-pw-bo

Name: CVE-1999-0897

Description:

iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.info/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln

Name: CVE-1999-0898

Description:

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

Status:Entry
Reference: BID:768
Reference: URL:http://www.securityfocus.com/bid/768
Reference: MS:MS99-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-047
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: XF:nt-printer-spooler-bo

Name: CVE-1999-0899

Description:

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

Status:Entry
Reference: BID:769
Reference: URL:http://www.securityfocus.com/bid/769
Reference: MS:MS99-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-047
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: XF:nt-printer-spooler-bo

Name: CVE-1999-0900

Description:

Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

Name: CVE-1999-0901

Description:

ypserv allows a local user to modify the GECOS and login shells of other users.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

Name: CVE-1999-0902

Description:

ypserv allows local administrators to modify password tables.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

Name: CVE-1999-0903

Description:

genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

Status:Entry
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: XF:aix-genfilt-filtering

Name: CVE-1999-0904

Description:

Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:771
Reference: URL:http://www.securityfocus.com/bid/771
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: XF:bftelnet-username-dos

Name: CVE-1999-0905

Description:

Denial of service in Axent Raptor firewall via malformed zero-length IP options.

Status:Entry
Reference: BID:736
Reference: URL:http://www.securityfocus.com/bid/736
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0
Reference: OSVDB:1121
Reference: URL:http://www.osvdb.org/1121
Reference: XF:raptor-ipoptions-dos

Name: CVE-1999-0906

Description:

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

Status:Entry
Reference: BID:656
Reference: URL:http://www.securityfocus.com/bid/656
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: XF:linux-sccw-bo

Name: CVE-1999-0907

Description:

sccw allows local users to read arbitrary files.

Status:Entry
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier

Name: CVE-1999-0908

Description:

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

Status:Entry
Reference: BID:655
Reference: URL:http://www.securityfocus.com/bid/655
Reference: BUGTRAQ:19990921 solaris DoS
Reference: XF:sun-tcp-mutex-enter-dos

Name: CVE-1999-0909

Description:

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Status:Entry
Reference: BID:646
Reference: URL:http://www.securityfocus.com/bid/646
Reference: MS:MS99-038
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-038
Reference: MSKB:Q238453
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238453
Reference: NAI:Windows IP Source Routing Vulnerability
Reference: XF:nt-ip-source-route

Name: CVE-1999-0912

Description:

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

Status:Entry
Reference: BID:653
Reference: URL:http://www.securityfocus.com/bid/653
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Reference: OSVDB:1079
Reference: URL:http://www.osvdb.org/1079
Reference: XF:freebsd-vfscache-dos

Name: CVE-1999-0914

Description:

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

Status:Entry
Reference: BID:324
Reference: URL:http://www.securityfocus.com/bid/324
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: DEBIAN:19990104

Name: CVE-1999-0915

Description:

URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:746
Reference: URL:http://www.securityfocus.com/bid/746
Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer
Reference: OSVDB:1129
Reference: URL:http://www.osvdb.org/1129

Name: CVE-1999-0916

Description:

WebTrends software stores account names and passwords in a file which does not have restricted access permissions.

Status:Entry
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software

Name: CVE-1999-0917

Description:

The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

Status:Entry
Reference: MS:MS99-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018
Reference: MSKB:Q231452
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452
Reference: XF:legacy-activex-local-drive

Name: CVE-1999-0918

Description:

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Status:Entry
Reference: BID:514
Reference: URL:http://www.securityfocus.com/bid/514
Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000
Reference: MS:MS99-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-034
Reference: MSKB:Q238329
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238329
Reference: XF:igmp-dos

Name: CVE-1999-0920

Description:

Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.

Status:Entry
Reference: BID:283
Reference: URL:http://www.securityfocus.com/bid/283
Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d
Reference: DEBIAN:19990607a
Reference: XF:pop2-fold-bo

Name: CVE-1999-0921

Description:

BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.

Status:Entry
Reference: BID:1879
Reference: URL:http://www.securityfocus.com/bid/1879
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-udp-dos(4291)
Reference: URL:http://www.iss.net/security_center/static/4291.php

Name: CVE-1999-0922

Description:

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

Status:Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: XF:coldfusion-sourcewindow

Name: CVE-1999-0924

Description:

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

Status:Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: OSVDB:3236
Reference: URL:http://www.osvdb.org/3236
Reference: XF:coldfusion-syntax-checker(1742)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1742

Name: CVE-1999-0927

Description:

NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:279
Reference: URL:http://www.securityfocus.com/bid/279
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: XF:ntmail-fileread

Name: CVE-1999-0928

Description:

Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:278
Reference: URL:http://www.securityfocus.com/bid/278
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
Reference: XF:websuite-dos

Name: CVE-1999-0930

Description:

wwwboard allows a remote attacker to delete message board articles via a malformed argument.

Status:Entry
Reference: BID:1795
Reference: URL:http://www.securityfocus.com/bid/1795
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml
Reference: XF:http-cgi-wwwboard(2344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2344

Name: CVE-1999-0931

Description:

Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.

Status:Entry
Reference: BID:734
Reference: URL:http://www.securityfocus.com/bid/734
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: XF:mediahouse-stats-login-bo

Name: CVE-1999-0932

Description:

Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.

Status:Entry
Reference: BID:735
Reference: URL:http://www.securityfocus.com/bid/735
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: XF:mediahouse-stats-adminpw-cleartext

Name: CVE-1999-0933

Description:

TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:689
Reference: URL:http://www.securityfocus.com/bid/689
Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
Reference: OSVDB:1096
Reference: URL:http://www.osvdb.org/1096

Name: CVE-1999-0934

Description:

classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.

Status:Entry
Reference: BID:2020
Reference: URL:http://www.securityfocus.com/bid/2020
Reference: EL8:19991215 Classifieds (classifieds.cgi)
Reference: XF:http-cgi-classifieds-read(3102)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3102

Name: CVE-1999-0935

Description:

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.

Status:Entry
Reference: EL8:19991215 Classifieds (classifieds.cgi)

Name: CVE-1999-0936

Description:

BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: EL8:19981203 BNBSurvey (survey.cgi)

Name: CVE-1999-0937

Description:

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.

Status:Entry
Reference: EL8:19981203 BNBForm (bnbform.cgi)

Name: CVE-1999-0938

Description:

MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages.

Status:Entry
Reference: CERT:VN-99-03
Reference: XF:sdr-execute

Name: CVE-1999-0939

Description:

Denial of service in Debian IRC Epic/epic4 client via a long string.

Status:Entry
Reference: BID:605
Reference: URL:http://www.securityfocus.com/bid/605
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Reference: DEBIAN:19990826

Name: CVE-1999-0940

Description:

Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.

Status:Entry
Reference: CALDERA:CSSA-1999-031
Reference: SUSE:19990927 Security hole in mutt

Name: CVE-1999-0942

Description:

UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.

Status:Entry
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Reference: XF:sco-unixware-dos7utils-root-privs

Name: CVE-1999-0943

Description:

Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.

Status:Entry
Reference: BID:720
Reference: URL:http://www.securityfocus.com/bid/720
Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory

Name: CVE-1999-0945

Description:

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

Status:Entry
Reference: CIAC:I-080
Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml
Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5
Reference: URL:http://xforce.iss.net/alerts/advise4.php
Reference: MSKB:Q169174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q169174
Reference: XF:exchange-dos(1223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1223

Name: CVE-1999-0946

Description:

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.

Status:Entry
Reference: BID:760
Reference: URL:http://www.securityfocus.com/bid/760
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2
Reference: XF:yamaha-midiplug-embed

Name: CVE-1999-0947

Description:

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BID:762
Reference: URL:http://www.securityfocus.com/bid/762
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2

Name: CVE-1999-0950

Description:

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

Status:Entry
Reference: BID:747
Reference: URL:http://www.securityfocus.com/bid/747
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: XF:wftpd-mkd-bo

Name: CVE-1999-0951

Description:

Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.

Status:Entry
Reference: BID:739
Reference: URL:http://www.securityfocus.com/bid/739
Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit
Reference: OSVDB:3380
Reference: URL:http://www.osvdb.org/3380
Reference: XF:http-cgi-imagemap-bo

Name: CVE-1999-0953

Description:

WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

Status:Entry
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: BUGTRAQ:19990916 More fun with WWWBoard

Name: CVE-1999-0954

Description:

WWWBoard has a default username and default password.

Status:Entry
Reference: BID:649
Reference: URL:http://www.securityfocus.com/bid/649
Reference: BUGTRAQ:19990916 More fun with WWWBoard

Name: CVE-1999-0955

Description:

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

Status:Entry
Reference: CERT:CA-94.08
Reference: CIAC:E-17
Reference: XF:ftp-exec

Name: CVE-1999-0956

Description:

The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.

Status:Entry
Reference: CERT:CA-93.02a
Reference: XF:next-netinfo

Name: CVE-1999-0957

Description:

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln

Name: CVE-1999-0958

Description:

sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.info/?l=bugtraq&m=88465708614896&w=2
Reference: XF:sudo-dot-dot-attack

Name: CVE-1999-0959

Description:

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: AUSCERT:AA-97-05
Reference: BID:469
Reference: URL:http://www.securityfocus.com/bid/469
Reference: BUGTRAQ:19970209 IRIX: Bug in startmidi
Reference: OSVDB:8447
Reference: URL:http://www.osvdb.org/8447
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-startmidi-file-creation(1634)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1634

Name: CVE-1999-0960

Description:

IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.

Status:Entry
Reference: AUSCERT:AA-96.11
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-cdplayer-directory-create

Name: CVE-1999-0961

Description:

HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.

Status:Entry
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.info/?l=bugtraq&m=87602167419906&w=2
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink

Name: CVE-1999-0962

Description:

Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.

Status:Entry
Reference: AUSCERT:AA-96.13
Reference: HP:HPSBUX9701-045
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9701-045
Reference: OSVDB:6415
Reference: URL:http://www.osvdb.org/6415
Reference: XF:hp-password-cmd-bo

Name: CVE-1999-0963

Description:

FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19960517 BoS: SECURITY BUG in FreeBSD
Reference: CERT:VB-96.06
Reference: OSVDB:6088
Reference: URL:http://www.osvdb.org/6088
Reference: XF:freebsd-mount-union-root

Name: CVE-1999-0964

Description:

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:01
Reference: OSVDB:6086
Reference: URL:http://www.osvdb.org/6086
Reference: XF:freebsd-setlocale-bo

Name: CVE-1999-0965

Description:

Race condition in xterm allows local users to modify arbitrary files via the logging option.

Status:Entry
Reference: CERT:CA-93.17
Reference: XF:xterm

Name: CVE-1999-0966

Description:

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

Status:Entry
Reference: L0PHT:19970127 Solaris libc - getopt(3)

Name: CVE-1999-0967

Description:

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

Status:Entry
Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite

Name: CVE-1999-0968

Description:

Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.

Status:Entry
Reference: BID:1927
Reference: URL:http://www.securityfocus.com/bid/1927
Reference: BUGTRAQ:19981226 bnc exploit
Reference: URL:http://www.securityfocus.com/archive/1/11711
Reference: XF:bnc-proxy-bo(1546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1546

Name: CVE-1999-0969

Description:

The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.

Status:Entry
Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service
Reference: MS:MS98-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-014
Reference: MSKB:Q193233
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q193233
Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork
Reference: XF:snork-dos

Name: CVE-1999-0971

Description:

Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.

Status:Entry
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/7301
Reference: XF:exim-include-overflow

Name: CVE-1999-0972

Description:

Buffer overflow in Xshipwars xsw program.

Status:Entry
Reference: BID:863
Reference: URL:http://www.securityfocus.com/bid/863
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow

Name: CVE-1999-0973

Description:

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Status:Entry
Reference: BID:858
Reference: URL:http://www.securityfocus.com/bid/858
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)

Name: CVE-1999-0974

Description:

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

Status:Entry
Reference: BID:864
Reference: URL:http://www.securityfocus.com/bid/864
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
Reference: SUN:00190
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/190

Name: CVE-1999-0975

Description:

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Status:Entry
Reference: BID:868
Reference: URL:http://www.securityfocus.com/bid/868
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT

Name: CVE-1999-0976

Description:

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

Status:Entry
Reference: BID:857
Reference: URL:http://www.securityfocus.com/bid/857
Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released
Reference: OPENBSD:19991204
Reference: XF:sendmail-bi-alias

Name: CVE-1999-0977

Description:

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

Status:Entry
Reference: BID:2354
Reference: URL:http://www.securityfocus.com/bid/2354
Reference: BID:866
Reference: URL:http://www.securityfocus.com/bid/866
Reference: BUGTRAQ:19991210 Re: Solaris sadmind Buffer Overflow Vulnerability
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: CERT:CA-99-16
Reference: OSVDB:2558
Reference: URL:http://www.osvdb.org/2558
Reference: SF-INCIDENTS:19991209 sadmind
Reference: SUN:00191
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191
Reference: XF:sol-sadmind-amslverify-bo

Name: CVE-1999-0978

Description:

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Status:Entry
Reference: BID:867
Reference: URL:http://www.securityfocus.com/bid/867
Reference: DEBIAN:19991209

Name: CVE-1999-0979

Description:

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

Status:Entry
Reference: BID:869
Reference: URL:http://www.securityfocus.com/bid/869
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2

Name: CVE-1999-0980

Description:

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

Status:Entry
Reference: MS:MS99-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-055
Reference: MSKB:Q246045
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246045

Name: CVE-1999-0981

Description:

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Status:Entry
Reference: MS:MS99-050
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-050
Reference: MSKB:Q246094
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094

Name: CVE-1999-0982

Description:

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Status:Entry
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file

Name: CVE-1999-0986

Description:

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Status:Entry
Reference: BID:870
Reference: URL:http://www.securityfocus.com/bid/870
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?

Name: CVE-1999-0987

Description:

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Status:Entry
Reference: MSKB:Q237923
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237923
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name

Name: CVE-1999-0989

Description:

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

Status:Entry
Reference: BID:861
Reference: URL:http://www.securityfocus.com/bid/861
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit

Name: CVE-1999-0991

Description:

Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Status:Entry
Reference: BID:862
Reference: URL:http://www.securityfocus.com/bid/862
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability

Name: CVE-1999-0992

Description:

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Status:Entry
Reference: HP:HPSBUX9912-107
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9912-107

Name: CVE-1999-0994

Description:

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Status:Entry
Reference: BID:873
Reference: URL:http://www.securityfocus.com/bid/873
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Reference: MS:MS99-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-056
Reference: MSKB:Q248183
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248183

Name: CVE-1999-0995

Description:

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Status:Entry
Reference: BID:875
Reference: URL:http://www.securityfocus.com/bid/875
Reference: MS:MS99-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-057
Reference: MSKB:Q248185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248185
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service

Name: CVE-1999-0996

Description:

Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: EEYE:AD19991215
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD19991215.html
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: OSVDB:6490
Reference: URL:http://www.osvdb.org/6490
Reference: XF:infoseek-ultraseek-bo

Name: CVE-1999-0997

Description:

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Status:Entry
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: DEBIAN:DSA-377
Reference: URL:http://www.debian.org/security/2003/dsa-377
Reference: XF:wuftp-ftp-conversion

Name: CVE-1999-0998

Description:

Cisco Cache Engine allows an attacker to replace content in the cache.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-replace

Name: CVE-1999-0999

Description:

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Status:Entry
Reference: BID:817
Reference: URL:http://www.securityfocus.com/bid/817
Reference: MS:MS99-059
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059
Reference: MSKB:Q248749
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749

Name: CVE-1999-1000

Description:

The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-performance

Name: CVE-1999-1001

Description:

Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities

Name: CVE-1999-1004

Description:

Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.

Status:Entry
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Reference: URL:http://www.securityfocus.com/archive/1/38970
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)
Reference: URL:http://www.securityfocus.com/archive/1/39194
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy
Reference: OSVDB:6267
Reference: URL:http://www.osvdb.org/6267

Name: CVE-1999-1005

Description:

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

Status:Entry
Reference: BID:879
Reference: URL:http://www.securityfocus.com/bid/879
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.info/?l=bugtraq&m=94571433731824&w=2
Reference: OSVDB:3413
Reference: URL:http://www.osvdb.org/3413
Reference: XF:groupwise-web-read-files

Name: CVE-1999-1007

Description:

Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.

Status:Entry
Reference: BID:872
Reference: URL:http://www.securityfocus.com/bid/872
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute

Name: CVE-1999-1008

Description:

xsoldier program allows local users to gain root access via a long argument.

Status:Entry
Reference: BID:871
Reference: URL:http://www.securityfocus.com/bid/871
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.info/?l=freebsd-security&m=94531826621620&w=2
Reference: XF:unix-xsoldier-overflow

Name: CVE-1999-1010

Description:

An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

Status:Entry
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.info/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass

Name: CVE-1999-1011

Description:

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:529
Reference: URL:https://www.securityfocus.com/bid/529
Reference: CIAC:J-054
Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml
Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service
Reference: MS:MS98-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
Reference: MS:MS99-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
Reference: OSVDB:272
Reference: URL:http://www.osvdb.org/272
Reference: XF:nt-iis-rds

Name: CVE-1999-1014

Description:

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

Status:Entry
Reference: BID:672
Reference: URL:http://www.securityfocus.com/bid/672
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
Reference: URL:http://marc.info/?l=bugtraq&m=93727925026476&w=2
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: URL:http://marc.info/?l=bugtraq&m=93846422810162&w=2
Reference: SUNBUG:4276509
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3297

Name: CVE-1999-1019

Description:

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.

Status:Entry
Reference: BID:495
Reference: URL:http://www.securityfocus.com/bid/495
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=93024398713491&w=2
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=93024398513475&w=2

Name: CVE-1999-1021

Description:

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.

Status:Entry
Reference: BID:47
Reference: URL:http://www.securityfocus.com/bid/47
Reference: CERT:CA-1992-15
Reference: URL:http://www.cert.org/advisories/CA-1992-15.html
Reference: SUN:00117
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba
Reference: XF:nfs-uid(82)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82

Name: CVE-1999-1027

Description:

Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

Status:Entry
Reference: BID:290
Reference: URL:http://www.securityfocus.com/bid/290
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Reference: URL:http://marc.info/?l=bugtraq&m=90221101925880&w=2
Reference: SUNBUG:4178998
Reference: XF:solaris-admintool-world-writable(7296)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7296

Name: CVE-1999-1028

Description:

Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.

Status:Entry
Reference: BID:288
Reference: URL:http://www.securityfocus.com/bid/288
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Reference: URL:http://marc.info/?l=ntbugtraq&m=92807524225090&w=2
Reference: XF:pcanywhere-dos(2256)
Reference: URL:http://www.iss.net/security_center/static/2256.php

Name: CVE-1999-1032

Description:

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.

Status:Entry
Reference: BID:26
Reference: URL:http://www.securityfocus.com/bid/26
Reference: CERT:CA-1991-11
Reference: URL:http://www.cert.org/advisories/CA-1991-11.html
Reference: CIAC:B-36
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml
Reference: XF:ultrix-telnet(584)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/584

Name: CVE-1999-1034

Description:

Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.

Status:Entry
Reference: BID:23
Reference: URL:http://www.securityfocus.com/bid/23
Reference: CERT:CA-1991-08
Reference: URL:http://www.cert.org/advisories/CA-1991-08.html
Reference: CIAC:B-28
Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml
Reference: XF:sysv-login(583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/583

Name: CVE-1999-1035

Description:

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

Status:Entry
Reference: MS:MS98-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-019
Reference: MSKB:Q192296
Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp
Reference: XF:iis-get-dos(1823)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1823

Name: CVE-1999-1037

Description:

rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.

Status:Entry
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125976&w=2
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125986&w=2
Reference: OSVDB:3147
Reference: URL:http://www.osvdb.org/3147
Reference: XF:satan-rexsatan-symlink(7167)
Reference: URL:http://www.iss.net/security_center/static/7167.php

Name: CVE-1999-1044

Description:

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.

Status:Entry
Reference: CIAC:I-050
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: COMPAQ:SSRT0495U
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: XF:dgux-advfs-softlinks(7431)
Reference: URL:http://www.iss.net/security_center/static/7431.php

Name: CVE-1999-1045

Description:

pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.

Status:Entry
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: URL:http://marc.info/?l=bugtraq&m=88490880523890&w=2
Reference: BUGTRAQ:19980115 pnserver exploit..
Reference: URL:http://marc.info/?l=bugtraq&m=88492978527261&w=2
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: URL:http://marc.info/?l=bugtraq&m=90338245305236&w=2
Reference: MISC:http://service.real.com/help/faq/serv501.html
Reference: OSVDB:6979
Reference: URL:http://www.osvdb.org/6979
Reference: XF:realserver-pnserver-remote-dos(7297)
Reference: URL:http://www.iss.net/security_center/static/7297.php

Name: CVE-1999-1047

Description:

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.

Status:Entry
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.info/?l=bugtraq&m=94026690521279&w=2
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.info/?l=bugtraq&m=94036662326185&w=2
Reference: XF:gauntlet-bsdi-bypass(3397)
Reference: URL:http://www.iss.net/security_center/static/3397.php

Name: CVE-1999-1048

Description:

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Status:Entry
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: URL:http://marc.info/?l=bugtraq&m=87602746719555&w=2
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Reference: URL:http://www.securityfocus.com/archive/1/10542
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: URL:http://www.debian.org/security/1998/19980909
Reference: OSVDB:8345
Reference: URL:http://www.osvdb.org/8345
Reference: XF:linux-bash-bo(3414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3414

Name: CVE-1999-1055

Description:

Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."

Status:Entry
Reference: BID:179
Reference: URL:http://www.securityfocus.com/bid/179
Reference: MS:MS98-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-018
Reference: XF:excel-call(1737)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1737

Name: CVE-1999-1057

Description:

VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.

Status:Entry
Reference: BID:12
Reference: URL:http://www.securityfocus.com/bid/12
Reference: CERT:CA-1990-07
Reference: URL:http://www.cert.org/advisories/CA-1990-07.html
Reference: CIAC:B-04
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml
Reference: XF:vms-analyze-processdump-privileges(7137)
Reference: URL:http://www.iss.net/security_center/static/7137.php

Name: CVE-1999-1059

Description:

Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:36
Reference: URL:http://www.securityfocus.com/bid/36
Reference: CERT:CA-1992-04
Reference: URL:http://www.cert.org/advisories/CA-1992-04.html
Reference: XF:att-rexecd(3159)
Reference: URL:http://www.iss.net/security_center/static/3159.php

Name: CVE-1999-1074

Description:

Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.

Status:Entry
Reference: BID:98
Reference: URL:http://www.securityfocus.com/bid/98
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/9138
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html

Name: CVE-1999-1080

Description:

rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.

Status:Entry
Reference: BID:250
Reference: URL:http://www.securityfocus.com/bid/250
Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid.
Reference: URL:http://marc.info/?l=bugtraq&m=92633694100270&w=2
Reference: BUGTRAQ:19991011
Reference: URL:http://marc.info/?l=bugtraq&m=93971288323395&w=2
Reference: SUNBUG:4205437
Reference: XF:solaris-rmmount-gain-root(8350)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8350

Name: CVE-1999-1085

Description:

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

Status:Entry
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125884&w=2
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525878&w=2
Reference: CERT-VN:VU#13877
Reference: URL:http://www.kb.cert.org/vuls/id/13877
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: XF:ssh-insert(1126)
Reference: URL:http://www.iss.net/security_center/static/1126.php

Name: CVE-1999-1087

Description:

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Status:Entry
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: MS:MS98-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016
Reference: MSKB:Q168617
Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp
Reference: OSVDB:7828
Reference: URL:http://www.osvdb.org/7828
Reference: XF:ie-dotless(2209)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2209

Name: CVE-1999-1090

Description:

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

Status:Entry
Reference: CERT:CA-1991-15
Reference: URL:http://www.cert.org/advisories/CA-1991-15.html
Reference: XF:ftp-ncsa(1844)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1844

Name: CVE-1999-1093

Description:

Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

Status:Entry
Reference: MS:MS98-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-011
Reference: MSKB:Q191200
Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp
Reference: XF:java-script-patch(1276)
Reference: URL:http://www.iss.net/security_center/static/1276.php

Name: CVE-1999-1094

Description:

Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

Status:Entry
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: URL:http://marc.info/?l=bugtraq&m=88480839506155&w=2
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:iemk-bug(917)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/917

Name: CVE-1999-1098

Description:

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.

Status:Entry
Reference: CERT:CA-1995-03
Reference: URL:http://www.cert.org/advisories/CA-1995-03.html
Reference: CIAC:F-12
Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml
Reference: OSVDB:4881
Reference: URL:http://www.osvdb.org/4881
Reference: XF:bsd-telnet(516)
Reference: URL:http://www.iss.net/security_center/static/516.php

Name: CVE-1999-1099

Description:

Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

Status:Entry
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420184&w=2
Reference: XF:kerberos-user-grab(65)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/65

Name: CVE-1999-1100

Description:

Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.

Status:Entry
Reference: CIAC:I-056
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml
Reference: XF:cisco-pix-parse-error(1579)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1579

Name: CVE-1999-1102

Description:

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

Status:Entry
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Reference: CIAC:E-25a
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr

Name: CVE-1999-1103

Description:

dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.

Status:Entry
Reference: CERT:VB-96.05
Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec
Reference: CIAC:G-18
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml
Reference: MISC:http://www.tao.ca/fire/bos/0209.html
Reference: XF:osf-dxconsole-gain-privileges(7138)
Reference: URL:http://www.iss.net/security_center/static/7138.php

Name: CVE-1999-1104

Description:

Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.

Status:Entry
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418931&w=2
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: URL:http://marc.info/?l=bugtraq&m=88536273725787&w=2
Reference: MSKB:Q140557
Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: URL:http://marc.info/?l=ntbugtraq&m=88540877601866&w=2
Reference: XF:win95-nbsmbpwl(71)
Reference: URL:http://www.iss.net/security_center/static/71.php

Name: CVE-1999-1105

Description:

Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.

Status:Entry
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html
Reference: XF:win95-netware-hidden-share(7231)
Reference: URL:http://www.iss.net/security_center/static/7231.php

Name: CVE-1999-1109

Description:

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Status:Entry
Reference: BID:904
Reference: URL:http://www.securityfocus.com/bid/904
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.info/?l=bugtraq&m=94632241202626&w=2
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.info/?l=bugtraq&m=94780566911948&w=2
Reference: XF:sendmail-etrn-dos(7760)
Reference: URL:http://www.iss.net/security_center/static/7760.php

Name: CVE-1999-1111

Description:

Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.

Status:Entry
Reference: BID:786
Reference: URL:http://www.securityfocus.com/bid/786
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Reference: URL:http://marc.info/?l=bugtraq&m=94218618329838&w=2
Reference: XF:immunix-stackguard-bo(3524)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3524

Name: CVE-1999-1114

Description:

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

Status:Entry
Reference: AUSCERT:AA-96.17
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul
Reference: BID:467
Reference: URL:http://www.securityfocus.com/bid/467
Reference: CIAC:H-15A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml
Reference: SGI:19980405-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2100

Name: CVE-1999-1115

Description:

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).

Status:Entry
Reference: BID:7
Reference: URL:http://www.securityfocus.com/bid/7
Reference: CERT:CA-1990-04
Reference: URL:http://www.cert.org/advisories/CA-1990-04.html
Reference: CIAC:A-30
Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml
Reference: XF:apollo-suidexec-unauthorized-access(6721)
Reference: URL:http://www.iss.net/security_center/static/6721.php

Name: CVE-1999-1116

Description:

Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.

Status:Entry
Reference: BID:462
Reference: URL:http://www.securityfocus.com/bid/462
Reference: OSVDB:1009
Reference: URL:http://www.osvdb.org/1009
Reference: SGI:19970503-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX
Reference: XF:sgi-runpriv(2108)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2108

Name: CVE-1999-1117

Description:

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.

Status:Entry
Reference: BID:455
Reference: URL:http://www.securityfocus.com/bid/455
Reference: BUGTRAQ:19961124
Reference: URL:http://marc.info/?l=bugtraq&w=2&r=1&s=lquerypv&q=b
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420196&w=2
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420195&w=2
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: XF:ibm-lquerypv(1752)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1752

Name: CVE-1999-1118

Description:

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

Status:Entry
Reference: BID:433
Reference: URL:http://www.securityfocus.com/bid/433
Reference: SUN:00165
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba
Reference: XF:sun-ndd(817)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/817

Name: CVE-1999-1119

Description:

FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:41
Reference: URL:http://www.securityfocus.com/bid/41
Reference: CERT:CA-1992-09
Reference: URL:http://www.cert.org/advisories/CA-1992-09.html
Reference: XF:aix-anon-ftp(3154)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3154

Name: CVE-1999-1120

Description:

netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.

Status:Entry
Reference: BID:395
Reference: URL:http://www.securityfocus.com/bid/395
Reference: BUGTRAQ:19970104 Irix: netprint story
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420403&w=2
Reference: OSVDB:993
Reference: URL:http://www.osvdb.org/993
Reference: SGI:19961203-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: XF:sgi-netprint(2107)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2107

Name: CVE-1999-1121

Description:

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.

Status:Entry
Reference: BID:38
Reference: URL:http://www.securityfocus.com/bid/38
Reference: CERT:CA-1992-06
Reference: URL:http://www.cert.org/advisories/CA-1992-06.html
Reference: OSVDB:891
Reference: URL:http://www.osvdb.org/891
Reference: XF:ibm-uucp(554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/554

Name: CVE-1999-1122

Description:

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.

Status:Entry
Reference: BID:3
Reference: URL:http://www.securityfocus.com/bid/3
Reference: CERT:CA-1989-02
Reference: URL:http://www.cert.org/advisories/CA-1989-02.html
Reference: CIAC:CIAC-08
Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml
Reference: SUNBUG:1019265
Reference: XF:sun-restore-gain-privileges(6695)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6695

Name: CVE-1999-1127

Description:

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Status:Entry
Reference: MS:MS98-017
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017
Reference: MSKB:Q195733
Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp
Reference: XF:nt-spoolss(523)
Reference: URL:http://www.iss.net/security_center/static/523.php

Name: CVE-1999-1131

Description:

Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.

Status:Entry
Reference: CERT:VB-97.12
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup
Reference: CIAC:I-060
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml
Reference: SGI:19980601-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX
Reference: XF:sgi-osf-dce-dos(1123)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1123

Name: CVE-1999-1132

Description:

Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.

Status:Entry
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.info/?l=bugtraq&m=90763508011966&w=2
Reference: MSKB:Q179157
Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.info/?l=ntbugtraq&m=90760603030452&w=2
Reference: XF:token-ring-dos(1399)
Reference: URL:http://www.iss.net/security_center/static/1399.php

Name: CVE-1999-1136

Description:

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Status:Entry
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=90221104526177&w=2
Reference: CIAC:I-081
Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml
Reference: HP:HPSBMP9807-005
Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html
Reference: HP:HPSBUX9807-081
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html
Reference: XF:mpeix-predictive(1413)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1413

Name: CVE-1999-1137

Description:

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Status:Entry
Reference: CIAC:E-01
Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml
Reference: OSVDB:6436
Reference: URL:http://www.osvdb.org/6436
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:sun-audio(549)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/549

Name: CVE-1999-1138

Description:

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Status:Entry
Reference: CERT:CA-1993-13
Reference: URL:http://www.cert.org/advisories/CA-1993-13.html
Reference: XF:sco-homedir(546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/546

Name: CVE-1999-1139

Description:

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Status:Entry
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: URL:http://marc.info/?l=bugtraq&m=87602880019745&w=2
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html
Reference: CIAC:I-027B
Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml
Reference: HP:HPSBUX9801-074
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html
Reference: XF:hp-cue(2007)
Reference: URL:http://www.iss.net/security_center/static/2007.php

Name: CVE-1999-1140

Description:

Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.

Status:Entry
Reference: BUGTRAQ:19971214 buffer overflows in cracklib?!
Reference: URL:http://marc.info/?l=bugtraq&m=88209041500913&w=2
Reference: CERT:VB-97.16
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib
Reference: XF:cracklib-bo(1539)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1539

Name: CVE-1999-1142

Description:

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

Status:Entry
Reference: CERT:CA-1992-11
Reference: URL:http://www.cert.org/advisories/CA-1992-11.html
Reference: SUN:00116
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
Reference: XF:sun-env(3152)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3152

Name: CVE-1999-1143

Description:

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.

Status:Entry
Reference: CIAC:H-065
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml
Reference: SGI:19970504-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX
Reference: XF:sgi-rld(2109)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2109

Name: CVE-1999-1144

Description:

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9701-051
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html
Reference: XF:hp-mpower(2056)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2056

Name: CVE-1999-1145

Description:

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.

Status:Entry
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: HP:HPSBUX9701-044
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514
Reference: XF:hp-glanceplus(2059)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2059

Name: CVE-1999-1146

Description:

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.

Status:Entry
Reference: HP:HPSBUX9405-011
Reference: URL:http://www.securityfocus.com/advisories/1555
Reference: XF:hp-glanceplus-gpm(2060)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2060

Name: CVE-1999-1147

Description:

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.

Status:Entry
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: URL:http://marc.info/?l=bugtraq&m=91273739726314&w=2
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: OSVDB:3164
Reference: URL:http://www.osvdb.org/3164
Reference: XF:pcm-dos-execute(1430)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1430

Name: CVE-1999-1148

Description:

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

Status:Entry
Reference: MS:MS98-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-006
Reference: MSKB:Q189262
Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP
Reference: XF:iis-passive-ftp(1215)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1215

Name: CVE-1999-1156

Description:

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.

Status:Entry
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: XF:bisonware-port-crash(2254)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2254

Name: CVE-1999-1157

Description:

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

Status:Entry
Reference: MSKB:Q192774
Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP
Reference: XF:tcpipsys-icmp-dos(3894)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3894

Name: CVE-1999-1159

Description:

SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.

Status:Entry
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91495920911490&w=2
Reference: XF:ssh-privileged-port-forward(1471)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1471

Name: CVE-1999-1160

Description:

Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.

Status:Entry
Reference: CIAC:H-33
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml
Reference: HP:HPSBUX9702-055
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420581&w=2
Reference: XF:hp-ftpd-kftpd(7437)
Reference: URL:http://www.iss.net/security_center/static/7437.php

Name: CVE-1999-1161

Description:

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.

Status:Entry
Reference: AUSCERT:AA-97.07
Reference: BUGTRAQ:19961103 Re: Untitled
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420102&w=2
Reference: BUGTRAQ:19961104 ppl bugs
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420103&w=2
Reference: CIAC:H-32
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml
Reference: HP:HPSBUX9704-057
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html
Reference: XF:hp-ppl(7438)
Reference: URL:http://www.iss.net/security_center/static/7438.php

Name: CVE-1999-1162

Description:

Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.

Status:Entry
Reference: CERT:CA-1993-08
Reference: URL:http://www.cert.org/advisories/CA-1993-08.html
Reference: XF:sco-passwd-deny(542)
Reference: URL:http://www.iss.net/security_center/static/542.php

Name: CVE-1999-1163

Description:

Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.

Status:Entry
Reference: HP:HPSBUX9911-105
Reference: URL:http://marc.info/?l=bugtraq&m=94347039929958&w=2
Reference: XF:hp-ssp(7439)
Reference: URL:http://www.iss.net/security_center/static/7439.php

Name: CVE-1999-1167

Description:

Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.

Status:Entry
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html
Reference: XF:thirdvoice-cross-site-scripting(7252)
Reference: URL:http://www.iss.net/security_center/static/7252.php

Name: CVE-1999-1175

Description:

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

Status:Entry
Reference: CIAC:I-054
Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Reference: XF:cisco-wccp-vuln(1577)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1577

Name: CVE-1999-1177

Description:

Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.

Status:Entry
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Reference: XF:http-cgi-nphpublish(2055)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2055

Name: CVE-1999-1181

Description:

Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

Status:Entry
Reference: CIAC:J-003
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml
Reference: SGI:19980901-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX
Reference: XF:irix-register(7441)
Reference: URL:http://www.iss.net/security_center/static/7441.php

Name: CVE-1999-1188

Description:

mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Status:Entry
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Reference: URL:http://marc.info/?l=bugtraq&m=91479159617803&w=2
Reference: XF:mysql-readable-log-files(1568)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1568

Name: CVE-1999-1189

Description:

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

Status:Entry
Reference: BID:822
Reference: URL:http://www.securityfocus.com/bid/822
Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36306
Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36608
Reference: XF:netscape-long-argument-bo(7884)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7884

Name: CVE-1999-1191

Description:

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: AUSCERT:AA-97.18
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul
Reference: BID:207
Reference: URL:http://www.securityfocus.com/bid/207
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418335&w=2
Reference: SUN:00144
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144
Reference: XF:solaris-chkey-bo(7442)
Reference: URL:http://www.iss.net/security_center/static/7442.php

Name: CVE-1999-1192

Description:

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: BID:206
Reference: URL:http://www.securityfocus.com/bid/206
Reference: SUN:00143
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143
Reference: XF:solaris-eeprom-bo(7444)
Reference: URL:http://www.iss.net/security_center/static/7444.php

Name: CVE-1999-1193

Description:

The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.

Status:Entry
Reference: BID:20
Reference: URL:http://www.securityfocus.com/bid/20
Reference: CERT:CA-1991-06
Reference: URL:http://www.cert.org/advisories/CA-1991-06.html
Reference: XF:next-me(581)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/581

Name: CVE-1999-1194

Description:

chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.

Status:Entry
Reference: BID:17
Reference: URL:http://www.securityfocus.com/bid/17
Reference: CERT:CA-1991-05
Reference: URL:http://www.cert.org/advisories/CA-1991-05.html
Reference: XF:dec-chroot(577)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/577

Name: CVE-1999-1197

Description:

TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.

Status:Entry
Reference: BID:14
Reference: URL:http://www.securityfocus.com/bid/14
Reference: CERT:CA-1990-12
Reference: URL:http://www.cert.org/advisories/CA-1990-12.html
Reference: XF:sunos-tioccons-console-redirection(7140)
Reference: URL:http://www.iss.net/security_center/static/7140.php

Name: CVE-1999-1198

Description:

BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.

Status:Entry
Reference: BID:11
Reference: URL:http://www.securityfocus.com/bid/11
Reference: CERT:CA-1990-06
Reference: URL:http://www.cert.org/advisories/CA-1990-06.html
Reference: CIAC:B-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml
Reference: XF:nextstep-builddisk-root-access(7141)
Reference: URL:http://www.iss.net/security_center/static/7141.php

Name: CVE-1999-1199

Description:

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

Status:Entry
Reference: BUGTRAQ:19980807 YA Apache DoS attack
Reference: URL:http://marc.info/?l=bugtraq&m=90252779826784&w=2
Reference: BUGTRAQ:19980808 Debian Apache Security Update
Reference: URL:http://marc.info/?l=bugtraq&m=90276683825862&w=2
Reference: BUGTRAQ:19980810 Apache DoS Attack
Reference: URL:http://marc.info/?l=bugtraq&m=90286768232093&w=2
Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux
Reference: URL:http://marc.info/?l=bugtraq&m=90280517007869&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache

Name: CVE-1999-1201

Description:

Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.

Status:Entry
Reference: BID:225
Reference: URL:http://www.securityfocus.com/bid/225
Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing
Reference: URL:http://marc.info/?l=ntbugtraq&m=91849617221319&w=2
Reference: XF:win-multiple-ip-dos(7542)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7542

Name: CVE-1999-1203

Description:

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.

Status:Entry
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Reference: URL:http://marc.info/?l=bugtraq&m=91868964203769&w=2
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: URL:http://marc.info/?l=bugtraq&m=91888117502765&w=2
Reference: XF:ascend-ppp-isdn-dos(7498)
Reference: URL:http://www.iss.net/security_center/static/7498.php

Name: CVE-1999-1204

Description:

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

Status:Entry
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=90221101925912&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html
Reference: OSVDB:4416
Reference: URL:http://www.osvdb.org/4416
Reference: XF:fw1-user-defined-keywords-access(7293)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7293

Name: CVE-1999-1205

Description:

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.

Status:Entry
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=87602167419195&w=2
Reference: CIAC:G-34
Reference: HP:HPSBUX9607-035
Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08
Reference: XF:hp-nettune(414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/414

Name: CVE-1999-1208

Description:

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419330&w=2
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419337&w=2
Reference: XF:ping-bo(803)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/803

Name: CVE-1999-1209

Description:

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19971204 scoterm exploit
Reference: URL:http://marc.info/?l=bugtraq&m=88131151000069&w=2
Reference: CERT:VB-97.14
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm
Reference: XF:sco-scoterm(690)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/690

Name: CVE-1999-1214

Description:

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Status:Entry
Reference: MISC:http://www.openbsd.com/advisories/signals.txt
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
Reference: URL:http://www.openbsd.com/advisories/signals.txt
Reference: OSVDB:11062
Reference: URL:http://www.osvdb.org/11062
Reference: XF:openbsd-iosig(556)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/556

Name: CVE-1999-1215

Description:

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.

Status:Entry
Reference: CERT:CA-1993-12
Reference: URL:http://www.cert.org/advisories/CA-1993-12.html
Reference: CIAC:D-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml
Reference: XF:novell-login(545)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/545

Name: CVE-1999-1217

Description:

The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.

Status:Entry
Reference: NTBUGTRAQ:19970723 NT security - why bother?
Reference: URL:http://marc.info/?l=ntbugtraq&m=87602726319426&w=2
Reference: NTBUGTRAQ:19970725 Re: NT security - why bother?
Reference: URL:http://marc.info/?l=ntbugtraq&m=87602726319435&w=2
Reference: XF:nt-path(526)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/526

Name: CVE-1999-1222

Description:

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

Status:Entry
Reference: MSKB:Q188571
Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP
Reference: XF:dns-netbtsys-dos(3893)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3893

Name: CVE-1999-1223

Description:

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.

Status:Entry
Reference: MSKB:Q187503
Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp
Reference: XF:url-asp-av(3892)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3892

Name: CVE-1999-1226

Description:

Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.

Status:Entry
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
Reference: XF:netscape-huge-key-dos(3436)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3436

Name: CVE-1999-1233

Description:

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

Status:Entry
Reference: BID:657
Reference: URL:http://www.securityfocus.com/bid/657
Reference: MS:MS99-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039
Reference: MSKB:241562
Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp
Reference: XF:iis-unresolved-domain-access(3306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3306

Name: CVE-1999-1243

Description:

SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.

Status:Entry
Reference: CIAC:F-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Reference: SGI:19950301-01-P373
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Reference: XF:sgi-permissions(2113)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2113

Name: CVE-1999-1246

Description:

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Status:Entry
Reference: MSKB:Q229972
Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
Reference: XF:siteserver-directmail-passwords(2068)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

Name: CVE-1999-1249

Description:

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9701-047
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html
Reference: OSVDB:8099
Reference: URL:http://www.osvdb.org/8099
Reference: XF:hp-movemail(2057)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2057

Name: CVE-1999-1258

Description:

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

Status:Entry
Reference: SUN:00102
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102
Reference: XF:sun-pwdauthd(1782)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1782

Name: CVE-1999-1259

Description:

Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

Status:Entry
Reference: MSKB:Q189529
Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp
Reference: XF:office-extraneous-data(1780)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1780

Name: CVE-1999-1262

Description:

Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.

Status:Entry
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Reference: URL:http://www.securityfocus.com/archive/1/12231
Reference: XF:java-socket-open(1727)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1727

Name: CVE-1999-1263

Description:

Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.

Status:Entry
Reference: BUGTRAQ:19971024 Vulnerability in metamail
Reference: URL:http://marc.info/?l=bugtraq&m=87773365324657&w=2
Reference: XF:metamail-file-creation(1677)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1677

Name: CVE-1999-1276

Description:

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

Status:Entry
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
Reference: URL:http://www.debian.org/security/1998/19981207
Reference: XF:fte-console-privileges(1609)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1609

Name: CVE-1999-1279

Description:

An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

Status:Entry
Reference: MSKB:Q138001
Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp
Reference: XF:snaserver-shared-folders(1548)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1548

Name: CVE-1999-1284

Description:

NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.

Status:Entry
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Reference: URL:http://www.securityfocus.com/archive/1/11131
Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks
Reference: URL:http://marc.info/?l=bugtraq&m=91063407332594&w=2
Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt
Reference: XF:nukenabber-timeout-dos(1540)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1540

Name: CVE-1999-1288

Description:

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

Status:Entry
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Reference: URL:http://www.securityfocus.com/archive/1/11397
Reference: CALDERA:SA-1998.35
Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt
Reference: XF:samba-wsmbconf(1406)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1406

Name: CVE-1999-1290

Description:

Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.

Status:Entry
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91127951426494&w=2
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1397

Name: CVE-1999-1294

Description:

Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.

Status:Entry
Reference: MSKB:Q146604
Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp
Reference: XF:nt-filemgr(562)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/562

Name: CVE-1999-1297

Description:

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

Status:Entry
Reference: SUNBUG:1077164
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20
Reference: XF:sun-cmdtool-echo(7482)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7482

Name: CVE-1999-1298

Description:

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:03
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
Reference: OSVDB:6087
Reference: URL:http://www.osvdb.org/6087
Reference: XF:freebsd-sysinstall-ftp-password(7537)
Reference: URL:http://www.iss.net/security_center/static/7537.php

Name: CVE-1999-1301

Description:

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

Status:Entry
Reference: CIAC:G-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc
Reference: XF:rzsz-command-execution(7540)
Reference: URL:http://www.iss.net/security_center/static/7540.php

Name: CVE-1999-1309

Description:

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

Status:Entry
Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here)
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html
Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html
Reference: BUGTRAQ:19940315 anyone know details?
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html
Reference: BUGTRAQ:19940315 so...
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html
Reference: BUGTRAQ:19940327 sendmail exploit script - resend
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html
Reference: CERT:CA-1994-12
Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities
Reference: XF:sendmail-debug-gain-root(7155)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7155

Name: CVE-1999-1316

Description:

Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

Status:Entry
Reference: MSKB:Q247975
Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp
Reference: XF:passfilt-fullname(7391)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7391

Name: CVE-1999-1317

Description:

Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.

Status:Entry
Reference: MSKB:Q222159
Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.info/?l=ntbugtraq&m=92127046701349&w=2
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.info/?l=ntbugtraq&m=92162979530341&w=2
Reference: XF:nt-symlink-case(7398)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7398

Name: CVE-1999-1318

Description:

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

Status:Entry
Reference: SUNBUG:1121935
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20
Reference: XF:sun-su-path(7480)
Reference: URL:http://www.iss.net/security_center/static/7480.php

Name: CVE-1999-1320

Description:

Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

Status:Entry
Reference: CIAC:D-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml
Reference: XF:netware-packet-spoofing-privileges(7213)
Reference: URL:http://www.iss.net/security_center/static/7213.php

Name: CVE-1999-1321

Description:

Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.

Status:Entry
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814
Reference: OSVDB:4883
Reference: URL:http://www.osvdb.org/4883

Name: CVE-1999-1324

Description:

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Status:Entry
Reference: CIAC:D-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
Reference: XF:openvms-sysgen-enabled(7225)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7225

Name: CVE-1999-1325

Description:

SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.

Status:Entry
Reference: CIAC:C-19
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml
Reference: XF:vaxvms-sas-gain-privileges(7261)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7261

Name: CVE-1999-1326

Description:

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

Status:Entry
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420401&w=2
Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420408&w=2
Reference: XF:wuftpd-abor-gain-privileges(7169)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7169

Name: CVE-1999-1327

Description:

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.

Status:Entry
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125826&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: OSVDB:6065
Reference: URL:http://www.osvdb.org/6065
Reference: XF:linuxconf-lang-bo(7239)
Reference: URL:http://www.iss.net/security_center/static/7239.php

Name: CVE-1999-1328

Description:

linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: URL:http://marc.info/?l=bugtraq&m=90383955231511&w=2
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: OSVDB:6068
Reference: URL:http://www.osvdb.org/6068
Reference: XF:linuxconf-symlink-gain-privileges(7232)
Reference: URL:http://www.iss.net/security_center/static/7232.php

Name: CVE-1999-1329

Description:

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit
Reference: XF:sysvinit-root-bo(7250)
Reference: URL:http://www.iss.net/security_center/static/7250.php

Name: CVE-1999-1330

Description:

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

Status:Entry
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419259&w=2
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db
Reference: XF:linux-libdb-snprintf-bo(7244)
Reference: URL:http://www.iss.net/security_center/static/7244.php

Name: CVE-1999-1331

Description:

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg
Reference: XF:netcfg-ethernet-dos(7245)
Reference: URL:http://www.iss.net/security_center/static/7245.php

Name: CVE-1999-1332

Description:

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Status:Entry
Reference: BID:7845
Reference: URL:http://www.securityfocus.com/bid/7845
Reference: BUGTRAQ:19980128 GZEXE - the big problem
Reference: URL:http://marc.info/?l=bugtraq&m=88603844115233&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip
Reference: DEBIAN:DSA-308
Reference: URL:http://www.debian.org/security/2003/dsa-308
Reference: OSVDB:3812
Reference: URL:http://www.osvdb.org/3812
Reference: XF:gzip-gzexe-tmp-symlink(7241)
Reference: URL:http://www.iss.net/security_center/static/7241.php

Name: CVE-1999-1333

Description:

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Status:Entry
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
Reference: URL:http://marc.info/?l=bugtraq&m=89042322924057&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp
Reference: OSVDB:6111
Reference: URL:http://www.osvdb.org/6111
Reference: XF:ncftp-autodownload-command-execution(7240)
Reference: URL:http://www.iss.net/security_center/static/7240.php

Name: CVE-1999-1335

Description:

snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp
Reference: XF:cmusnmp-read-write(7251)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7251

Name: CVE-1999-1336

Description:

3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.

Status:Entry
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.info/?l=bugtraq&m=93458364903256&w=2
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.info/?l=bugtraq&m=93492615408725&w=2
Reference: OSVDB:6057
Reference: URL:http://www.osvdb.org/6057

Name: CVE-1999-1337

Description:

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.

Status:Entry
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=93370073207984&w=2
Reference: OSVDB:5921
Reference: URL:http://www.osvdb.org/5921
Reference: XF:midnight-commander-data-disclosure(9873)
Reference: URL:http://www.iss.net/security_center/static/9873.php

Name: CVE-1999-1339

Description:

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

Status:Entry
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: URL:http://marc.info/?l=bugtraq&m=93277426802802&w=2
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Reference: URL:http://marc.info/?l=bugtraq&m=93277766505061&w=2
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
Reference: OSVDB:6105
Reference: URL:http://www.osvdb.org/6105
Reference: XF:ipchains-ping-route-dos(7257)
Reference: URL:http://www.iss.net/security_center/static/7257.php

Name: CVE-1999-1341

Description:

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

Status:Entry
Reference: BUGTRAQ:19991022 Local user can send forged packets
Reference: URL:http://marc.info/?l=bugtraq&m=94061108411308&w=2
Reference: XF:linux-tiocsetd-forge-packets(7858)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7858

Name: CVE-1999-1351

Description:

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.

Status:Entry
Reference: BUGTRAQ:19990924 Kvirc bug
Reference: URL:http://marc.info/?l=bugtraq&m=93845560631314&w=2
Reference: XF:kvirc-dot-directory-traversal(7761)
Reference: URL:http://www.iss.net/security_center/static/7761.php

Name: CVE-1999-1356

Description:

Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.

Status:Entry
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=bugtraq&m=93646669500991&w=2
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=ntbugtraq&m=93637792706047&w=2
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=ntbugtraq&m=93759822830815&w=2
Reference: XF:compaq-smartstart-legal-notice(7763)
Reference: URL:http://www.iss.net/security_center/static/7763.php

Name: CVE-1999-1358

Description:

When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

Status:Entry
Reference: MSKB:Q157673
Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp
Reference: XF:nt-user-policy-update(7400)
Reference: URL:http://www.iss.net/security_center/static/7400.php

Name: CVE-1999-1359

Description:

When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.

Status:Entry
Reference: MSKB:Q163875
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp
Reference: XF:nt-group-policy-longname(7401)
Reference: URL:http://www.iss.net/security_center/static/7401.php

Name: CVE-1999-1360

Description:

Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.

Status:Entry
Reference: MSKB:Q160650
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp
Reference: XF:nt-kernel-handle-dos(7402)
Reference: URL:http://www.iss.net/security_center/static/7402.php

Name: CVE-1999-1362

Description:

Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

Status:Entry
Reference: MSKB:Q160601
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp
Reference: XF:nt-win32k-dos(7403)
Reference: URL:http://www.iss.net/security_center/static/7403.php

Name: CVE-1999-1363

Description:

Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.

Status:Entry
Reference: MSKB:Q163143
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp
Reference: XF:nt-nonpagedpool-dos(7405)
Reference: URL:http://www.iss.net/security_center/static/7405.php

Name: CVE-1999-1365

Description:

Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.

Status:Entry
Reference: BID:515
Reference: URL:http://www.securityfocus.com/bid/515
Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location
Reference: URL:http://marc.info/?l=ntbugtraq&m=93069418400856&w=2
Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc...
Reference: URL:http://marc.info/?l=ntbugtraq&m=93127894731200&w=2
Reference: XF:nt-login-default-folder(2336)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2336

Name: CVE-1999-1379

Description:

DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.

Status:Entry
Reference: AUSCERT:AL-1999.004
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Reference: URL:http://marc.info/?l=bugtraq&m=93348057829957&w=2
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: URL:http://marc.info/?l=bugtraq&m=93433758607623&w=2
Reference: CIAC:J-063
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml
Reference: XF:dns-udp-query-dos(7238)
Reference: URL:http://www.iss.net/security_center/static/7238.php

Name: CVE-1999-1380

Description:

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.

Status:Entry
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
Reference: XF:nu-tuneocx-activex-control(7188)
Reference: URL:http://www.iss.net/security_center/static/7188.php

Name: CVE-1999-1382

Description:

NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

Status:Entry
Reference: BUGTRAQ:19980108 NetWare NFS
Reference: URL:http://marc.info/?l=bugtraq&m=88427711321769&w=2
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=90295697702474&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551
Reference: XF:netware-nfs-file-ownership(7246)
Reference: URL:http://www.iss.net/security_center/static/7246.php

Name: CVE-1999-1384

Description:

Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.

Status:Entry
Reference: AUSCERT:AA-96.08
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Reference: BID:470
Reference: URL:http://www.securityfocus.com/bid/470
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420095&w=2
Reference: SGI:19961101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I
Reference: XF:irix-systour(7456)
Reference: URL:http://www.iss.net/security_center/static/7456.php

Name: CVE-1999-1385

Description:

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

Status:Entry
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420332&w=2
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc
Reference: OSVDB:6085
Reference: URL:http://www.osvdb.org/6085
Reference: XF:ppp-bo(7465)
Reference: URL:http://www.iss.net/security_center/static/7465.php

Name: CVE-1999-1386

Description:

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

Status:Entry
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
Reference: URL:http://marc.info/?l=bugtraq&m=88932165406213&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl
Reference: XF:perl-e-tmp-symlink(7243)
Reference: URL:http://www.iss.net/security_center/static/7243.php

Name: CVE-1999-1397

Description:

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

Status:Entry
Reference: BID:476
Reference: URL:http://www.securityfocus.com/bid/476
Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.info/?l=bugtraq&m=92242671024118&w=2
Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.info/?l=ntbugtraq&m=92223293409756&w=2
Reference: XF:iis-indexserver-reveal-path(7559)
Reference: URL:http://www.iss.net/security_center/static/7559.php

Name: CVE-1999-1402

Description:

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

Status:Entry
Reference: BID:456
Reference: URL:http://www.securityfocus.com/bid/456
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418317&w=2
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: URL:http://marc.info/?l=bugtraq&m=87602248718482&w=2
Reference: XF:sun-domain-socket-permissions(7172)
Reference: URL:http://www.iss.net/security_center/static/7172.php

Name: CVE-1999-1407

Description:

ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.

Status:Entry
Reference: BID:368
Reference: URL:http://www.securityfocus.com/bid/368
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
Reference: URL:http://marc.info/?l=bugtraq&m=88950856416985&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts
Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
Reference: URL:http://www.iss.net/security_center/static/7294.php

Name: CVE-1999-1409

Description:

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

Status:Entry
Reference: BID:331
Reference: URL:http://www.securityfocus.com/bid/331
Reference: BUGTRAQ:19980703 more about 'at'
Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=90233906612929&w=2
Reference: NETBSD:NetBSD-SA1998-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Reference: XF:at-f-read-files(7577)
Reference: URL:http://www.iss.net/security_center/static/7577.php

Name: CVE-1999-1411

Description:

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

Status:Entry
Reference: BID:316
Reference: URL:http://www.securityfocus.com/bid/316
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: URL:http://marc.info/?l=bugtraq&m=91228908407679&w=2
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: URL:http://marc.info/?l=bugtraq&m=91244712808780&w=2
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91936850009861&w=2
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html
Reference: XF:fsp-anon-ftp-access(7574)
Reference: URL:http://www.iss.net/security_center/static/7574.php

Name: CVE-1999-1414

Description:

IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.

Status:Entry
Reference: BID:284
Reference: URL:http://www.securityfocus.com/bid/284
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.info/?l=ntbugtraq&m=92765856706547&w=2
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.info/?l=ntbugtraq&m=92902484317769&w=2

Name: CVE-1999-1419

Description:

Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.

Status:Entry
Reference: BID:219
Reference: URL:http://www.securityfocus.com/bid/219
Reference: SUN:00148
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148
Reference: XF:sun-nisplus-bo(7535)
Reference: URL:http://www.iss.net/security_center/static/7535.php

Name: CVE-1999-1423

Description:

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

Status:Entry
Reference: BID:209
Reference: URL:http://www.securityfocus.com/bid/209
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319160&w=2
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319171&w=2
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319181&w=2
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319180&w=2
Reference: SUN:00146
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146
Reference: XF:ping-multicast-loopback-dos(7492)
Reference: URL:http://www.iss.net/security_center/static/7492.php

Name: CVE-1999-1432

Description:

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Status:Entry
Reference: BID:160
Reference: URL:http://www.securityfocus.com/bid/160
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525997&w=2
Reference: SUNBUG:4024179

Name: CVE-1999-1433

Description:

HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

Status:Entry
Reference: BID:157
Reference: URL:http://www.securityfocus.com/bid/157
Reference: BUGTRAQ:19980715 JetAdmin software
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525988&w=2
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: URL:http://marc.info/?l=bugtraq&m=90221104526067&w=2

Name: CVE-1999-1437

Description:

ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.

Status:Entry
Reference: BID:151
Reference: URL:http://www.securityfocus.com/bid/151
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525890&w=2
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525927&w=2

Name: CVE-1999-1452

Description:

GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

Status:Entry
Reference: BID:198
Reference: URL:http://www.securityfocus.com/bid/198
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.info/?l=bugtraq&m=91788829326419&w=2
Reference: MSKB:Q214802
Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.info/?l=ntbugtraq&m=91764169410814&w=2
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: URL:http://marc.info/?l=ntbugtraq&m=91822011021558&w=2
Reference: XF:nt-gina-clipboard(1975)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1975

Name: CVE-1999-1455

Description:

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

Status:Entry
Reference: MSKB:Q158320
Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp
Reference: XF:nt-rshsvc-ale-bypass(7422)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7422

Name: CVE-1999-1456

Description:

thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.

Status:Entry
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/10368
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1809

Name: CVE-1999-1468

Description:

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

Status:Entry
Reference: BID:31
Reference: URL:http://www.securityfocus.com/bid/31
Reference: CERT:CA-91.20
Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
Reference: OSVDB:8106
Reference: URL:http://www.osvdb.org/8106
Reference: XF:rdist-popen-gain-privileges(7160)
Reference: URL:http://www.iss.net/security_center/static/7160.php

Name: CVE-1999-1472

Description:

Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.

Status:Entry
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
Reference: URL:http://marc.info/?l=bugtraq&m=87710897923098&w=2
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: MSKB:Q176794
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp
Reference: OSVDB:7819
Reference: URL:http://www.osvdb.org/7819
Reference: XF:http-ie-spy(587)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/587

Name: CVE-1999-1473

Description:

When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

Status:Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: OSVDB:7818
Reference: URL:http://www.osvdb.org/7818
Reference: XF:ie-page-redirect(7426)
Reference: URL:http://www.iss.net/security_center/static/7426.php

Name: CVE-1999-1476

Description:

A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.

Status:Entry
Reference: MSKB:Q163852
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp
Reference: XF:pentium-crash(704)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/704

Name: CVE-1999-1478

Description:

The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

Status:Entry
Reference: BID:522
Reference: URL:http://www.securityfocus.com/bid/522
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Reference: URL:http://marc.info/?l=ntbugtraq&m=93138827429589&w=2
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: URL:http://marc.info/?l=ntbugtraq&m=93240220324183&w=2
Reference: XF:sun-hotspot-vm(2348)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2348

Name: CVE-1999-1481

Description:

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

Status:Entry
Reference: BID:741
Reference: URL:http://www.securityfocus.com/bid/741
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: XF:squid-proxy-auth-access(3433)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3433

Name: CVE-1999-1486

Description:

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: AIXAPAR:IX75554
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only
Reference: AIXAPAR:IX76330
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only
Reference: AIXAPAR:IX76853
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only
Reference: BID:408
Reference: URL:http://www.securityfocus.com/bid/408
Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
Reference: XF:aix-sadc-timex(7675)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7675

Name: CVE-1999-1488

Description:

sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.

Status:Entry
Reference: BID:371
Reference: URL:http://www.securityfocus.com/bid/371
Reference: CIAC:I-079A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml
Reference: XF:ibm-sdr-read-files(7217)
Reference: URL:http://www.iss.net/security_center/static/7217.php

Name: CVE-1999-1490

Description:

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

Status:Entry
Reference: BID:362
Reference: URL:http://www.securityfocus.com/bid/362
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
Reference: URL:http://marc.info/?l=bugtraq&m=90221101926021&w=2
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: URL:http://marc.info/?l=bugtraq&m=90221101926034&w=2
Reference: XF:linux-xosview-bo(8787)
Reference: URL:http://www.iss.net/security_center/static/8787.php

Name: CVE-1999-1494

Description:

colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.

Status:Entry
Reference: BID:336
Reference: URL:http://www.securityfocus.com/bid/336
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/675
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html
Reference: SGI:19950209-00-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P
Reference: XF:sgi-colorview(2112)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2112

Name: CVE-1999-1507

Description:

Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.

Status:Entry
Reference: BID:59
Reference: URL:http://www.securityfocus.com/bid/59
Reference: CERT:CA-1993-03
Reference: URL:http://www.cert.org/advisories/CA-1993-03.html
Reference: XF:sun-dir(521)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/521

Name: CVE-1999-1512

Description:

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.

Status:Entry
Reference: BID:527
Reference: URL:http://www.securityfocus.com/bid/527
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=93219846414732&w=2
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: XF:amavis-command-execute(2349)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2349

Name: CVE-1999-1520

Description:

A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.

Status:Entry
Reference: BID:256
Reference: URL:http://www.securityfocus.com/bid/256
Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs
Reference: URL:http://marc.info/?l=bugtraq&m=92647407227303&w=2
Reference: XF:siteserver-site-csc(2270)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2270

Name: CVE-1999-1530

Description:

cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.

Status:Entry
Reference: BID:777
Reference: URL:http://www.securityfocus.com/bid/777
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Reference: URL:http://marc.info/?l=bugtraq&m=94209954200450&w=2
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: URL:http://marc.info/?l=bugtraq&m=94225629200045&w=2
Reference: OSVDB:35
Reference: URL:http://www.osvdb.org/35
Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764)
Reference: URL:http://www.iss.net/security_center/static/7764.php

Name: CVE-1999-1531

Description:

Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.

Status:Entry
Reference: BID:763
Reference: URL:http://www.securityfocus.com/bid/763
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2
Reference: XF:ibm-homepageprint-bo(7767)
Reference: URL:http://www.iss.net/security_center/static/7767.php

Name: CVE-1999-1535

Description:

Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.

Status:Entry
Reference: BID:592
Reference: URL:http://www.securityfocus.com/bid/592
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
Reference: URL:http://marc.info/?l=ntbugtraq&m=93256878011447&w=2
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: URL:http://marc.info/?l=ntbugtraq&m=93501427820328&w=2
Reference: XF:http-aspupload-bo(3291)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3291

Name: CVE-1999-1537

Description:

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Status:Entry
Reference: BID:521
Reference: URL:http://www.securityfocus.com/bid/521
Reference: NTBUGTRAQ:19990707 SSL and IIS.
Reference: URL:http://marc.info/?l=ntbugtraq&m=93138827329577&w=2
Reference: XF:ssl-iis-dos(2352)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2352

Name: CVE-1999-1542

Description:

RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.

Status:Entry
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
Reference: URL:http://marc.info/?l=bugtraq&m=93915641729415&w=2
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: URL:http://marc.info/?l=bugtraq&m=93923853105687&w=2
Reference: XF:linux-rh-rpmmail(3353)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3353

Name: CVE-1999-1550

Description:

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.

Status:Entry
Reference: BID:778
Reference: URL:http://www.securityfocus.com/bid/778
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Reference: URL:http://marc.info/?l=bugtraq&m=94217006208374&w=2
Reference: BUGTRAQ:19991109
Reference: URL:http://marc.info/?l=bugtraq&m=94225879703021&w=2
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: URL:http://marc.info/?l=bugtraq&m=94217879020184&w=2
Reference: XF:bigip-bigconf-view-files(7771)
Reference: URL:http://www.iss.net/security_center/static/7771.php

Name: CVE-1999-1556

Description:

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Status:Entry
Reference: BID:109
Reference: URL:http://www.securityfocus.com/bid/109
Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys
Reference: URL:http://marc.info/?l=ntbugtraq&m=90222453431645&w=2
Reference: XF:mssql-sqlexecutivecmdexec-password(7354)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7354

Name: CVE-1999-1565

Description:

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Status:Entry
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
Reference: URL:http://www.securityfocus.com/archive/1/24784
Reference: OSVDB:6291
Reference: URL:http://www.osvdb.org/6291

Name: CVE-1999-1568

Description:

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

Status:Entry
Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise"
Reference: URL:http://www.securityfocus.com/archive/1/12699
Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=91981352617720&w=2
Reference: XF:ncftpd-port-bo(1833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1833

Name: CVE-2000-0001

Description:

RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

Status:Entry
Reference: BID:888
Reference: URL:http://www.securityfocus.com/bid/888
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: XF:realserver-ramgen-dos

Name: CVE-2000-0002

Description:

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:889
Reference: URL:http://www.securityfocus.com/bid/889
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.info/?l=bugtraq&m=94598388530358&w=2
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability
Reference: XF:zbserver-get-bo

Name: CVE-2000-0003

Description:

Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

Status:Entry
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.info/?l=bugtraq&m=94908470928258&w=2

Name: CVE-2000-0004

Description:

ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.

Status:Entry
Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.info/?l=bugtraq&m=94606572912422&w=2
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: XF:zbserver-url-dot

Name: CVE-2000-0006

Description:

strace allows local users to read arbitrary files via memory mapped file names.

Status:Entry
Reference: BUGTRAQ:19991225 strace can lie
Reference: URL:http://online.securityfocus.com/archive/1/39831
Reference: XF:linux-strace(4554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4554

Name: CVE-2000-0007

Description:

Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.

Status:Entry
Reference: BID:1740
Reference: URL:http://www.securityfocus.com/bid/1740
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4491

Name: CVE-2000-0009

Description:

The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

Status:Entry
Reference: BID:907
Reference: URL:http://www.securityfocus.com/bid/907
Reference: BUGTRAQ:19991230 bna,sh
Reference: XF:netarchitect-path-vulnerability

Name: CVE-2000-0010

Description:

WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

Status:Entry
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus

Name: CVE-2000-0011

Description:

Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:906
Reference: URL:http://www.securityfocus.com/bid/906
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:1184
Reference: URL:http://www.osvdb.org/1184
Reference: XF:simpleserver-get-bo

Name: CVE-2000-0012

Description:

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

Status:Entry
Reference: BID:898
Reference: URL:http://www.securityfocus.com/bid/898
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: XF:w3-msql-scanf-bo

Name: CVE-2000-0013

Description:

IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

Status:Entry
Reference: BID:909
Reference: URL:http://www.securityfocus.com/bid/909
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink

Name: CVE-2000-0014

Description:

Denial of service in Savant web server via a null character in the requested URL.

Status:Entry
Reference: BID:897
Reference: URL:http://www.securityfocus.com/bid/897
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: XF:savant-server-null-dos

Name: CVE-2000-0015

Description:

CascadeView TFTP server allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:910
Reference: URL:http://www.securityfocus.com/bid/910
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: XF:cascadeview-tftp-symlink

Name: CVE-2000-0018

Description:

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

Status:Entry
Reference: BID:885
Reference: URL:http://www.securityfocus.com/bid/885
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: OSVDB:1169
Reference: URL:http://www.osvdb.org/1169
Reference: XF:freebsd-wmmon-root-exploit

Name: CVE-2000-0020

Description:

DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.

Status:Entry
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos

Name: CVE-2000-0022

Description:

Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.

Status:Entry
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack

Name: CVE-2000-0023

Description:

Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: OSVDB:51
Reference: URL:http://www.osvdb.org/51

Name: CVE-2000-0024

Description:

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Status:Entry
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
Reference: MS:MS99-061
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061
Reference: MSKB:Q246401
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401
Reference: XF:iis-badescapes

Name: CVE-2000-0025

Description:

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

Status:Entry
Reference: MS:MS99-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
Reference: MSKB:Q238606
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606
Reference: OSVDB:8098
Reference: URL:http://www.osvdb.org/8098

Name: CVE-2000-0026

Description:

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

Status:Entry
Reference: BID:876
Reference: URL:http://www.securityfocus.com/bid/876
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: OSVDB:6310
Reference: URL:http://www.osvdb.org/6310

Name: CVE-2000-0027

Description:

IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:900
Reference: URL:http://www.securityfocus.com/bid/900
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/39962
Reference: XF:ibm-netstat-race-condition(5381)
Reference: URL:http://www.iss.net/security_center/static/5381.php

Name: CVE-2000-0029

Description:

UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:901
Reference: URL:http://www.securityfocus.com/bid/901
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.info/?l=bugtraq&m=94780294009285&w=2

Name: CVE-2000-0030

Description:

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

Status:Entry
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk

Name: CVE-2000-0031

Description:

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Reference: REDHAT:RHSA-1999:052-04

Name: CVE-2000-0032

Description:

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

Status:Entry
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: OSVDB:7582
Reference: URL:http://www.osvdb.org/7582
Reference: XF:sol-dmispd-dos

Name: CVE-2000-0033

Description:

InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

Status:Entry
Reference: BID:899
Reference: URL:http://www.securityfocus.com/bid/899
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: XF:interscan-viruswall-bypass

Name: CVE-2000-0034

Description:

Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

Status:Entry
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: XF:netscape-password-preferences

Name: CVE-2000-0036

Description:

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

Status:Entry
Reference: MS:MS99-060
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060
Reference: MSKB:Q249082
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082

Name: CVE-2000-0037

Description:

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

Status:Entry
Reference: BID:903
Reference: URL:http://www.securityfocus.com/bid/903
Reference: BUGTRAQ:19991228 majordomo local exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.info/?l=bugtraq&m=94780294009285&w=2
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: REDHAT:RHSA-2000:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html

Name: CVE-2000-0039

Description:

AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.

Status:Entry
Reference: BID:896
Reference: URL:http://www.securityfocus.com/bid/896
Reference: BUGTRAQ:19991229 AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: OSVDB:15
Reference: URL:http://www.osvdb.org/15

Name: CVE-2000-0040

Description:

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

Status:Entry
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)

Name: CVE-2000-0041

Description:

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

Status:Entry
Reference: BID:890
Reference: URL:http://www.securityfocus.com/bid/890
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections

Name: CVE-2000-0042

Description:

Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

Status:Entry
Reference: BID:895
Reference: URL:http://www.securityfocus.com/bid/895
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo

Name: CVE-2000-0043

Description:

Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:905
Reference: URL:http://www.securityfocus.com/bid/905
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: XF:camshot-http-get-overflow

Name: CVE-2000-0044

Description:

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

Status:Entry
Reference: BID:919
Reference: URL:http://www.securityfocus.com/bid/919
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: XF:warftp-macro-access-files

Name: CVE-2000-0045

Description:

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

Status:Entry
Reference: BID:926
Reference: URL:http://www.securityfocus.com/bid/926
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant

Name: CVE-2000-0048

Description:

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

Status:Entry
Reference: BID:928
Reference: URL:http://www.securityfocus.com/bid/928
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: XF:linux-corel-update

Name: CVE-2000-0050

Description:

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.

Status:Entry
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: BID:915
Reference: URL:http://www.securityfocus.com/bid/915
Reference: XF:allaire-webtop-access

Name: CVE-2000-0051

Description:

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.

Status:Entry
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/bid/916
Reference: XF:allaire-spectra-config-dos

Name: CVE-2000-0052

Description:

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Status:Entry
Reference: BID:913
Reference: URL:http://www.securityfocus.com/bid/913
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper

Name: CVE-2000-0053

Description:

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

Status:Entry
Reference: BID:912
Reference: URL:http://www.securityfocus.com/bid/912
Reference: MS:MS00-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-001
Reference: MSKB:Q246731
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731
Reference: XF:mcis-malformed-imap

Name: CVE-2000-0056

Description:

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.

Status:Entry
Reference: BID:914
Reference: URL:http://www.securityfocus.com/bid/914
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Reference: XF:imail-imonitor-status-dos

Name: CVE-2000-0057

Description:

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

Status:Entry
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: BID:917
Reference: URL:http://www.securityfocus.com/bid/917
Reference: XF:coldfusion-cfcache

Name: CVE-2000-0060

Description:

Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

Status:Entry
Reference: BID:894
Reference: URL:http://www.securityfocus.com/bid/894
Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.info/?l=bugtraq&m=94633851427858&w=2
Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.info/?l=ntbugtraq&m=94647711311057&w=2
Reference: XF:avirt-rover-pop3-dos(3765)
Reference: URL:http://www.iss.net/security_center/static/3765.php

Name: CVE-2000-0062

Description:

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Status:Entry
Reference: BID:922
Reference: URL:http://www.securityfocus.com/bid/922
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: XF:zope-dtml

Name: CVE-2000-0063

Description:

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

Status:Entry
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: XF:http-cgi-cgiproc-file-read

Name: CVE-2000-0064

Description:

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

Status:Entry
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: OSVDB:7583
Reference: URL:http://www.osvdb.org/7583
Reference: XF:http-cgi-cgiproc-dos

Name: CVE-2000-0065

Description:

Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: XF:inetserv-get-bo

Name: CVE-2000-0070

Description:

NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

Status:Entry
Reference: BID:934
Reference: URL:http://www.securityfocus.com/bid/934
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-003
Reference: MSKB:Q247869
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port

Name: CVE-2000-0072

Description:

Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.

Status:Entry
Reference: BID:937
Reference: URL:http://www.securityfocus.com/bid/937
Reference: BUGTRAQ:20000118 Warning: VCasel security hole.
Reference: URL:http://marc.info/?l=bugtraq&m=94823061421676&w=2
Reference: XF:vcasel-filename-trusting(3867)
Reference: URL:http://www.iss.net/security_center/static/3867.php

Name: CVE-2000-0073

Description:

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

Status:Entry
Reference: MS:MS00-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-005
Reference: MSKB:Q249973
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word

Name: CVE-2000-0075

Description:

Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.

Status:Entry
Reference: BID:930
Reference: URL:http://www.securityfocus.com/bid/930
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: XF:supermail-memleak-dos

Name: CVE-2000-0076

Description:

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

Status:Entry
Reference: BID:1439
Reference: URL:http://www.securityfocus.com/bid/1439
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.info/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000108
Reference: XF:nvi-delete-files

Name: CVE-2000-0080

Description:

AIX techlibss allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:931
Reference: URL:http://www.securityfocus.com/bid/931
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.info/?l=bugtraq&m=94757136413681&w=2
Reference: XF:aix-techlibss-symbolic-link

Name: CVE-2000-0083

Description:

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

Status:Entry
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms

Name: CVE-2000-0087

Description:

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

Status:Entry
Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape
Reference: URL:http://marc.info/?l=bugtraq&m=94790377622943&w=2
Reference: XF:netscape-mail-notify-plaintext(4385)
Reference: URL:http://www.iss.net/security_center/static/4385.php

Name: CVE-2000-0088

Description:

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

Status:Entry
Reference: BID:946
Reference: URL:http://www.securityfocus.com/bid/946
Reference: MS:MS00-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-002
Reference: XF:office-malformed-convert

Name: CVE-2000-0089

Description:

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Status:Entry
Reference: BID:947
Reference: URL:http://www.securityfocus.com/bid/947
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-004
Reference: MSKB:Q249108
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: XF:nt-rdisk-enum-file

Name: CVE-2000-0090

Description:

VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

Status:Entry
Reference: BID:943
Reference: URL:http://www.securityfocus.com/bid/943
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Reference: OSVDB:1205
Reference: URL:http://www.osvdb.org/1205
Reference: XF:linux-vmware-symlink

Name: CVE-2000-0091

Description:

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

Status:Entry
Reference: BID:942
Reference: URL:http://www.securityfocus.com/bid/942
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: MISC:http://www.inter7.com/vpopmail/
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog

Name: CVE-2000-0092

Description:

The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

Status:Entry
Reference: BID:939
Reference: URL:http://www.securityfocus.com/bid/939
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: XF:gnu-makefile-tmp-root

Name: CVE-2000-0094

Description:

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

Status:Entry
Reference: BID:940
Reference: URL:http://www.securityfocus.com/bid/940
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc
Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000
Reference: OSVDB:20760
Reference: URL:http://www.osvdb.org/20760
Reference: XF:netbsd-procfs(3995)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3995

Name: CVE-2000-0095

Description:

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

Status:Entry
Reference: BID:944
Reference: URL:http://www.securityfocus.com/bid/944
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041

Name: CVE-2000-0097

Description:

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

Status:Entry
Reference: BID:950
Reference: URL:http://www.securityfocus.com/bid/950
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Reference: OSVDB:1210
Reference: URL:http://www.osvdb.org/1210
Reference: XF:http-indexserver-dirtrans

Name: CVE-2000-0098

Description:

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

Status:Entry
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006

Name: CVE-2000-0099

Description:

Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

Status:Entry
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.info/?l=bugtraq&m=94848865112897&w=2

Name: CVE-2000-0100

Description:

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

Status:Entry
Reference: MS:MS00-012
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html

Name: CVE-2000-0107

Description:

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:958
Reference: URL:http://www.securityfocus.com/bid/958
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201

Name: CVE-2000-0111

Description:

The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.

Status:Entry
Reference: BID:953
Reference: URL:http://www.securityfocus.com/bid/953
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: XF:avt-rightfax-predict-session

Name: CVE-2000-0112

Description:

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

Status:Entry
Reference: BID:960
Reference: URL:http://www.securityfocus.com/bid/960
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.info/?l=bugtraq&m=94973075614088&w=2
Reference: XF:debian-mbr-bypass-security

Name: CVE-2000-0113

Description:

The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.

Status:Entry
Reference: BID:952
Reference: URL:http://www.securityfocus.com/bid/952
Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.info/?l=bugtraq&m=94934808714972&w=2
Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.info/?l=bugtraq&m=94952641025328&w=2
Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole
Reference: URL:http://marc.info/?l=bugtraq&m=94973281714994&w=2
Reference: CONFIRM:http://www.sybergen.com/support/fix.htm

Name: CVE-2000-0116

Description:

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

Status:Entry
Reference: BID:954
Reference: URL:http://www.securityfocus.com/bid/954
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: OSVDB:1212
Reference: URL:http://www.osvdb.org/1212
Reference: XF:http-script-bypass

Name: CVE-2000-0117

Description:

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

Status:Entry
Reference: BID:951
Reference: URL:http://www.securityfocus.com/bid/951
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords

Name: CVE-2000-0120

Description:

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.

Status:Entry
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/bid/955
Reference: XF:allaire-spectra-ras-access(4025)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4025

Name: CVE-2000-0121

Description:

The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

Status:Entry
Reference: BID:963
Reference: URL:http://www.securityfocus.com/bid/963
Reference: MS:MS00-007
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007
Reference: MSKB:Q248399
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000

Name: CVE-2000-0127

Description:

The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

Status:Entry
Reference: BID:969
Reference: URL:http://www.securityfocus.com/bid/969
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: XF:webspeed-adminutil-auth

Name: CVE-2000-0128

Description:

The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:20000204 "The Finger Server"
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: OSVDB:7610
Reference: URL:http://www.osvdb.org/7610
Reference: XF:finger-server-input

Name: CVE-2000-0130

Description:

Buffer overflow in SCO scohelp program allows remote attackers to execute commands.

Status:Entry
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.info/?l=bugtraq&m=94908470928258&w=2
Reference: SCO:SB-00.02a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a
Reference: XF:sco-help-bo

Name: CVE-2000-0131

Description:

Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Status:Entry
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.info/?l=bugtraq&m=94960703721503&w=2
Reference: OSVDB:4677
Reference: URL:http://www.osvdb.org/4677

Name: CVE-2000-0139

Description:

Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.

Status:Entry
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.info/?l=bugtraq&m=95021326417936&w=2

Name: CVE-2000-0140

Description:

Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.

Status:Entry
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.info/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3

Name: CVE-2000-0141

Description:

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

Status:Entry
Reference: BID:991
Reference: URL:http://www.securityfocus.com/bid/991
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb

Name: CVE-2000-0144

Description:

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

Status:Entry
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html

Name: CVE-2000-0145

Description:

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

Status:Entry
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0

Name: CVE-2000-0146

Description:

The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.

Status:Entry
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: XF:novell-groupwise-url-dos

Name: CVE-2000-0148

Description:

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Status:Entry
Reference: BID:975
Reference: URL:http://www.securityfocus.com/bid/975
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released

Name: CVE-2000-0149

Description:

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

Status:Entry
Reference: BID:977
Reference: URL:http://www.securityfocus.com/bid/977
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: OSVDB:254
Reference: URL:http://www.osvdb.org/254
Reference: XF:zeus-server-null-string(3982)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3982

Name: CVE-2000-0150

Description:

Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

Status:Entry
Reference: BID:979
Reference: URL:http://www.securityfocus.com/bid/979
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: CERT-VN:VU#328867
Reference: URL:http://www.kb.cert.org/vuls/id/328867
Reference: OSVDB:4417
Reference: URL:http://www.osvdb.org/4417

Name: CVE-2000-0152

Description:

Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.

Status:Entry
Reference: BID:976
Reference: URL:http://www.securityfocus.com/bid/976
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.
Reference: OSVDB:7468
Reference: URL:http://www.osvdb.org/7468

Name: CVE-2000-0156

Description:

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

Status:Entry
Reference: MS:MS00-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-009
Reference: OSVDB:7827
Reference: URL:http://www.osvdb.org/7827
Reference: XF:ie-image-source-redirect(3996)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3996

Name: CVE-2000-0157

Description:

NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.

Status:Entry
Reference: BID:992
Reference: URL:http://www.securityfocus.com/bid/992
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: XF:netbsd-ptrace

Name: CVE-2000-0159

Description:

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

Status:Entry
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

Name: CVE-2000-0161

Description:

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.

Status:Entry
Reference: BID:994
Reference: URL:http://www.securityfocus.com/bid/994
Reference: MS:MS00-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-010

Name: CVE-2000-0162

Description:

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

Status:Entry
Reference: MS:MS00-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011

Name: CVE-2000-0164

Description:

The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

Status:Entry
Reference: BID:1004
Reference: URL:http://www.securityfocus.com/bid/1004
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl
Reference: SUNBUG:4316521
Reference: XF:sims-temp-world-readable

Name: CVE-2000-0165

Description:

The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.

Status:Entry
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: CIAC:K-023
Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: XF:delegate-proxy-bo(4105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4195

Name: CVE-2000-0166

Description:

Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.

Status:Entry
Reference: BID:995
Reference: URL:http://www.securityfocus.com/bid/995
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: URL:http://marc.info/?l=bugtraq&m=95142756403323&w=2
Reference: XF:interaccess-telnet-login-bo

Name: CVE-2000-0168

Description:

Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.

Status:Entry
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: XF:win-dos-devicename-dos

Name: CVE-2000-0169

Description:

Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

Status:Entry
Reference: BID:1053
Reference: URL:http://www.securityfocus.com/bid/1053
Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html
Reference: XF:oracle-weblistener-remote-attack

Name: CVE-2000-0170

Description:

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

Status:Entry
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)

Name: CVE-2000-0171

Description:

atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.

Status:Entry
Reference: BID:1048
Reference: URL:http://www.securityfocus.com/bid/1048
Reference: BUGTRAQ:20000311 TESO advisory -- atsadc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html
Reference: XF:atsar-root-access

Name: CVE-2000-0172

Description:

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.

Status:Entry
Reference: BID:1038
Reference: URL:http://www.securityfocus.com/bid/1038
Reference: BUGTRAQ:20000303 Potential security problem with mtr
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: DEBIAN:20000309 mtr
Reference: FREEBSD:FreeBSD-SA-00:09

Name: CVE-2000-0174

Description:

StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-fileread

Name: CVE-2000-0175

Description:

Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.

Status:Entry
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo

Name: CVE-2000-0178

Description:

ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.

Status:Entry
Reference: BID:1017
Reference: URL:http://www.securityfocus.com/bid/1017
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
Reference: MISC:http://www.foundrynet.com/bugTraq.html

Name: CVE-2000-0179

Description:

HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.

Status:Entry
Reference: BID:1015
Reference: URL:http://www.securityfocus.com/bid/1015
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html
Reference: HP:HPSBUX0006-115
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115
Reference: XF:omniback-connection-dos

Name: CVE-2000-0180

Description:

Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1052
Reference: URL:http://www.securityfocus.com/bid/1052
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html
Reference: XF:sojourn-file-read(4197)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4197

Name: CVE-2000-0181

Description:

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.

Status:Entry
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: OSVDB:1256
Reference: URL:http://www.osvdb.org/1256

Name: CVE-2000-0182

Description:

iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.

Status:Entry
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1

Name: CVE-2000-0183

Description:

Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.

Status:Entry
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: REDHAT:RHSA-2000:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html

Name: CVE-2000-0184

Description:

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

Status:Entry
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html

Name: CVE-2000-0185

Description:

RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.

Status:Entry
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html

Name: CVE-2000-0186

Description:

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

Status:Entry
Reference: BID:1020
Reference: URL:http://www.securityfocus.com/bid/1020
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
Reference: REDHAT:RHSA-2000:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html
Reference: TURBO:TLSA200007-1

Name: CVE-2000-0189

Description:

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

Status:Entry
Reference: BID:1021
Reference: URL:http://www.securityfocus.com/bid/1021
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path

Name: CVE-2000-0191

Description:

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

Status:Entry
Reference: BID:1025
Reference: URL:http://www.securityfocus.com/bid/1025
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se
Reference: OSVDB:19
Reference: URL:http://www.osvdb.org/19
Reference: XF:axis-storpoint-auth

Name: CVE-2000-0192

Description:

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.

Status:Entry
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html

Name: CVE-2000-0193

Description:

The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

Status:Entry
Reference: BID:1030
Reference: URL:http://www.securityfocus.com/bid/1030
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au
Reference: XF:linux-dosemu-config

Name: CVE-2000-0194

Description:

buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.

Status:Entry
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html

Name: CVE-2000-0195

Description:

setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.

Status:Entry
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: XF:corel-linux-setxconf-root

Name: CVE-2000-0196

Description:

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

Status:Entry
Reference: BID:1018
Reference: URL:http://www.securityfocus.com/bid/1018
Reference: DEBIAN:20000229
Reference: REDHAT:RHSA-2000:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html

Name: CVE-2000-0200

Description:

Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.

Status:Entry
Reference: BID:1034
Reference: URL:http://www.securityfocus.com/bid/1034
Reference: MS:MS00-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-015

Name: CVE-2000-0201

Description:

The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

Status:Entry
Reference: BID:1033
Reference: URL:http://www.securityfocus.com/bid/1033
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files

Name: CVE-2000-0202

Description:

Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.

Status:Entry
Reference: BID:1041
Reference: URL:http://www.securityfocus.com/bid/1041
Reference: MS:MS00-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-014

Name: CVE-2000-0206

Description:

The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.

Status:Entry
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html

Name: CVE-2000-0207

Description:

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BID:1031
Reference: URL:http://www.securityfocus.com/bid/1031
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
Reference: SGI:20000501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P
Reference: XF:irix-infosrch-fname

Name: CVE-2000-0208

Description:

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

Status:Entry
Reference: BID:1026
Reference: URL:http://www.securityfocus.com/bid/1026
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Reference: DEBIAN:20000227
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: TURBO:TLSA200005-1

Name: CVE-2000-0209

Description:

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

Status:Entry
Reference: BID:1012
Reference: URL:http://www.securityfocus.com/bid/1012
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
Reference: FREEBSD:FreeBSD-SA-00:08

Name: CVE-2000-0210

Description:

The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

Status:Entry
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...

Name: CVE-2000-0211

Description:

The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.

Status:Entry
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000
Reference: MS:MS00-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-013
Reference: XF:win-media-dos

Name: CVE-2000-0212

Description:

InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.

Status:Entry
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: XF:interaccess-telnet-dos(4033)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4033

Name: CVE-2000-0215

Description:

Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.

Status:Entry
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019
Reference: SCO:SB-00.05

Name: CVE-2000-0217

Description:

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

Status:Entry
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006
Reference: BUGTRAQ:20000224 SSH & xauth

Name: CVE-2000-0218

Description:

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

Status:Entry
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt
Reference: OSVDB:6980
Reference: URL:http://www.osvdb.org/6980
Reference: OSVDB:7004
Reference: URL:http://www.osvdb.org/7004
Reference: SUSE:20000210 util < 2.10f

Name: CVE-2000-0221

Description:

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Status:Entry
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009
Reference: BUGTRAQ:20000225 Scorpion Marlin

Name: CVE-2000-0222

Description:

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

Status:Entry
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr

Name: CVE-2000-0223

Description:

Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.

Status:Entry
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html

Name: CVE-2000-0224

Description:

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

Status:Entry
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
Reference: SCO:SSE063
Reference: XF:sco-openserver-arc-symlink

Name: CVE-2000-0225

Description:

The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.

Status:Entry
Reference: BID:1032
Reference: URL:http://www.securityfocus.com/bid/1032
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER
Reference: OSVDB:259
Reference: URL:http://www.osvdb.org/259
Reference: XF:telnet-pocsag

Name: CVE-2000-0226

Description:

IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."

Status:Entry
Reference: BID:1066
Reference: URL:http://www.securityfocus.com/bid/1066
Reference: MS:MS00-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-018
Reference: XF:iis-chunked-encoding-dos

Name: CVE-2000-0228

Description:

Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.

Status:Entry
Reference: BID:1058
Reference: URL:http://www.securityfocus.com/bid/1058
Reference: MS:MS00-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-016
Reference: XF:mwmt-malformed-media-license

Name: CVE-2000-0229

Description:

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

Status:Entry
Reference: BID:1069
Reference: URL:http://www.securityfocus.com/bid/1069
Reference: BUGTRAQ:20000322 gpm-root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
Reference: REDHAT:RHSA-2000:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html
Reference: REDHAT:RHSA-2000:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html
Reference: SUSE:20000405 Security hole in gpm < 1.18.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html
Reference: XF:linux-gpm-root

Name: CVE-2000-0230

Description:

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.

Status:Entry
Reference: BID:1060
Reference: URL:http://www.securityfocus.com/bid/1060
Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-bo

Name: CVE-2000-0231

Description:

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Status:Entry
Reference: BID:1061
Reference: URL:http://www.securityfocus.com/bid/1061
Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html
Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b
Reference: XF:linux-kreatecd-path

Name: CVE-2000-0232

Description:

Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

Status:Entry
Reference: BID:1082
Reference: URL:http://www.securityfocus.com/bid/1082
Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html
Reference: MS:MS00-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-021
Reference: XF:win-tcpip-printing-dos

Name: CVE-2000-0233

Description:

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

Status:Entry
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html
Reference: XF:linux-imap-remote-unauthorized-access

Name: CVE-2000-0234

Description:

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

Status:Entry
Reference: BID:1083
Reference: URL:http://www.securityfocus.com/bid/1083
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: XF:cobalt-raq-remote-access

Name: CVE-2000-0235

Description:

Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

Status:Entry
Reference: BID:1070
Reference: URL:http://www.securityfocus.com/bid/1070
Reference: FREEBSD:FreeBSD-SA-00:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc
Reference: OSVDB:1263
Reference: URL:http://www.osvdb.org/1263
Reference: XF:freebsd-orvillewrite-bo

Name: CVE-2000-0236

Description:

Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.

Status:Entry
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: XF:netscape-server-directory-indexing

Name: CVE-2000-0237

Description:

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

Status:Entry
Reference: BID:1075
Reference: URL:http://www.securityfocus.com/bid/1075
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Reference: XF:netscape-webpublisher-invalid-access

Name: CVE-2000-0238

Description:

Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1064
Reference: URL:http://www.securityfocus.com/bid/1064
Reference: BUGTRAQ:20000317 DoS with NAVIEG
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us
Reference: XF:nav-email-gateway-dos

Name: CVE-2000-0240

Description:

vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.

Status:Entry
Reference: BID:1067
Reference: URL:http://www.securityfocus.com/bid/1067
Reference: BUGTRAQ:20000321 vqserver /........../
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: OSVDB:270
Reference: URL:http://www.osvdb.org/270
Reference: XF:vqserver-dir-traverse

Name: CVE-2000-0243

Description:

AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.

Status:Entry
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:1265
Reference: URL:http://www.osvdb.org/1265
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4189

Name: CVE-2000-0245

Description:

Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

Status:Entry
Reference: BID:1079
Reference: URL:http://www.securityfocus.com/bid/1079
Reference: BUGTRAQ:20000328 Objectserver vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil
Reference: CIAC:K-030
Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml
Reference: OSVDB:1267
Reference: URL:http://www.osvdb.org/1267
Reference: SGI:20000303-01-PX
Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX
Reference: XF:irix-objectserver-create-accounts(4206)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4206

Name: CVE-2000-0246

Description:

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Status:Entry
Reference: BID:1081
Reference: URL:http://www.securityfocus.com/bid/1081
Reference: MS:MS00-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019
Reference: MSKB:Q249599
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599
Reference: XF:iis-virtual-unc-share

Name: CVE-2000-0247

Description:

Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.

Status:Entry
Reference: BID:1842
Reference: URL:http://www.securityfocus.com/bid/1842
Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html
Reference: FREEBSD:FreeBSD-SA-00:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt
Reference: XF:generic-nqs-local-root(4306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4306

Name: CVE-2000-0249

Description:

The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

Status:Entry
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: XF:aix-frcactrl

Name: CVE-2000-0251

Description:

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

Status:Entry
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: XF:hp-virtual-vault

Name: CVE-2000-0252

Description:

The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: XF:dansie-shell-metacharacters(4975)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4975

Name: CVE-2000-0253

Description:

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: XF:shopping-cart-form-tampering(4621)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4621

Name: CVE-2000-0254

Description:

The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: XF:dansie-form-variables(4954)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4954

Name: CVE-2000-0255

Description:

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.

Status:Entry
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: XF:nbase-xyplex-router

Name: CVE-2000-0257

Description:

Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.

Status:Entry
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: XF:netware-remote-admin-overflow

Name: CVE-2000-0258

Description:

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

Status:Entry
Reference: BID:1101
Reference: URL:http://www.securityfocus.com/bid/1101
Reference: MS:MS00-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023

Name: CVE-2000-0260

Description:

Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.

Status:Entry
Reference: BID:1109
Reference: URL:http://www.securityfocus.com/bid/1109
Reference: MS:MS00-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-025
Reference: OSVDB:282
Reference: URL:http://www.osvdb.org/282

Name: CVE-2000-0261

Description:

The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: OSVDB:1282
Reference: URL:http://www.osvdb.org/1282
Reference: XF:ken-download-files

Name: CVE-2000-0262

Description:

The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-dos

Name: CVE-2000-0263

Description:

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: XF:redhat-fontserver-dos

Name: CVE-2000-0264

Description:

Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.

Status:Entry
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges

Name: CVE-2000-0265

Description:

Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.

Status:Entry
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-uninstall-program

Name: CVE-2000-0267

Description:

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.

Status:Entry
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: OSVDB:1288
Reference: URL:http://www.osvdb.org/1288
Reference: XF:cisco-catalyst-password-bypass

Name: CVE-2000-0268

Description:

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.

Status:Entry
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: OSVDB:1289
Reference: URL:http://www.osvdb.org/1289
Reference: XF:cisco-ios-option-handling

Name: CVE-2000-0272

Description:

RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.

Status:Entry
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=95625288231045&w=2
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos

Name: CVE-2000-0273

Description:

PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.

Status:Entry
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: XF:pcanywhere-login-dos

Name: CVE-2000-0274

Description:

The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.

Status:Entry
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: XF:linux-trustees-patch-dos

Name: CVE-2000-0276

Description:

BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.

Status:Entry
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: XF:beos-syscall-dos

Name: CVE-2000-0277

Description:

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

Status:Entry
Reference: BID:1087
Reference: URL:http://www.securityfocus.com/bid/1087
Reference: MS:MS00-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-022
Reference: OSVDB:1272
Reference: URL:http://www.osvdb.org/1272

Name: CVE-2000-0278

Description:

The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.

Status:Entry
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: XF:eviewer-admin-request-dos

Name: CVE-2000-0279

Description:

BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.

Status:Entry
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: XF:beos-networking-dos

Name: CVE-2000-0282

Description:

TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.

Status:Entry
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: XF:talentsoft-web-input

Name: CVE-2000-0283

Description:

The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.

Status:Entry
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: XF:irix-pmcd-info

Name: CVE-2000-0285

Description:

Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.

Status:Entry
Reference: BID:1306
Reference: URL:http://www.securityfocus.com/bid/1306
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html
Reference: XF:xfree86-xkbmap-parameter-bo

Name: CVE-2000-0287

Description:

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.

Status:Entry
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: XF:http-cgi-bizdb

Name: CVE-2000-0289

Description:

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

Status:Entry
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
Reference: XF:linux-masquerading-dos

Name: CVE-2000-0290

Description:

Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: BID:1822
Reference: URL:http://www.securityfocus.com/bid/1822
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html
Reference: XF:macos-webstar-get-bo(4792)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4792

Name: CVE-2000-0292

Description:

The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.

Status:Entry
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: XF:adtran-ping-dos

Name: CVE-2000-0294

Description:

Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.

Status:Entry
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: OSVDB:606
Reference: URL:http://www.osvdb.org/606
Reference: XF:freebsd-healthd

Name: CVE-2000-0296

Description:

fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.

Status:Entry
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: XF:fcheck-shell

Name: CVE-2000-0297

Description:

Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.

Status:Entry
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: OSVDB:1270
Reference: URL:http://www.osvdb.org/1270
Reference: XF:allaire-forums-allaccess

Name: CVE-2000-0298

Description:

The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.

Status:Entry
Reference: BID:1758
Reference: URL:http://www.securityfocus.com/bid/1758
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html
Reference: XF:win2k-unattended-install(4278)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4278

Name: CVE-2000-0301

Description:

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

Status:Entry
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.info/?l=bugtraq&m=95505800117143&w=2
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: XF:ipswitch-imail-dos

Name: CVE-2000-0302

Description:

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

Status:Entry
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.info/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006
Reference: OSVDB:271
Reference: URL:http://www.osvdb.org/271
Reference: XF:http-indexserver-asp-source

Name: CVE-2000-0303

Description:

Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.

Status:Entry
Reference: BID:1169
Reference: URL:http://www.securityfocus.com/bid/1169
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: OSVDB:7531
Reference: URL:http://www.osvdb.org/7531
Reference: XF:quake3-auto-download

Name: CVE-2000-0304

Description:

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

Status:Entry
Reference: BID:1191
Reference: URL:http://www.securityfocus.com/bid/1191
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031
Reference: XF:iis-authchangeurl-dos

Name: CVE-2000-0305

Description:

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.

Status:Entry
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-029
Reference: XF:ip-fragment-reassembly-dos

Name: CVE-2000-0306

Description:

Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.

Status:Entry
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a

Name: CVE-2000-0307

Description:

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.

Status:Entry
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b

Name: CVE-2000-0308

Description:

Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

Status:Entry
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a

Name: CVE-2000-0309

Description:

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

Status:Entry
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap
Reference: OSVDB:6126
Reference: URL:http://www.osvdb.org/6126

Name: CVE-2000-0310

Description:

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

Status:Entry
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue
Reference: OSVDB:7539
Reference: URL:http://www.osvdb.org/7539

Name: CVE-2000-0311

Description:

The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

Status:Entry
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145
Reference: MS:MS00-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026
Reference: XF:ms-mixed-object

Name: CVE-2000-0313

Description:

Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.

Status:Entry
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia
Reference: OSVDB:7540
Reference: URL:http://www.osvdb.org/7540

Name: CVE-2000-0314

Description:

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

Status:Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.info/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7574
Reference: URL:http://www.osvdb.org/7574

Name: CVE-2000-0315

Description:

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

Status:Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.info/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7575
Reference: URL:http://www.osvdb.org/7575

Name: CVE-2000-0316

Description:

Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

Status:Entry
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: SUNBUG:4314312
Reference: XF:solaris-lp-bo

Name: CVE-2000-0318

Description:

Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.

Status:Entry
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: XF:mercur-remote-dot-attack

Name: CVE-2000-0319

Description:

mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

Status:Entry
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: XF:sendmail-maillocal-dos

Name: CVE-2000-0320

Description:

Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

Status:Entry
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: XF:qpopper-fgets-spoofing

Name: CVE-2000-0322

Description:

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: REDHAT:RHSA-2000:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html
Reference: XF:piranha-passwd-execute

Name: CVE-2000-0323

Description:

The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

Status:Entry
Reference: BID:595
Reference: URL:https://www.securityfocus.com/bid/595
Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org
Reference: MS:MS99-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-030
Reference: XF:jet-text-isam
Reference: URL:https://web.archive.org/web/20000819203059/http://xforce.iss.net:80/alerts/vol-4_num-7.php#jet-text-isam

Name: CVE-2000-0324

Description:

pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.

Status:Entry
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
Reference: OSVDB:1301
Reference: URL:http://www.osvdb.org/1301
Reference: XF:pcanywhere-tcpsyn-dos(4347)
Reference: URL:http://www.iss.net/security_center/static/4347.php

Name: CVE-2000-0327

Description:

Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.

Status:Entry
Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
Reference: URL:http://marc.info/?l=bugtraq&m=93993545118416&w=2
Reference: MS:MS99-045
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-045
Reference: XF:msvm-verifier-java

Name: CVE-2000-0328

Description:

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

Status:Entry
Reference: BID:604
Reference: URL:http://www.securityfocus.com/bid/604
Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1
Reference: MS:MS99-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-046
Reference: XF:nt-sequence-prediction-sp4
Reference: XF:tcp-seq-predict

Name: CVE-2000-0329

Description:

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

Status:Entry
Reference: MS:MS99-048
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048
Reference: XF:ie-active-setup-control

Name: CVE-2000-0330

Description:

The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.

Status:Entry
Reference: MS:MS99-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-049
Reference: XF:win-fileurl-overflow

Name: CVE-2000-0331

Description:

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.

Status:Entry
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-027
Reference: XF:nt-cmd-overflow

Name: CVE-2000-0332

Description:

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.

Status:Entry
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: OSVDB:1309
Reference: URL:http://www.osvdb.org/1309
Reference: OSVDB:4065
Reference: URL:http://www.osvdb.org/4065
Reference: XF:ultraboard-printabletopic-fileread

Name: CVE-2000-0334

Description:

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.

Status:Entry
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: URL:http://www.securityfocus.com/bid/1181
Reference: XF:allaire-spectra-container-editor-preview

Name: CVE-2000-0335

Description:

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

Status:Entry
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: XF:glibc-resolver-id-predictable

Name: CVE-2000-0336

Description:

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/bid/1232
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: REDHAT:RHSA-2000:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: XF:openldap-symlink-attack

Name: CVE-2000-0337

Description:

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

Status:Entry
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo

Name: CVE-2000-0338

Description:

Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

Status:Entry
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136
Reference: BUGTRAQ:20000423 CVS DoS
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl
Reference: XF:cvs-tempfile-dos

Name: CVE-2000-0339

Description:

ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.

Status:Entry
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: OSVDB:1294
Reference: URL:http://www.osvdb.org/1294
Reference: XF:zonealarm-portscan

Name: CVE-2000-0340

Description:

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.

Status:Entry
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: XF:linux-gnomelib-bo

Name: CVE-2000-0341

Description:

ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.

Status:Entry
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.info/?l=ntbugtraq&m=95736106504870&w=2
Reference: XF:nntpserver-cassandra-bo

Name: CVE-2000-0342

Description:

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

Status:Entry
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: XF:eudora-warning-message

Name: CVE-2000-0344

Description:

The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

Status:Entry
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: XF:linux-knfsd-dos

Name: CVE-2000-0346

Description:

AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.

Status:Entry
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range

Name: CVE-2000-0347

Description:

Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.

Status:Entry
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.info/?l=ntbugtraq&m=95737580922397&w=2
Reference: XF:win-netbios-source-null

Name: CVE-2000-0348

Description:

A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.

Status:Entry
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a

Name: CVE-2000-0349

Description:

Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.

Status:Entry
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a

Name: CVE-2000-0350

Description:

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.

Status:Entry
Reference: BID:1216
Reference: URL:http://www.securityfocus.com/bid/1216
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: OSVDB:312
Reference: URL:http://www.osvdb.org/312
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default

Name: CVE-2000-0351

Description:

Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.

Status:Entry
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b

Name: CVE-2000-0352

Description:

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

Status:Entry
Reference: BID:810
Reference: URL:http://www.securityfocus.com/bid/810
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
Reference: XF:pine-remote-exe

Name: CVE-2000-0353

Description:

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Status:Entry
Reference: BID:1247
Reference: URL:http://www.securityfocus.com/bid/1247
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html
Reference: XF:pine-lynx-execute-commands

Name: CVE-2000-0354

Description:

mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.

Status:Entry
Reference: BID:681
Reference: URL:http://www.securityfocus.com/bid/681
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html
Reference: XF:mirror-perl-remote-file-creation

Name: CVE-2000-0356

Description:

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

Status:Entry
Reference: BID:697
Reference: URL:http://www.securityfocus.com/bid/697
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login

Name: CVE-2000-0359

Description:

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

Status:Entry
Reference: BID:1248
Reference: URL:http://www.securityfocus.com/bid/1248
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html
Reference: XF:thttpd-ifmodifiedsince-header-dos

Name: CVE-2000-0360

Description:

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

Status:Entry
Reference: BID:1249
Reference: URL:http://www.securityfocus.com/bid/1249
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html
Reference: XF:inn-remote-dos

Name: CVE-2000-0361

Description:

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

Status:Entry
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html
Reference: XF:wvdial-gain-dialup-info

Name: CVE-2000-0362

Description:

Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.

Status:Entry
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: XF:linux-cdda2cdr

Name: CVE-2000-0363

Description:

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

Status:Entry
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: XF:linux-cdda2cdr

Name: CVE-2000-0366

Description:

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

Status:Entry
Reference: BID:1442
Reference: URL:http://www.securityfocus.com/bid/1442
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership

Name: CVE-2000-0367

Description:

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.

Status:Entry
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

Name: CVE-2000-0368

Description:

Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Status:Entry
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml

Name: CVE-2000-0369

Description:

The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1266
Reference: URL:http://www.securityfocus.com/bid/1266
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: XF:caldera-ident-server-dos

Name: CVE-2000-0370

Description:

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

Status:Entry
Reference: BID:1268
Reference: URL:http://www.securityfocus.com/bid/1268
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: XF:caldera-smail-rmail-command

Name: CVE-2000-0371

Description:

The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1269
Reference: URL:http://www.securityfocus.com/bid/1269
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: XF:kde-mediatool

Name: CVE-2000-0372

Description:

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: OSVDB:7940
Reference: URL:http://www.osvdb.org/7940
Reference: XF:linux-rmt(2268)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2268

Name: CVE-2000-0373

Description:

Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt(2266)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2266

Name: CVE-2000-0374

Description:

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

Status:Entry
Reference: BID:1446
Reference: URL:http://www.securityfocus.com/bid/1446
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: MANDRAKE:MDKSA-2002:025
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025
Reference: XF:xdmcp-kdm-default-configuration(4856)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4856

Name: CVE-2000-0375

Description:

The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: OSVDB:6084
Reference: URL:http://www.osvdb.org/6084

Name: CVE-2000-0376

Description:

Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1324
Reference: URL:http://www.securityfocus.com/bid/1324
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: XF:idrive-filo-bo

Name: CVE-2000-0377

Description:

The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.

Status:Entry
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331
Reference: MS:MS00-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-040
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: OVAL:oval:org.mitre.oval:def:1021
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1021
Reference: XF:nt-registry-request-dos

Name: CVE-2000-0378

Description:

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Status:Entry
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: XF:linux-pam-sniff-activities

Name: CVE-2000-0379

Description:

The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.

Status:Entry
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: XF:netopia-snmp-comm-strings

Name: CVE-2000-0380

Description:

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

Status:Entry
Reference: BID:1154
Reference: URL:http://www.securityfocus.com/bid/1154
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: OSVDB:1302
Reference: URL:http://www.osvdb.org/1302
Reference: XF:cisco-ios-http-dos

Name: CVE-2000-0381

Description:

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.

Status:Entry
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db

Name: CVE-2000-0382

Description:

ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.

Status:Entry
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

Name: CVE-2000-0387

Description:

The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: XF:golddig-overwrite-files

Name: CVE-2000-0388

Description:

Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.

Status:Entry
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: XF:libmytinfo-bo

Name: CVE-2000-0389

Description:

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo

Name: CVE-2000-0390

Description:

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: OSVDB:4884
Reference: URL:http://www.osvdb.org/4884
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb425-conv-principal-bo

Name: CVE-2000-0391

Description:

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: OSVDB:4876
Reference: URL:http://www.osvdb.org/4876
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo

Name: CVE-2000-0392

Description:

Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo

Name: CVE-2000-0393

Description:

The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

Status:Entry
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
Reference: XF:kscd-shell-env-variable

Name: CVE-2000-0394

Description:

NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.

Status:Entry
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.info/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos

Name: CVE-2000-0395

Description:

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.

Status:Entry
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos

Name: CVE-2000-0396

Description:

The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.

Status:Entry
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: XF:carello-file-duplication

Name: CVE-2000-0397

Description:

The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.

Status:Entry
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access

Name: CVE-2000-0398

Description:

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.

Status:Entry
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: XF:mailsite-get-overflow

Name: CVE-2000-0399

Description:

Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.

Status:Entry
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos

Name: CVE-2000-0402

Description:

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Status:Entry
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: MS:MS00-035
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog

Name: CVE-2000-0403

Description:

The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.

Status:Entry
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261
Reference: MS:MS00-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-036
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement

Name: CVE-2000-0404

Description:

The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.

Status:Entry
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: MS:MS00-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-036
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: XF:win-browser-reset-frame

Name: CVE-2000-0405

Description:

Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.

Status:Entry
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: OSVDB:3179
Reference: URL:http://www.osvdb.org/3179
Reference: XF:antisniff-dns-overflow

Name: CVE-2000-0406

Description:

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Status:Entry
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
Reference: REDHAT:RHSA-2000:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: XF:netscape-invalid-ssl-sessions

Name: CVE-2000-0407

Description:

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Status:Entry
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo

Name: CVE-2000-0408

Description:

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.

Status:Entry
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos

Name: CVE-2000-0409

Description:

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

Status:Entry
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: XF:netscape-import-certificate-symlink

Name: CVE-2000-0410

Description:

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

Status:Entry
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos

Name: CVE-2000-0411

Description:

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.

Status:Entry
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment

Name: CVE-2000-0414

Description:

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

Status:Entry
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges

Name: CVE-2000-0416

Description:

NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.

Status:Entry
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy

Name: CVE-2000-0417

Description:

The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.

Status:Entry
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-router-dos

Name: CVE-2000-0418

Description:

The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.

Status:Entry
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos

Name: CVE-2000-0419

Description:

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

Status:Entry
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: CERT:CA-2000-07
Reference: URL:http://www.cert.org/advisories/CA-2000-07.html
Reference: MS:MS00-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: XF:office-ua-control

Name: CVE-2000-0421

Description:

The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call

Name: CVE-2000-0424

Description:

The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: XF:http-cgi-burgyan-counter

Name: CVE-2000-0425

Description:

Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: XF:http-cgi-listserv-wa-bo

Name: CVE-2000-0426

Description:

UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.

Status:Entry
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: XF:ultraboard-cgi-dos

Name: CVE-2000-0427

Description:

The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.

Status:Entry
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: OSVDB:3266
Reference: URL:http://www.osvdb.org/3266
Reference: XF:aladdin-etoken-pin-reset

Name: CVE-2000-0428

Description:

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.

Status:Entry
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: XF:interscan-viruswall-bo

Name: CVE-2000-0430

Description:

Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.

Status:Entry
Reference: BID:1358
Reference: URL:http://www.securityfocus.com/bid/1358
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.info/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate

Name: CVE-2000-0431

Description:

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

Status:Entry
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: OSVDB:1346
Reference: URL:http://www.osvdb.org/1346
Reference: XF:cobalt-cgiwrap-bypass

Name: CVE-2000-0432

Description:

The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: XF:http-cgi-calendar-execute

Name: CVE-2000-0435

Description:

The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.

Status:Entry
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: OSVDB:1337
Reference: URL:http://www.osvdb.org/1337
Reference: XF:http-cgi-allmanage-account-access

Name: CVE-2000-0436

Description:

MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: XF:offline-explorer-directory-traversal

Name: CVE-2000-0437

Description:

Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.

Status:Entry
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: OSVDB:322
Reference: URL:http://www.osvdb.org/322
Reference: XF:gauntlet-cyberdaemon-bo

Name: CVE-2000-0438

Description:

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

Status:Entry
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo

Name: CVE-2000-0439

Description:

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

Status:Entry
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: OSVDB:1326
Reference: URL:http://www.osvdb.org/1326
Reference: XF:ie-cookie-disclosure(4447)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4447

Name: CVE-2000-0440

Description:

NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

Status:Entry
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: XF:netbsd-unaligned-ip-options

Name: CVE-2000-0441

Description:

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

Status:Entry
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: XF:aix-local-filesystem

Name: CVE-2000-0442

Description:

Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

Status:Entry
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html
Reference: XF:qualcomm-qpopper-euidl

Name: CVE-2000-0443

Description:

The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: OSVDB:1350
Reference: URL:http://www.osvdb.org/1350
Reference: XF:hp-jetadmin-directory-traversal

Name: CVE-2000-0445

Description:

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Status:Entry
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: CERT:CA-2000-09
Reference: URL:http://www.cert.org/advisories/CA-2000-09.html
Reference: OSVDB:1355
Reference: URL:http://www.osvdb.org/1355
Reference: XF:pgp-key-predictable

Name: CVE-2000-0446

Description:

Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo

Name: CVE-2000-0447

Description:

Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.

Status:Entry
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: OSVDB:327
Reference: URL:http://www.osvdb.org/327
Reference: XF:nai-webshield-bo

Name: CVE-2000-0448

Description:

The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.

Status:Entry
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: OSVDB:326
Reference: URL:http://www.osvdb.org/326
Reference: XF:nai-webshield-getconfig

Name: CVE-2000-0451

Description:

The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.

Status:Entry
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: XF:intel-8100-remote-dos

Name: CVE-2000-0452

Description:

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.

Status:Entry
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: OSVDB:321
Reference: URL:http://www.osvdb.org/321
Reference: XF:lotus-domino-esmtp-bo

Name: CVE-2000-0453

Description:

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

Status:Entry
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: CALDERA:CSSA-2000-012.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt

Name: CVE-2000-0454

Description:

Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.

Status:Entry
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: XF:linux-cdrecord-execute

Name: CVE-2000-0455

Description:

Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.

Status:Entry
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: XF:xlock-bo-read-passwd

Name: CVE-2000-0456

Description:

NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".

Status:Entry
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: OSVDB:1365
Reference: URL:http://www.osvdb.org/1365
Reference: XF:bsd-syscall-cpu-dos

Name: CVE-2000-0457

Description:

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Status:Entry
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.info/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031
Reference: XF:iis-ism-file-access(4448)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4448

Name: CVE-2000-0458

Description:

The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.

Status:Entry
Reference: BID:1360
Reference: URL:http://www.securityfocus.com/bid/1360
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.info/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-tmpfile-view

Name: CVE-2000-0459

Description:

IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.

Status:Entry
Reference: BID:1361
Reference: URL:http://www.securityfocus.com/bid/1361
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.info/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-wordfile-dos

Name: CVE-2000-0460

Description:

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

Status:Entry
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: XF:kde-display-environment-overflow

Name: CVE-2000-0461

Description:

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

Status:Entry
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: XF:bsd-semaphore-dos

Name: CVE-2000-0462

Description:

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.

Status:Entry
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: OSVDB:1366
Reference: URL:http://www.osvdb.org/1366
Reference: XF:netbsd-ftpchroot-parsing

Name: CVE-2000-0463

Description:

BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.

Status:Entry
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos

Name: CVE-2000-0464

Description:

Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.

Status:Entry
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute

Name: CVE-2000-0465

Description:

Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: MSKB:Q251108
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: XF:ie-frame-domain-verification

Name: CVE-2000-0466

Description:

AIX cdmount allows local users to gain root privileges via shell metacharacters.

Status:Entry
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: XF:aix-cdmount-insecure-call

Name: CVE-2000-0467

Description:

Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.

Status:Entry
Reference: BID:1346
Reference: URL:http://www.securityfocus.com/bid/1346
Reference: BUGTRAQ:20000614 Splitvt exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
Reference: DEBIAN:20000605a
Reference: XF:splitvt-screen-lock-bo

Name: CVE-2000-0468

Description:

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1302
Reference: URL:http://www.securityfocus.com/bid/1302
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
Reference: XF:hp-man-file-overwrite

Name: CVE-2000-0469

Description:

Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: XF:webbanner-input-validation-exe

Name: CVE-2000-0470

Description:

Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.

Status:Entry
Reference: BID:1290
Reference: URL:http://www.securityfocus.com/bid/1290
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
Reference: XF:rompager-malformed-dos(4588)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4588

Name: CVE-2000-0471

Description:

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

Status:Entry
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: CERT-VN:VU#36866
Reference: URL:http://www.kb.cert.org/vuls/id/36866
Reference: OSVDB:1398
Reference: URL:http://www.osvdb.org/1398
Reference: SUN:00210
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210
Reference: SUNBUG:4339366
Reference: XF:sol-ufsrestore-bo(4711)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4711

Name: CVE-2000-0472

Description:

Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

Status:Entry
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: BUGTRAQ:20000707 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: XF:innd-cancel-overflow(4615)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4615

Name: CVE-2000-0474

Description:

Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.

Status:Entry
Reference: BID:1288
Reference: URL:http://www.securityfocus.com/bid/1288
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
Reference: XF:realserver-malformed-remote-dos(4587)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4587

Name: CVE-2000-0475

Description:

Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.

Status:Entry
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350
Reference: MS:MS00-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-020
Reference: XF:win2k-desktop-separation(4714)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4714

Name: CVE-2000-0477

Description:

Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.

Status:Entry
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: XF:antivirus-nav-zip-bo(4710)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4710

Name: CVE-2000-0478

Description:

In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.

Status:Entry
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: OSVDB:6266
Reference: URL:http://www.osvdb.org/6266
Reference: XF:antivirus-nav-fail-open(4709)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4709

Name: CVE-2000-0481

Description:

Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

Status:Entry
Reference: BID:1380
Reference: URL:http://www.securityfocus.com/bid/1380
Reference: VULN-DEV:20000601 Kmail heap overflow
Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
Reference: XF:kde-kmail-attachment-dos(4993)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4993

Name: CVE-2000-0482

Description:

Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.

Status:Entry
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: OSVDB:1379
Reference: URL:http://www.osvdb.org/1379
Reference: XF:fw1-packet-fragment-dos(4609)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4609

Name: CVE-2000-0483

Description:

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Status:Entry
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
Reference: REDHAT:RHSA-2000:038
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-038.html
Reference: XF:zope-dtml-remote-modify(4716)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4716

Name: CVE-2000-0484

Description:

Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=96113651713414&w=2
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.info/?l=ntbugtraq&m=96151775004229&w=2
Reference: XF:small-http-get-overflow-dos(4692)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4692

Name: CVE-2000-0485

Description:

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

Status:Entry
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Reference: URL:http://www.securityfocus.com/archive/1/62771
Reference: MS:MS00-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041
Reference: XF:mssql-dts-reveal-passwords(4582)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4582

Name: CVE-2000-0486

Description:

Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.

Status:Entry
Reference: BID:1293
Reference: URL:http://www.securityfocus.com/bid/1293
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: XF:tacacsplus-packet-length-dos(4985)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4985

Name: CVE-2000-0488

Description:

Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.

Status:Entry
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4580

Name: CVE-2000-0489

Description:

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

Status:Entry
Reference: BID:622
Reference: URL:http://www.securityfocus.com/bid/622
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
Reference: XF:bsd-setsockopt-dos(3298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3298

Name: CVE-2000-0490

Description:

Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.

Status:Entry
Reference: BID:1297
Reference: URL:http://www.securityfocus.com/bid/1297
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: XF:dmail-etrn-dos(4579)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4579

Name: CVE-2000-0493

Description:

Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1289
Reference: URL:http://www.securityfocus.com/bid/1289
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
Reference: XF:timesync-bo-execute(4602)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4602

Name: CVE-2000-0494

Description:

Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.

Status:Entry
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: XF:veritas-volume-manager

Name: CVE-2000-0495

Description:

Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.

Status:Entry
Reference: BID:1282
Reference: URL:http://www.securityfocus.com/bid/1282
Reference: MS:MS00-038
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-038
Reference: XF:ms-malformed-media-dos(4585)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4585

Name: CVE-2000-0497

Description:

IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: XF:websphere-jsp-source-read

Name: CVE-2000-0498

Description:

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4649

Name: CVE-2000-0499

Description:

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: XF:weblogic-jsp-source-read(4694)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4694

Name: CVE-2000-0500

Description:

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

Status:Entry
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=96161462915381&w=2
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Reference: XF:weblogic-file-source-read(4775)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4775

Name: CVE-2000-0501

Description:

Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.

Status:Entry
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: XF:mdaemon-pass-dos(4745)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4745

Name: CVE-2000-0502

Description:

Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.

Status:Entry
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: OSVDB:6287
Reference: URL:http://www.osvdb.org/6287
Reference: XF:mcafee-alerting-dos(4641)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4641

Name: CVE-2000-0504

Description:

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

Status:Entry
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: XF:linux-libice-dos

Name: CVE-2000-0505

Description:

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

Status:Entry
Reference: BID:1284
Reference: URL:http://www.securityfocus.com/bid/1284
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
Reference: XF:ibm-http-file-retrieve(4575)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4575

Name: CVE-2000-0506

Description:

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

Status:Entry
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: REDHAT:RHSA-2000:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037.html
Reference: SGI:20000802-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P
Reference: TURBO:TLSA2000013-1
Reference: XF:linux-kernel-capabilities

Name: CVE-2000-0507

Description:

Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

Status:Entry
Reference: BID:1286
Reference: URL:http://www.securityfocus.com/bid/1286
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
Reference: URL:http://marc.info/?l=bugtraq&m=95990195708509&w=2
Reference: XF:nt-webmail-dos(4586)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4586

Name: CVE-2000-0508

Description:

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: XF:linux-lockd-remote-dos(5050)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5050

Name: CVE-2000-0510

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-malformed-ipp(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

Name: CVE-2000-0511

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

Name: CVE-2000-0512

Description:

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

Name: CVE-2000-0513

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

Name: CVE-2000-0514

Description:

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

Status:Entry
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: OSVDB:4885
Reference: URL:http://www.osvdb.org/4885
Reference: XF:kerberos-gssftpd-dos(4734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4734

Name: CVE-2000-0515

Description:

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

Status:Entry
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: XF:hpux-snmp-daemon(4643)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4643

Name: CVE-2000-0516

Description:

When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

Status:Entry
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: XF:shiva-plaintext-ldap-password(4612)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4612

Name: CVE-2000-0517

Description:

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

Status:Entry
Reference: BID:1260
Reference: URL:http://www.securityfocus.com/bid/1260
Reference: CERT:CA-2000-08
Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
Reference: XF:netscape-ssl-certificate(4550)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4550

Name: CVE-2000-0518

Description:

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status:Entry
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039
Reference: XF:ie-invalid-frame-image-certificate(4624)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4624

Name: CVE-2000-0519

Description:

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status:Entry
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039
Reference: XF:ie-revalidate-certificate(4627)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4627

Name: CVE-2000-0521

Description:

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.

Status:Entry
Reference: BID:1313
Reference: URL:http://www.securityfocus.com/bid/1313
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
Reference: XF:savant-source-read(4616)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4616

Name: CVE-2000-0522

Description:

RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash.

Status:Entry
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: XF:aceserver-udp-packet-dos(5053)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5053

Name: CVE-2000-0523

Description:

Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.

Status:Entry
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: XF:eserv-logging-overflow(4614)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4614

Name: CVE-2000-0525

Description:

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Status:Entry
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: OSVDB:341
Reference: URL:http://www.osvdb.org/341
Reference: XF:openssh-uselogin-remote-exec(4646)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4646

Name: CVE-2000-0528

Description:

Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.

Status:Entry
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: OSVDB:4353
Reference: URL:http://www.osvdb.org/4353
Reference: XF:nettools-pki-unauthenticated-access(4743)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4743

Name: CVE-2000-0529

Description:

Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.

Status:Entry
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: OSVDB:4352
Reference: URL:http://www.osvdb.org/4352
Reference: XF:nettools-pki-http-bo(4744)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4744

Name: CVE-2000-0530

Description:

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1291
Reference: URL:http://www.securityfocus.com/bid/1291
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
Reference: CALDERA:CSSA-2000-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
Reference: REDHAT:RHSA-2000:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-032.html
Reference: XF:kde-configuration-file-creation(4583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4583

Name: CVE-2000-0532

Description:

A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.

Status:Entry
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: OSVDB:1387
Reference: URL:http://www.osvdb.org/1387
Reference: XF:freebsd-ssh-ports(4638)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4638

Name: CVE-2000-0533

Description:

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: XF:irix-workshop-cvconnect-overwrite(4725)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4725

Name: CVE-2000-0534

Description:

The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.

Status:Entry
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325
Reference: FREEBSD:FreeBSD-SA-00:22
Reference: OSVDB:1389
Reference: URL:http://www.osvdb.org/1389
Reference: XF:apsfilter-elevate-privileges(4617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4617

Name: CVE-2000-0536

Description:

xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.

Status:Entry
Reference: BID:1381
Reference: URL:http://www.securityfocus.com/bid/1381
Reference: CONFIRM:http://www.synack.net/xinetd/
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: URL:http://www.debian.org/security/2000/20000619
Reference: XF:xinetd-improper-restrictions(4986)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4986

Name: CVE-2000-0537

Description:

BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.

Status:Entry
Reference: BID:1321
Reference: URL:http://www.securityfocus.com/bid/1321
Reference: BUGTRAQ:20000606 BRU Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Reference: CALDERA:CSSA-2000-018.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
Reference: XF:bru-execlog-env-variable(4644)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4644

Name: CVE-2000-0538

Description:

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

Status:Entry
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.info/?l=bugtraq&m=96045469627806&w=2
Reference: OSVDB:3399
Reference: URL:http://www.osvdb.org/3399
Reference: XF:coldfusion-parse-dos(4611)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4611

Name: CVE-2000-0539

Description:

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.

Status:Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: OSVDB:818
Reference: URL:http://www.osvdb.org/818
Reference: XF:jrun-read-sample-files(4774)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4774

Name: CVE-2000-0540

Description:

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.

Status:Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: OSVDB:2713
Reference: URL:http://www.osvdb.org/2713
Reference: XF:jrun-read-sample-files(4774)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4774

Name: CVE-2000-0541

Description:

The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.

Status:Entry
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4707

Name: CVE-2000-0542

Description:

Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.

Status:Entry
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: XF:tigris-radius-login-failure(4705)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4705

Name: CVE-2000-0548

Description:

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Status:Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: OSVDB:4875
Reference: URL:http://www.osvdb.org/4875
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: XF:kerberos-emsg-bo

Name: CVE-2000-0549

Description:

Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html

Name: CVE-2000-0550

Description:

Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1465
Reference: URL:http://www.securityfocus.com/bid/1465
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: XF:kerberos-free-memory

Name: CVE-2000-0551

Description:

The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.

Status:Entry
Reference: BID:1263
Reference: URL:http://www.securityfocus.com/bid/1263
Reference: BUGTRAQ:20000523 I think
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
Reference: XF:danware-netop-bypass-security(4569)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4569

Name: CVE-2000-0552

Description:

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

Status:Entry
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: XF:icq-temp-link(4607)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4607

Name: CVE-2000-0553

Description:

Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.

Status:Entry
Reference: BID:1308
Reference: URL:http://www.securityfocus.com/bid/1308
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
Reference: OSVDB:1377
Reference: URL:http://www.osvdb.org/1377
Reference: XF:ipfilter-firewall-race-condition(4994)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4994

Name: CVE-2000-0555

Description:

Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.

Status:Entry
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: XF:ceilidh-post-dos(4622)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4622

Name: CVE-2000-0556

Description:

Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.

Status:Entry
Reference: BID:1319
Reference: URL:http://www.securityfocus.com/bid/1319
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: XF:cmail-long-username-dos(4625)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4625

Name: CVE-2000-0557

Description:

Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1318
Reference: URL:http://www.securityfocus.com/bid/1318
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: XF:cmail-get-overflow-execute(4626)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4626

Name: CVE-2000-0558

Description:

Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.

Status:Entry
Reference: BID:1317
Reference: URL:http://www.securityfocus.com/bid/1317
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html

Name: CVE-2000-0561

Description:

Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1365
Reference: URL:http://www.securityfocus.com/bid/1365
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
Reference: OSVDB:3544
Reference: URL:http://www.osvdb.org/3544
Reference: XF:webbbs-get-request-overflow(4742)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4742

Name: CVE-2000-0565

Description:

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.

Status:Entry
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: OSVDB:1394
Reference: URL:http://www.osvdb.org/1394
Reference: XF:smartftp-directory-traversal(4706)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4706

Name: CVE-2000-0566

Description:

makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1434
Reference: URL:http://www.securityfocus.com/bid/1434
Reference: BUGTRAQ:20000707 [Security Announce] man update
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html
Reference: CALDERA:CSSA-2000-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-021.0.txt
Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis
Reference: MANDRAKE:MDKSA-2000:015
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:015
Reference: REDHAT:RHSA-2000:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-041.html
Reference: XF:linux-man-makewhatis-tmp(4900)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4900

Name: CVE-2000-0567

Description:

Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

Status:Entry
Reference: BID:1481
Reference: URL:http://www.securityfocus.com/bid/1481
Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients
Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients
Reference: MS:MS00-043
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-043
Reference: XF:outlook-date-overflow(4953)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4953

Name: CVE-2000-0568

Description:

Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.

Status:Entry
Reference: BID:1417
Reference: URL:http://www.securityfocus.com/bid/1417
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se
Reference: XF:sybergen-routing-table-modify

Name: CVE-2000-0569

Description:

Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.

Status:Entry
Reference: BID:1420
Reference: URL:http://www.securityfocus.com/bid/1420
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
Reference: XF:sygate-udp-packet-dos(5049)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5049

Name: CVE-2000-0570

Description:

FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.

Status:Entry
Reference: BID:1421
Reference: URL:http://www.securityfocus.com/bid/1421
Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html
Reference: OSVDB:5718
Reference: URL:http://www.osvdb.org/5718
Reference: XF:firstclass-large-bcc-dos(4843)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4843

Name: CVE-2000-0571

Description:

LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: BID:1423
Reference: URL:http://www.securityfocus.com/bid/1423
Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com
Reference: XF:localweb-get-bo(4896)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4896

Name: CVE-2000-0573

Description:

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Status:Entry
Reference: AUSCERT:AA-2000.02
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
Reference: BID:1387
Reference: URL:http://www.securityfocus.com/bid/1387
Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994
Reference: URL:http://marc.info/?l=bugtraq&m=96171893218000&w=2
Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=96179429114160&w=2
Reference: BUGTRAQ:20000623 ftpd: the advisory version
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com
Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit
Reference: URL:http://marc.info/?l=bugtraq&m=96299933720862&w=2
Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
Reference: CALDERA:CSSA-2000-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
Reference: CERT:CA-2000-13
Reference: URL:http://www.cert.org/advisories/CA-2000-13.html
Reference: DEBIAN:20000623
Reference: FREEBSD:FreeBSD-SA-00:29
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
Reference: NETBSD:NetBSD-SA2000-009
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
Reference: REDHAT:RHSA-2000:039
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039.html
Reference: XF:wuftp-format-string-stack-overwrite
Reference: XF:wuftp-format-string-stack-overwrite(4773)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4773

Name: CVE-2000-0575

Description:

SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.

Status:Entry
Reference: BID:1426
Reference: URL:http://www.securityfocus.com/bid/1426
Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27
Reference: URL:http://marc.info/?l=bugtraq&m=96256265914116&w=2
Reference: XF:ssh-kerberos-tickets-disclosure(4903)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4903

Name: CVE-2000-0576

Description:

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.

Status:Entry
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html

Name: CVE-2000-0577

Description:

Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1411
Reference: URL:http://www.securityfocus.com/bid/1411
Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :>
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl
Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html
Reference: XF:netscape-ftpserver-chroot

Name: CVE-2000-0579

Description:

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

Status:Entry
Reference: BID:1413
Reference: URL:http://www.securityfocus.com/bid/1413
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: XF:irix-cron-modify-crontab

Name: CVE-2000-0581

Description:

Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.

Status:Entry
Reference: BID:1414
Reference: URL:http://www.securityfocus.com/bid/1414
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com
Reference: XF:win2k-telnetserver-dos

Name: CVE-2000-0582

Description:

Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

Status:Entry
Reference: BID:1416
Reference: URL:http://www.securityfocus.com/bid/1416
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
Reference: OSVDB:1438
Reference: URL:http://www.osvdb.org/1438
Reference: XF:fw1-resource-overload-dos

Name: CVE-2000-0583

Description:

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Status:Entry
Reference: BID:1418
Reference: URL:http://www.securityfocus.com/bid/1418
Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com
Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog
Reference: XF:vpopmail-format-string

Name: CVE-2000-0584

Description:

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Status:Entry
Reference: BID:1445
Reference: URL:http://www.securityfocus.com/bid/1445
Reference: DEBIAN:20000702
Reference: FREEBSD:FreeBSD-SA-00:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1
Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html
Reference: XF:canna-bin-execute-bo(4912)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4912

Name: CVE-2000-0585

Description:

ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1388
Reference: URL:http://www.securityfocus.com/bid/1388
Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html
Reference: BUGTRAQ:20000702 [Security Announce] dhcp update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html
Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client
Reference: URL:http://www.debian.org/security/2000/20000628
Reference: FREEBSD:FreeBSD-SA-00:34
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc
Reference: NETBSD:NetBSD-SA2000-008
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc
Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
Reference: SUSE:20000711 Security Hole in dhclient < 2.0
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_56.html
Reference: XF:openbsd-isc-dhcp(4772)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4772

Name: CVE-2000-0586

Description:

Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.

Status:Entry
Reference: BID:1404
Reference: URL:http://www.securityfocus.com/bid/1404
Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html
Reference: XF:ircd-dalnet-summon-bo

Name: CVE-2000-0587

Description:

The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.

Status:Entry
Reference: BID:1401
Reference: URL:http://www.securityfocus.com/bid/1401
Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl
Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
Reference: XF:glftpd-privpath-directive

Name: CVE-2000-0588

Description:

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

Status:Entry
Reference: BID:1402
Reference: URL:http://www.securityfocus.com/bid/1402
Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Reference: XF:sawmill-file-access

Name: CVE-2000-0590

Description:

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.

Status:Entry
Reference: BID:1431
Reference: URL:http://www.securityfocus.com/bid/1431
Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html
Reference: XF:http-cgi-pollit-variable-overwrite(4878)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4878

Name: CVE-2000-0591

Description:

Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.

Status:Entry
Reference: BID:1432
Reference: URL:http://www.securityfocus.com/bid/1432
Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html
Reference: XF:bordermanager-bypass-url-restriction

Name: CVE-2000-0593

Description:

WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.

Status:Entry
Reference: BID:1400
Reference: URL:http://www.securityfocus.com/bid/1400
Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp
Reference: XF:winproxy-get-dos(4831)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4831

Name: CVE-2000-0594

Description:

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

Status:Entry
Reference: BID:1436
Reference: URL:http://www.securityfocus.com/bid/1436
Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html
Reference: BUGTRAQ:20000707 BitchX update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html
Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html
Reference: CALDERA:CSSA-2000-022.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt
Reference: FREEBSD:FreeBSD-SA-00:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html
Reference: REDHAT:RHSA-2000:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-042.html
Reference: VULN-DEV:20000704 BitchX /ignore bug
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html
Reference: XF:irc-bitchx-invite-dos(4897)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4897

Name: CVE-2000-0595

Description:

libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

Status:Entry
Reference: BID:1437
Reference: URL:http://www.securityfocus.com/bid/1437
Reference: FREEBSD:FreeBSD-SA-00:24
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html
Reference: OSVDB:1446
Reference: URL:http://www.osvdb.org/1446
Reference: XF:bsd-libedit-editrc

Name: CVE-2000-0596

Description:

Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.

Status:Entry
Reference: BID:1398
Reference: URL:http://www.securityfocus.com/bid/1398
Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu
Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg
Reference: CERT:CA-2000-16
Reference: URL:http://www.cert.org/advisories/CA-2000-16.html
Reference: MS:MS00-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049
Reference: XF:ie-access-vba-code-execute

Name: CVE-2000-0597

Description:

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.

Status:Entry
Reference: BID:1399
Reference: URL:http://www.securityfocus.com/bid/1399
Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg
Reference: MS:MS00-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049
Reference: XF:ie-powerpoint-activex-object-execute

Name: CVE-2000-0598

Description:

Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.

Status:Entry
Reference: BID:1395
Reference: URL:http://www.securityfocus.com/bid/1395
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html
Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm
Reference: XF:fortech-proxy-telnet-gateway

Name: CVE-2000-0599

Description:

Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.

Status:Entry
Reference: BID:1407
Reference: URL:http://www.securityfocus.com/bid/1407
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html
Reference: MISC:http://www.imesh.com/download/download.html
Reference: XF:imesh-tcp-port-overflow

Name: CVE-2000-0600

Description:

Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.

Status:Entry
Reference: BID:1393
Reference: URL:http://www.securityfocus.com/bid/1393
Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html
Reference: XF:netscape-virtual-directory-bo(4780)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4780

Name: CVE-2000-0601

Description:

LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.

Status:Entry
Reference: BID:1396
Reference: URL:http://www.securityfocus.com/bid/1396
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net
Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
Reference: XF:irc-leafchat-dos

Name: CVE-2000-0602

Description:

Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.

Status:Entry
Reference: BID:1385
Reference: URL:http://www.securityfocus.com/bid/1385
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-secure-locate-path

Name: CVE-2000-0603

Description:

Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

Status:Entry
Reference: BID:1444
Reference: URL:http://www.securityfocus.com/bid/1444
Reference: MS:MS00-048
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-048
Reference: XF:mssql-procedure-perms(4921)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4921

Name: CVE-2000-0604

Description:

gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.

Status:Entry
Reference: BID:1383
Reference: URL:http://www.securityfocus.com/bid/1383
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-gkermit

Name: CVE-2000-0610

Description:

NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.

Status:Entry
Reference: BID:1390
Reference: URL:http://www.securityfocus.com/bid/1390
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: XF:netwin-dmailweb-newline(4770)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4770

Name: CVE-2000-0611

Description:

The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.

Status:Entry
Reference: BID:1391
Reference: URL:http://www.securityfocus.com/bid/1391
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: XF:netwin-dmailweb-auth(4771)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4771

Name: CVE-2000-0613

Description:

Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

Status:Entry
Reference: BID:1454
Reference: URL:http://www.securityfocus.com/bid/1454
Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net
Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml
Reference: OSVDB:1457
Reference: URL:http://www.osvdb.org/1457
Reference: XF:cisco-pix-firewall-tcp(4928)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4928

Name: CVE-2000-0615

Description:

LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.

Status:Entry
Reference: BID:1447
Reference: URL:http://www.securityfocus.com/bid/1447
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html
Reference: XF:lpd-suid-root(7361)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7361

Name: CVE-2000-0616

Description:

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Status:Entry
Reference: BID:1405
Reference: URL:http://www.securityfocus.com/bid/1405
Reference: HP:HPSBMP0006-007
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html
Reference: XF:hp-turboimage-dbutil

Name: CVE-2000-0619

Description:

Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.

Status:Entry
Reference: BID:1258
Reference: URL:http://www.securityfocus.com/bid/1258
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html
Reference: XF:toplayer-icmp-dos(7364)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7364

Name: CVE-2000-0620

Description:

libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

Status:Entry
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Reference: URL:http://marc.info/?l=bugtraq&m=96146116627474&w=2
Reference: XF:libx11-infinite-loop-dos(4996)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4996

Name: CVE-2000-0621

Description:

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

Status:Entry
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: MS:MS00-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-046
Reference: XF:outlook-cache-bypass(5013)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5013

Name: CVE-2000-0622

Description:

Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

Status:Entry
Reference: BID:1487
Reference: URL:http://www.securityfocus.com/bid/1487
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Reference: URL:http://www.nai.com/research/covert/advisories/043.asp
Reference: XF:website-webfind-bo(4962)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4962

Name: CVE-2000-0624

Description:

Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.

Status:Entry
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: XF:winamp-playlist-parser-bo(4956)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4956

Name: CVE-2000-0627

Description:

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.

Status:Entry
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
Reference: XF:blackboard-courseinfo-dbase-modification(4946)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4946

Name: CVE-2000-0628

Description:

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Status:Entry
Reference: BID:1457
Reference: URL:http://www.securityfocus.com/bid/1457
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: XF:apache-source-asp-file-write(4931)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4931

Name: CVE-2000-0630

Description:

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

Status:Entry
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488
Reference: MS:MS00-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
Reference: XF:iis-htr-obtain-code(5104)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5104

Name: CVE-2000-0631

Description:

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

Status:Entry
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Reference: URL:http://marc.info/?l=bugtraq&m=96390444022878&w=2
Reference: MS:MS00-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
Reference: XF:iis-absent-directory-dos(4951)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4951

Name: CVE-2000-0632

Description:

Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.

Status:Entry
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp
Reference: XF:lsoft-listserv-querystring-bo(4952)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4952

Name: CVE-2000-0633

Description:

Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

Status:Entry
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
Reference: REDHAT:RHSA-2000:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053.html
Reference: XF:linux-usermode-dos(4944)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4944

Name: CVE-2000-0634

Description:

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: OSVDB:5774
Reference: URL:http://www.osvdb.org/5774
Reference: XF:communigate-pro-file-read(5105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5105

Name: CVE-2000-0635

Description:

The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1449
Reference: URL:http://www.securityfocus.com/bid/1449
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: XF:minivend-viewpage-sample(4880)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4880

Name: CVE-2000-0636

Description:

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

Status:Entry
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: XF:hp-jetdirect-quote-dos(4947)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4947

Name: CVE-2000-0637

Description:

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

Status:Entry
Reference: BID:1451
Reference: URL:http://www.securityfocus.com/bid/1451
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
Reference: MS:MS00-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-051
Reference: XF:excel-register-function(5016)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5016

Name: CVE-2000-0638

Description:

bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.

Status:Entry
Reference: BID:1455
Reference: URL:http://www.securityfocus.com/bid/1455
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: XF:http-cgi-bigbrother-bbhostsvc(4879)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4879

Name: CVE-2000-0639

Description:

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.

Status:Entry
Reference: BID:1494
Reference: URL:http://www.securityfocus.com/bid/1494
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
Reference: OSVDB:1472
Reference: URL:http://www.osvdb.org/1472
Reference: XF:big-brother-filename-extension(5103)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5103

Name: CVE-2000-0640

Description:

Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.

Status:Entry
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: OSVDB:573
Reference: URL:http://www.osvdb.org/573
Reference: XF:guild-ftpd-disclosure(4922)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4922

Name: CVE-2000-0641

Description:

Savant web server allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: XF:savant-get-bo(4901)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4901

Name: CVE-2000-0642

Description:

The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.

Status:Entry
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: XF:webactive-active-log(5184)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5184

Name: CVE-2000-0643

Description:

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: XF:webactive-long-get-dos(4949)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4949

Name: CVE-2000-0644

Description:

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

Status:Entry
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: OSVDB:1477
Reference: URL:http://www.osvdb.org/1477
Reference: XF:wftpd-stat-dos(5003)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5003

Name: CVE-2000-0650

Description:

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Status:Entry
Reference: BID:1458
Reference: URL:http://www.securityfocus.com/bid/1458
Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
Reference: OSVDB:1458
Reference: URL:http://www.osvdb.org/1458
Reference: OSVDB:4200
Reference: URL:http://www.osvdb.org/4200
Reference: XF:nai-virusscan-netshield-autoupgrade(5177)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5177

Name: CVE-2000-0651

Description:

The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

Status:Entry
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: XF:novell-bordermanager-verification(5186)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5186

Name: CVE-2000-0652

Description:

IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

Status:Entry
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: XF:websphere-showcode(5012)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5012

Name: CVE-2000-0654

Description:

Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

Status:Entry
Reference: BID:1466
Reference: URL:http://www.securityfocus.com/bid/1466
Reference: MS:MS00-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041
Reference: XF:mssql-dts-reveal-passwords(4582)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4582

Name: CVE-2000-0655

Description:

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

Status:Entry
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: NETBSD:NetBSD-SA2000-011
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
Reference: REDHAT:RHSA-2000:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: TURBO:TLSA2000017-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
Reference: XF:netscape-jpg-comment

Name: CVE-2000-0660

Description:

The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1462
Reference: URL:http://www.securityfocus.com/bid/1462
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: OSVDB:1459
Reference: URL:http://www.osvdb.org/1459
Reference: XF:worldclient-dir-traverse(4913)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4913

Name: CVE-2000-0661

Description:

WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.

Status:Entry
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: XF:wircsrv-character-flood-dos(4914)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4914

Name: CVE-2000-0662

Description:

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

Status:Entry
Reference: BID:1474
Reference: URL:http://www.securityfocus.com/bid/1474
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
Reference: XF:ie-dhtmled-file-read(5107)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5107

Name: CVE-2000-0663

Description:

The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.

Status:Entry
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507
Reference: MS:MS00-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-052
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: XF:explorer-relative-path-name(5040)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5040

Name: CVE-2000-0664

Description:

AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.

Status:Entry
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:388
Reference: URL:http://www.osvdb.org/388
Reference: XF:analogx-simpleserver-directory-path(4999)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4999

Name: CVE-2000-0665

Description:

GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
Reference: OSVDB:373
Reference: URL:http://www.osvdb.org/373
Reference: XF:gamsoft-telsrv-dos(4945)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4945

Name: CVE-2000-0666

Description:

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: CERT:CA-2000-17
Reference: URL:http://www.cert.org/advisories/CA-2000-17.html
Reference: DEBIAN:20000719a
Reference: REDHAT:RHSA-2000:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043.html
Reference: XF:linux-rpcstatd-format-overwrite(4939)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4939

Name: CVE-2000-0668

Description:

pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

Status:Entry
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
Reference: REDHAT:RHSA-2000:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044.html
Reference: XF:linux-pam-console(5001)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5001

Name: CVE-2000-0669

Description:

Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.

Status:Entry
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: XF:netware-port40193-dos

Name: CVE-2000-0670

Description:

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1469
Reference: URL:http://www.securityfocus.com/bid/1469
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
Reference: DEBIAN:20000719b
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc
Reference: TURBO:TLSA2000016-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
Reference: XF:cvsweb-shell-access(4925)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4925

Name: CVE-2000-0671

Description:

Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.

Status:Entry
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: XF:roxen-null-char-url(4965)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4965

Name: CVE-2000-0672

Description:

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Status:Entry
Reference: BID:1548
Reference: URL:http://www.securityfocus.com/bid/1548
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html
Reference: XF:jakarta-tomcat-admin(5160)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5160

Name: CVE-2000-0673

Description:

The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

Status:Entry
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515
Reference: MS:MS00-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-047
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: URL:http://www.nai.com/research/covert/advisories/044.asp
Reference: XF:netbios-name-server-spoofing(5035)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5035

Name: CVE-2000-0674

Description:

ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.

Status:Entry
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: XF:virtualvision-ftp-browser(5187)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5187

Name: CVE-2000-0675

Description:

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: XF:gatekeeper-long-string-bo(4948)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4948

Name: CVE-2000-0676

Description:

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Status:Entry
Reference: BID:1546
Reference: URL:http://www.securityfocus.com/bid/1546
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Reference: CALDERA:CSSA-2000-027.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: REDHAT:RHSA-2000:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: XF:java-brownorifice

Name: CVE-2000-0677

Description:

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.

Status:Entry
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/advise60.php
Reference: XF:ibm-netdata-db2www-bo(4976)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4976

Name: CVE-2000-0678

Description:

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

Status:Entry
Reference: BID:1606
Reference: URL:http://www.securityfocus.com/bid/1606
Reference: CERT:CA-2000-18
Reference: URL:http://www.cert.org/advisories/CA-2000-18.html
Reference: OSVDB:4354
Reference: URL:http://www.osvdb.org/4354

Name: CVE-2000-0679

Description:

The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.

Status:Entry
Reference: BID:1523
Reference: URL:http://www.securityfocus.com/bid/1523
Reference: BUGTRAQ:20000728 cvs security problem
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Reference: XF:cvs-client-creates-file

Name: CVE-2000-0681

Description:

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

Status:Entry
Reference: BID:1570
Reference: URL:http://www.securityfocus.com/bid/1570
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html
Reference: XF:weblogic-plugin-bo

Name: CVE-2000-0682

Description:

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.

Status:Entry
Reference: BID:1518
Reference: URL:http://www.securityfocus.com/bid/1518
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: OSVDB:1481
Reference: URL:http://www.osvdb.org/1481
Reference: XF:weblogic-fileservlet-show-code

Name: CVE-2000-0683

Description:

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.

Status:Entry
Reference: BID:1517
Reference: URL:http://www.securityfocus.com/bid/1517
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: OSVDB:1480
Reference: URL:http://www.osvdb.org/1480

Name: CVE-2000-0684

Description:

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Status:Entry
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: XF:html-malicious-tags

Name: CVE-2000-0685

Description:

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

Status:Entry
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: XF:html-malicious-tags

Name: CVE-2000-0693

Description:

pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.

Status:Entry
Reference: BID:1563
Reference: URL:http://www.securityfocus.com/bid/1563
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: OSVDB:1501
Reference: URL:http://www.osvdb.org/1501

Name: CVE-2000-0694

Description:

pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: OSVDB:5740
Reference: URL:http://www.osvdb.org/5740

Name: CVE-2000-0698

Description:

Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.

Status:Entry
Reference: BID:1599
Reference: URL:http://www.securityfocus.com/bid/1599
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/77361
Reference: XF:minicom-capture-groupown(5151)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5151

Name: CVE-2000-0699

Description:

Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

Status:Entry
Reference: BID:1560
Reference: URL:http://www.securityfocus.com/bid/1560
Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html

Name: CVE-2000-0700

Description:

Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.

Status:Entry
Reference: BID:1541
Reference: URL:http://www.securityfocus.com/bid/1541
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Reference: OSVDB:793
Reference: URL:http://www.osvdb.org/793
Reference: OSVDB:798
Reference: URL:http://www.osvdb.org/798

Name: CVE-2000-0702

Description:

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

Status:Entry
Reference: BID:1602
Reference: URL:http://www.securityfocus.com/bid/1602
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html
Reference: XF:hp-netinit-symlink(5131)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5131

Name: CVE-2000-0703

Description:

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Status:Entry
Reference: BID:1547
Reference: URL:http://www.securityfocus.com/bid/1547
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
Reference: CALDERA:CSSA-2000-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
Reference: DEBIAN:20000810
Reference: REDHAT:RHSA-2000:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048.html
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_59.html
Reference: TURBO:TLSA2000018-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html
Reference: XF:perl-shell-escape

Name: CVE-2000-0705

Description:

ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1550
Reference: URL:http://www.securityfocus.com/bid/1550
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html
Reference: OSVDB:1496
Reference: URL:http://www.osvdb.org/1496
Reference: REDHAT:RHSA-2000:049
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-049.html
Reference: XF:ntop-remote-file-access

Name: CVE-2000-0706

Description:

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1576
Reference: URL:http://www.securityfocus.com/bid/1576
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: URL:http://www.debian.org/security/2000/20000830
Reference: FREEBSD:FreeBSD-SA-00:36
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Reference: OSVDB:1513
Reference: URL:http://www.osvdb.org/1513
Reference: XF:ntop-bo

Name: CVE-2000-0707

Description:

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.

Status:Entry
Reference: BID:1557
Reference: URL:http://www.securityfocus.com/bid/1557
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: XF:pccs-mysql-admin-tool

Name: CVE-2000-0708

Description:

Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.

Status:Entry
Reference: BID:1605
Reference: URL:http://www.securityfocus.com/bid/1605
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247
Reference: XF:telnetserver-rpc-bo

Name: CVE-2000-0711

Description:

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

Status:Entry
Reference: BID:1545
Reference: URL:http://www.securityfocus.com/bid/1545
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html

Name: CVE-2000-0712

Description:

Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.

Status:Entry
Reference: BID:1549
Reference: URL:http://www.securityfocus.com/bid/1549
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: MISC:http://www.egroups.com/message/lids/1038
Reference: OSVDB:1495
Reference: URL:http://www.osvdb.org/1495

Name: CVE-2000-0716

Description:

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.

Status:Entry
Reference: BID:1553
Reference: URL:http://www.securityfocus.com/bid/1553
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459
Reference: XF:mdaemon-session-id-hijack(5070)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5070

Name: CVE-2000-0717

Description:

GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.

Status:Entry
Reference: BID:1619
Reference: URL:http://www.securityfocus.com/bid/1619
Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram
Reference: XF:ftp-goodtech-rnto-dos(5166)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5166

Name: CVE-2000-0718

Description:

A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

Status:Entry
Reference: BID:1567
Reference: URL:http://www.securityfocus.com/bid/1567
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html

Name: CVE-2000-0720

Description:

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Status:Entry
Reference: BID:1621
Reference: URL:http://www.securityfocus.com/bid/1621
Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4
Reference: XF:news-publisher-add-author(5169)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5169

Name: CVE-2000-0725

Description:

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Status:Entry
Reference: BID:1577
Reference: URL:http://www.securityfocus.com/bid/1577
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: URL:http://www.debian.org/security/2000/20000821
Reference: REDHAT:RHSA-2000:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-052.html

Name: CVE-2000-0726

Description:

CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.

Status:Entry
Reference: BID:1623
Reference: URL:http://www.securityfocus.com/bid/1623
Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com
Reference: XF:mailers-cgimail-spoof(5165)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5165

Name: CVE-2000-0727

Description:

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

Status:Entry
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.info/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.info/?l=bugtraq&m=96886599829687&w=2
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html

Name: CVE-2000-0728

Description:

xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.info/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.info/?l=bugtraq&m=96886599829687&w=2
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: DEBIAN:20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html

Name: CVE-2000-0729

Description:

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

Status:Entry
Reference: BID:1625
Reference: URL:http://www.securityfocus.com/bid/1625
Reference: FREEBSD:FreeBSD-SA-00:41
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html
Reference: OSVDB:1534
Reference: URL:http://www.osvdb.org/1534
Reference: XF:freebsd-elf-dos(5967)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5967

Name: CVE-2000-0730

Description:

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

Status:Entry
Reference: BID:1580
Reference: URL:http://www.securityfocus.com/bid/1580
Reference: HP:HPSBUX0008-118
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html

Name: CVE-2000-0731

Description:

Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: OSVDB:1535
Reference: URL:http://www.osvdb.org/1535
Reference: XF:wormhttp-dir-traverse(5148)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5148

Name: CVE-2000-0732

Description:

Worm HTTP server allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: XF:wormhttp-filename-dos(5149)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5149

Name: CVE-2000-0733

Description:

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

Status:Entry
Reference: BID:1572
Reference: URL:http://www.securityfocus.com/bid/1572
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html
Reference: SGI:20000801-02-P
Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P

Name: CVE-2000-0737

Description:

The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.

Status:Entry
Reference: BID:1535
Reference: URL:http://www.securityfocus.com/bid/1535
Reference: MS:MS00-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-053

Name: CVE-2000-0738

Description:

WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.

Status:Entry
Reference: BID:1589
Reference: URL:http://www.securityfocus.com/bid/1589
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html
Reference: XF:webshield-smtp-dos(5100)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5100

Name: CVE-2000-0739

Description:

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.

Status:Entry
Reference: BID:1537
Reference: URL:http://www.securityfocus.com/bid/1537
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1489
Reference: URL:http://www.osvdb.org/1489
Reference: XF:nettools-pki-dir-traverse(5066)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5066

Name: CVE-2000-0740

Description:

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.

Status:Entry
Reference: BID:1536
Reference: URL:http://www.securityfocus.com/bid/1536
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1488
Reference: URL:http://www.osvdb.org/1488
Reference: XF:nai-nettools-strong-bo(5026)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5026

Name: CVE-2000-0741

Description:

Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.

Status:Entry
Reference: BID:1538
Reference: URL:http://www.securityfocus.com/bid/1538
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1490
Reference: URL:http://www.osvdb.org/1490

Name: CVE-2000-0742

Description:

The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

Status:Entry
Reference: BID:1544
Reference: URL:http://www.securityfocus.com/bid/1544
Reference: BUGTRAQ:20000602 ipx storm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120
Reference: MS:MS00-054
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-054
Reference: XF:win-ipx-ping-packet(5079)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5079

Name: CVE-2000-0743

Description:

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

Status:Entry
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html

Name: CVE-2000-0744

Description:

DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2000-0743.

Status:Entry

Name: CVE-2000-0745

Description:

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.

Status:Entry
Reference: BID:1592
Reference: URL:http://www.securityfocus.com/bid/1592
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html
Reference: OSVDB:1521
Reference: URL:http://www.osvdb.org/1521

Name: CVE-2000-0747

Description:

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

Status:Entry
Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html
Reference: XF:openldap-logrotate-script-dos(5036)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5036

Name: CVE-2000-0749

Description:

Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

Status:Entry
Reference: BID:1628
Reference: URL:http://www.securityfocus.com/bid/1628
Reference: FREEBSD:FreeBSD-SA-00:42
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html
Reference: OSVDB:1536
Reference: URL:http://www.osvdb.org/1536
Reference: XF:freebsd-linux-module-bo(5968)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5968

Name: CVE-2000-0750

Description:

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Status:Entry
Reference: BID:1558
Reference: URL:http://www.securityfocus.com/bid/1558
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html

Name: CVE-2000-0751

Description:

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1559
Reference: URL:http://www.securityfocus.com/bid/1559
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html

Name: CVE-2000-0753

Description:

The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

Status:Entry
Reference: BID:1631
Reference: URL:http://www.securityfocus.com/bid/1631
Reference: BUGTRAQ:20000824 Outlook winmail.dat
Reference: URL:http://www.securityfocus.com/archive/1/78240
Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
Reference: URL:http://www.securityfocus.com/archive/1/201422
Reference: XF:outlook-reveal-path(5508)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5508

Name: CVE-2000-0754

Description:

Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.

Status:Entry
Reference: BID:1581
Reference: URL:http://www.securityfocus.com/bid/1581
Reference: HP:HPSBUX0008-119
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html

Name: CVE-2000-0758

Description:

The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.

Status:Entry
Reference: BID:1584
Reference: URL:http://www.securityfocus.com/bid/1584
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html

Name: CVE-2000-0761

Description:

OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:1582
Reference: URL:http://www.securityfocus.com/bid/1582
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README

Name: CVE-2000-0762

Description:

The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.

Status:Entry
Reference: BID:1583
Reference: URL:http://www.securityfocus.com/bid/1583
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: OSVDB:1517
Reference: URL:http://www.osvdb.org/1517
Reference: XF:etrust-access-control-default(5076)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5076

Name: CVE-2000-0763

Description:

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.

Status:Entry
Reference: BID:1585
Reference: URL:http://www.securityfocus.com/bid/1585
Reference: BUGTRAQ:20000816 xlock vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: URL:http://www.debian.org/security/2000/20000816
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html

Name: CVE-2000-0764

Description:

Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.

Status:Entry
Reference: BID:1609
Reference: URL:http://www.securityfocus.com/bid/1609
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html
Reference: XF:intel-express-switch-dos(5154)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5154

Name: CVE-2000-0765

Description:

Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

Status:Entry
Reference: BID:1561
Reference: URL:http://www.securityfocus.com/bid/1561
Reference: MS:MS00-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-056

Name: CVE-2000-0766

Description:

Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.

Status:Entry
Reference: BID:1610
Reference: URL:http://www.securityfocus.com/bid/1610
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com
Reference: XF:vqserver-get-dos(5152)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5152

Name: CVE-2000-0767

Description:

The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

Status:Entry
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
Reference: MS:MS00-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055

Name: CVE-2000-0768

Description:

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
Reference: MS:MS00-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055

Name: CVE-2000-0770

Description:

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Status:Entry
Reference: BID:1565
Reference: URL:http://www.securityfocus.com/bid/1565
Reference: MS:MS00-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

Name: CVE-2000-0771

Description:

Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

Status:Entry
Reference: BID:1613
Reference: URL:http://www.securityfocus.com/bid/1613
Reference: MS:MS00-062
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-062

Name: CVE-2000-0773

Description:

Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.

Status:Entry
Reference: BID:1522
Reference: URL:http://www.securityfocus.com/bid/1522
Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html
Reference: XF:bajie-view-arbitrary-files(5021)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5021

Name: CVE-2000-0776

Description:

Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1568
Reference: URL:http://www.securityfocus.com/bid/1568
Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html
Reference: XF:mediahouse-stats-livestats-bo(5113)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5113

Name: CVE-2000-0777

Description:

The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.

Status:Entry
Reference: BID:1615
Reference: URL:http://www.securityfocus.com/bid/1615
Reference: MS:MS00-061
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-061

Name: CVE-2000-0778

Description:

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

Status:Entry
Reference: BID:1578
Reference: URL:http://www.securityfocus.com/bid/1578
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz
Reference: MS:MS00-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
Reference: OVAL:oval:org.mitre.oval:def:927
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927

Name: CVE-2000-0779

Description:

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

Status:Entry
Reference: BID:1534
Reference: URL:http://www.securityfocus.com/bid/1534
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
Reference: OSVDB:1487
Reference: URL:http://www.osvdb.org/1487

Name: CVE-2000-0780

Description:

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1617
Reference: URL:http://www.securityfocus.com/bid/1617
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
Reference: URL:http://marc.info/?l=bugtraq&m=96767207207553&w=2
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html

Name: CVE-2000-0781

Description:

uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

Status:Entry
Reference: BID:1519
Reference: URL:http://www.securityfocus.com/bid/1519
Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html
Reference: XF:arcserveit-clientagent-temp-file(5023)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5023

Name: CVE-2000-0782

Description:

netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1587
Reference: URL:http://www.securityfocus.com/bid/1587
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: XF:netwin-netauth-dir-traverse(5090)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5090

Name: CVE-2000-0783

Description:

Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.

Status:Entry
Reference: BID:1573
Reference: URL:http://www.securityfocus.com/bid/1573
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html
Reference: XF:firebox-url-dos(5098)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5098

Name: CVE-2000-0786

Description:

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

Status:Entry
Reference: BID:1516
Reference: URL:http://www.securityfocus.com/bid/1516
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Reference: CONFIRM:http://marc.info/?l=bugtraq&m=96473640717095&w=2
Reference: DEBIAN:20000727 userv: local exploit
Reference: URL:http://www.debian.org/security/2000/20000727

Name: CVE-2000-0787

Description:

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

Status:Entry
Reference: BID:1601
Reference: URL:http://www.securityfocus.com/bid/1601
Reference: BUGTRAQ:20000817 XChat URL handler vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
Reference: REDHAT:RHSA-2000:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055.html

Name: CVE-2000-0788

Description:

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

Status:Entry
Reference: BID:1566
Reference: URL:http://www.securityfocus.com/bid/1566
Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg
Reference: MS:MS00-071
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071
Reference: XF:word-mail-merge(5322)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5322

Name: CVE-2000-0790

Description:

The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.

Status:Entry
Reference: BID:1571
Reference: URL:http://www.securityfocus.com/bid/1571
Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg
Reference: XF:ie-folder-remote-exe(5097)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5097

Name: CVE-2000-0792

Description:

Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.

Status:Entry
Reference: BID:1590
Reference: URL:http://www.securityfocus.com/bid/1590
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html
Reference: OSVDB:1520
Reference: URL:http://www.osvdb.org/1520

Name: CVE-2000-0795

Description:

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

Status:Entry
Reference: BID:1529
Reference: URL:http://www.securityfocus.com/bid/1529
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:1485
Reference: URL:http://www.osvdb.org/1485

Name: CVE-2000-0796

Description:

Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

Status:Entry
Reference: BID:1528
Reference: URL:http://www.securityfocus.com/bid/1528
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:1484
Reference: URL:http://www.osvdb.org/1484
Reference: XF:irix-dmplay-bo(5064)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5064

Name: CVE-2000-0797

Description:

Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

Status:Entry
Reference: BID:1526
Reference: URL:http://www.securityfocus.com/bid/1526
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:3815
Reference: URL:http://www.osvdb.org/3815
Reference: SGI:20040104-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
Reference: XF:irix-grosview-bo(5062)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5062

Name: CVE-2000-0799

Description:

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

Status:Entry
Reference: BID:1530
Reference: URL:http://www.securityfocus.com/bid/1530
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: XF:irix-inpview-symlink(5065)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5065

Name: CVE-2000-0803

Description:

GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

Status:Entry
Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory
Reference: XF:gnu-groff-utilities(5280)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5280

Name: CVE-2000-0804

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Reference: OSVDB:4419
Reference: URL:http://www.osvdb.org/4419
Reference: XF:fw1-remote-bypass(5468)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5468

Name: CVE-2000-0805

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
Reference: OSVDB:4415
Reference: URL:http://www.osvdb.org/4415
Reference: XF:fw1-client-spoof(5469)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5469

Name: CVE-2000-0806

Description:

The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
Reference: OSVDB:4413
Reference: URL:http://www.osvdb.org/4413
Reference: XF:fw1-fwa1-auth-replay(5162)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5162

Name: CVE-2000-0807

Description:

The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
Reference: OSVDB:4420
Reference: URL:http://www.osvdb.org/4420
Reference: XF:fw1-opsec-auth-spoof(5471)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5471

Name: CVE-2000-0808

Description:

The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Reference: OSVDB:4421
Reference: URL:http://www.osvdb.org/4421
Reference: XF:fw1-localhost-auth(5137)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5137

Name: CVE-2000-0809

Description:

Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Reference: OSVDB:4422
Reference: URL:http://www.osvdb.org/4422
Reference: XF:fw1-getkey-bo(5139)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5139

Name: CVE-2000-0810

Description:

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

Status:Entry
Reference: BID:1782
Reference: URL:http://www.securityfocus.com/bid/1782
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: OSVDB:1600
Reference: URL:http://www.osvdb.org/1600
Reference: XF:auction-weaver-delete-files(5371)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5371

Name: CVE-2000-0811

Description:

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.

Status:Entry
Reference: BID:1783
Reference: URL:http://www.securityfocus.com/bid/1783
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: OSVDB:4053
Reference: URL:http://www.osvdb.org/4053
Reference: XF:auction-weaver-username-bidfile(5372)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5372

Name: CVE-2000-0813

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Reference: OSVDB:4434
Reference: URL:http://www.osvdb.org/4434
Reference: XF:fw1-ftp-redirect(5474)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5474

Name: CVE-2000-0816

Description:

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

Status:Entry
Reference: BID:1785
Reference: URL:http://www.securityfocus.com/bid/1785
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
Reference: URL:http://xforce.iss.net/alerts/advise64.php
Reference: MANDRAKE:MDKSA-2000:056
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: XF:linux-tmpwatch-fuser(5320)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5320

Name: CVE-2000-0818

Description:

The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

Status:Entry
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
Reference: URL:http://xforce.iss.net/alerts/advise66.php
Reference: XF:oracle-listener-connect-statements(5380)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5380

Name: CVE-2000-0824

Description:

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Status:Entry
Reference: BID:1639
Reference: URL:http://www.securityfocus.com/bid/1639
Reference: BID:648
Reference: URL:http://www.securityfocus.com/bid/648
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.info/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: URL:http://www.securityfocus.com/archive/1/79537
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Reference: CALDERA:CSSA-2000-028.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: MANDRAKE:MDKSA-2000:040
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
Reference: MANDRAKE:MDKSA-2000:045
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: SUSE:20000924 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: XF:glibc-ld-unsetenv(5173)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5173

Name: CVE-2000-0825

Description:

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.

Status:Entry
Reference: BID:2011
Reference: URL:http://www.securityfocus.com/bid/2011
Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.info/?l=bugtraq&m=96659012127444&w=2
Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.info/?l=ntbugtraq&m=96654521004571&w=2
Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html
Reference: XF:ipswitch-imail-remote-dos(5475)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5475

Name: CVE-2000-0829

Description:

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

Status:Entry
Reference: BID:1664
Reference: URL:http://www.securityfocus.com/bid/1664
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
Reference: URL:http://www.securityfocus.com/archive/1/81364
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: XF:linux-tmpwatch-fork-dos(5217)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5217

Name: CVE-2000-0830

Description:

annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.

Status:Entry
Reference: BID:1671
Reference: URL:http://www.securityfocus.com/bid/1671
Reference: BUGTRAQ:20000913 trivial DoS in webTV
Reference: URL:http://www.securityfocus.com/archive/1/81852
Reference: MS:MS00-074
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-074
Reference: XF:webtv-udp-dos(5216)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5216

Name: CVE-2000-0834

Description:

The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.

Status:Entry
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: MS:MS00-067
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-067
Reference: XF:win2k-telnet-ntlm-authentication(5242)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5242

Name: CVE-2000-0837

Description:

FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.

Status:Entry
Reference: BID:1543
Reference: URL:http://www.securityfocus.com/bid/1543
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/73843
Reference: XF:servu-null-character-dos(5029)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5029

Name: CVE-2000-0838

Description:

Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html
Reference: XF:fur-get-dos(5237)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5237

Name: CVE-2000-0839

Description:

WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).

Status:Entry
Reference: BID:1701
Reference: URL:http://www.securityfocus.com/bid/1701
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html
Reference: XF:wincom-lpd-dos(5258)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5258

Name: CVE-2000-0844

Description:

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Status:Entry
Reference: AIXAPAR:IY13753
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: CALDERA:CSSA-2000-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
Reference: COMPAQ:SSRT0689U
Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: SGI:20000901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
Reference: SUSE:20000906 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: XF:unix-locale-format-string(5176)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5176

Name: CVE-2000-0846

Description:

Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.

Status:Entry
Reference: BID:1598
Reference: URL:http://www.securityfocus.com/bid/1598
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Reference: XF:darxite-login-bo(5134)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5134

Name: CVE-2000-0847

Description:

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.

Status:Entry
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: XF:c-client-dos(5223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5223

Name: CVE-2000-0848

Description:

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.

Status:Entry
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: XF:websphere-header-dos(5252)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5252

Name: CVE-2000-0849

Description:

Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.

Status:Entry
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655
Reference: MS:MS00-064
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-064
Reference: XF:unicast-service-dos(5193)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5193

Name: CVE-2000-0850

Description:

Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.

Status:Entry
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication(5230)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5230

Name: CVE-2000-0851

Description:

Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.

Status:Entry
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: MS:MS00-065
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-065
Reference: XF:w2k-still-image-service(5203)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5203

Name: CVE-2000-0852

Description:

Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.

Status:Entry
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: OSVDB:1559
Reference: URL:http://www.osvdb.org/1559
Reference: XF:freebsd-eject-port(5248)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5248

Name: CVE-2000-0853

Description:

YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: XF:yabb-file-access(5254)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5254

Name: CVE-2000-0854

Description:

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Status:Entry
Reference: BID:1699
Reference: URL:http://www.securityfocus.com/bid/1699
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
Reference: XF:office-dll-execution(5263)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5263

Name: CVE-2000-0856

Description:

Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1638
Reference: URL:http://www.securityfocus.com/bid/1638
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html

Name: CVE-2000-0858

Description:

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

Status:Entry
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: XF:iis-invald-url-dos(5202)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5202

Name: CVE-2000-0859

Description:

The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.

Status:Entry
Reference: BID:1640
Reference: URL:http://www.securityfocus.com/bid/1640
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html
Reference: XF:ntmail-incomplete-http-requests(5182)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5182

Name: CVE-2000-0860

Description:

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Status:Entry
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: XF:php-file-upload(5190)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5190

Name: CVE-2000-0861

Description:

Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.

Status:Entry
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: XF:mailman-execute-external-commands(5493)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5493

Name: CVE-2000-0862

Description:

Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.

Status:Entry
Reference: ALLAIRE:ASB00-23
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html
Reference: XF:allaire-spectra-admin-access(5466)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5466

Name: CVE-2000-0863

Description:

Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html
Reference: XF:listmanager-port-bo(5503)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5503

Name: CVE-2000-0864

Description:

Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

Status:Entry
Reference: BID:1659
Reference: URL:http://www.securityfocus.com/bid/1659
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
Reference: DEBIAN:20001008 esound: race condition
Reference: URL:http://www.debian.org/security/2000/20001008
Reference: FREEBSD:FreeBSD-SA-00:45
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html
Reference: MANDRAKE:MDKSA-2000:051
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm
Reference: REDHAT:RHSA-2000:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-077.html
Reference: SUSE:20001012 esound daemon race condition
Reference: URL:http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html
Reference: XF:gnome-esound-symlink(5213)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5213

Name: CVE-2000-0865

Description:

Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.

Status:Entry
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: XF:doublevision-dvtermtype-bo(5261)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5261

Name: CVE-2000-0867

Description:

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

Status:Entry
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: URL:http://marc.info/?l=bugtraq&m=97726239017741&w=2
Reference: CALDERA:CSSA-2000-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-032.0.txt
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050
Reference: OSVDB:5824
Reference: URL:http://www.osvdb.org/5824
Reference: REDHAT:RHSA-2000:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-061.html
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: URL:http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html
Reference: TURBO:TLSA2000022-2
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
Reference: XF:klogd-format-string(5259)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5259

Name: CVE-2000-0868

Description:

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Status:Entry
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: XF:suse-apache-cgi-source-code(5197)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5197

Name: CVE-2000-0869

Description:

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Status:Entry
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: XF:apache-webdav-directory-listings(5204)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5204

Name: CVE-2000-0870

Description:

Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.

Status:Entry
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: OSVDB:1555
Reference: URL:http://www.osvdb.org/1555
Reference: XF:eftp-bo(5219)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5219

Name: CVE-2000-0871

Description:

Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.

Status:Entry
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: OSVDB:409
Reference: URL:http://www.osvdb.org/409
Reference: XF:eftp-newline-dos(5220)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5220

Name: CVE-2000-0873

Description:

netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.

Status:Entry
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: XF:aix-clear-netstat(5214)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5214

Name: CVE-2000-0874

Description:

Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).

Status:Entry
Reference: BID:1653
Reference: URL:http://www.securityfocus.com/bid/1653
Reference: BUGTRAQ:20000907 Eudora disclosure
Reference: URL:http://www.securityfocus.com/archive/1/80888
Reference: OSVDB:1545
Reference: URL:http://www.osvdb.org/1545
Reference: XF:eudora-path-disclosure(5206)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5206

Name: CVE-2000-0875

Description:

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

Status:Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm
Reference: XF:wftpd-long-string-dos(5194)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5194

Name: CVE-2000-0876

Description:

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

Status:Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: OSVDB:5829
Reference: URL:http://www.osvdb.org/5829
Reference: XF:wftpd-path-disclosure(5196)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5196

Name: CVE-2000-0877

Description:

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.

Status:Entry
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: XF:mailform-attach-file(5224)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5224

Name: CVE-2000-0878

Description:

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.

Status:Entry
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: XF:mailto-piped-address(5241)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5241

Name: CVE-2000-0883

Description:

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Status:Entry
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: XF:linux-mod-perl(5257)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5257

Name: CVE-2000-0884

Description:

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Status:Entry
Reference: BID:1806
Reference: URL:http://www.securityfocus.com/bid/1806
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
Reference: OSVDB:436
Reference: URL:http://www.osvdb.org/436
Reference: OVAL:oval:org.mitre.oval:def:44
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
Reference: XF:iis-unicode-translation(5377)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5377

Name: CVE-2000-0886

Description:

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Status:Entry
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/bid/1912
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&
Reference: MS:MS00-086
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-086
Reference: OVAL:oval:org.mitre.oval:def:191
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A191
Reference: XF:iis-invalid-filename-passing(5470)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5470

Name: CVE-2000-0887

Description:

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

Status:Entry
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: VULN-DEV:20001107 Possible DOS in Bind 8.2.2-P5
Reference: VULN-DEV:20001109 Re: Possible DOS in Bind 8.2.2-P5
Reference: XF:bind-zxfr-dos(5540)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5540

Name: CVE-2000-0888

Description:

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

Status:Entry
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: XF:bind-srv-dos(5814)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5814

Name: CVE-2000-0890

Description:

periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2325
Reference: URL:http://www.securityfocus.com/bid/2325
Reference: CERT-VN:VU#626919
Reference: URL:http://www.kb.cert.org/vuls/id/626919
Reference: FREEBSD:FreeBSD-SA-01:12
Reference: OSVDB:1754
Reference: URL:http://www.osvdb.org/1754
Reference: XF:periodic-temp-file-symlink(6047)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6047

Name: CVE-2000-0891

Description:

A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.

Status:Entry
Reference: CERT-VN:VU#5962
Reference: URL:http://www.kb.cert.org/vuls/id/5962
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S
Reference: XF:lotus-notes-bypass-ecl(5045)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5045

Name: CVE-2000-0892

Description:

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

Status:Entry
Reference: CERT-VN:VU#22404
Reference: URL:http://www.kb.cert.org/vuls/id/22404
Reference: XF:telnet-obtain-env-variable(6644)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6644

Name: CVE-2000-0894

Description:

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

Status:Entry
Reference: BID:2119
Reference: URL:http://www.securityfocus.com/bid/2119
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:4404
Reference: URL:http://www.osvdb.org/4404
Reference: XF:watchguard-soho-web-auth(5554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5554

Name: CVE-2000-0895

Description:

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Status:Entry
Reference: BID:2114
Reference: URL:http://www.securityfocus.com/bid/2114
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:4403
Reference: URL:http://www.osvdb.org/4403
Reference: XF:watchguard-soho-web-dos(5218)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5218

Name: CVE-2000-0896

Description:

WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Status:Entry
Reference: BID:2113
Reference: URL:http://www.securityfocus.com/bid/2113
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:1690
Reference: URL:http://www.osvdb.org/1690
Reference: XF:watchguard-soho-fragmented-packets(5749)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5749

Name: CVE-2000-0897

Description:

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

Status:Entry
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.info/?l=bugtraq&m=97421834001092&w=2
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: XF:small-http-nofile-dos(5524)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5524

Name: CVE-2000-0900

Description:

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

Status:Entry
Reference: BID:1737
Reference: URL:http://www.securityfocus.com/bid/1737
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
Reference: XF:acme-thttpd-ssi(5313)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5313

Name: CVE-2000-0901

Description:

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Status:Entry
Reference: BID:1641
Reference: URL:http://www.securityfocus.com/bid/1641
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/80178
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html
Reference: DEBIAN:20000902a
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Reference: MANDRAKE:MDKSA-2000:044
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Reference: REDHAT:RHSA-2000:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-058.html
Reference: SUSE:20000906 screen format string parsing security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html
Reference: XF:screen-format-string(5188)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5188

Name: CVE-2000-0908

Description:

BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.

Status:Entry
Reference: BID:1702
Reference: URL:http://www.securityfocus.com/bid/1702
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://marc.info/?l=bugtraq&m=96956211605302&w=2
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html
Reference: XF:browsegate-http-dos(5270)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5270

Name: CVE-2000-0909

Description:

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

Status:Entry
Reference: BID:1709
Reference: URL:http://www.securityfocus.com/bid/1709
Reference: BUGTRAQ:20000922 [ no subject ]
Reference: URL:http://www.securityfocus.com/archive/1/84901
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
Reference: MANDRAKE:MDKSA-2000:073
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
Reference: REDHAT:RHSA-2000:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html
Reference: XF:pine-check-mail-bo(5283)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5283

Name: CVE-2000-0910

Description:

Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

Status:Entry
Reference: BID:1674
Reference: URL:http://www.securityfocus.com/bid/1674
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: DEBIAN:20000910 imp: remote compromise
Reference: URL:http://www.debian.org/security/2000/20000910
Reference: XF:horde-imp-sendmail-command(5278)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5278

Name: CVE-2000-0911

Description:

IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

Status:Entry
Reference: BID:1679
Reference: URL:http://www.securityfocus.com/bid/1679
Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP
Reference: URL:http://www.securityfocus.com/archive/1/82088
Reference: XF:imp-attach-file(5227)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5227

Name: CVE-2000-0912

Description:

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.

Status:Entry
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html
Reference: XF:http-cgi-multihtml(5285)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5285

Name: CVE-2000-0913

Description:

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Status:Entry
Reference: BID:1728
Reference: URL:http://www.securityfocus.com/bid/1728
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html
Reference: CALDERA:CSSA-2000-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt
Reference: HP:HPSBUX0010-126
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html
Reference: MANDRAKE:MDKSA-2000:060
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: XF:apache-rewrite-view-files(5310)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5310

Name: CVE-2000-0914

Description:

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

Status:Entry
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: OSVDB:1592
Reference: URL:http://www.osvdb.org/1592
Reference: XF:bsd-arp-request-dos(5340)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5340

Name: CVE-2000-0915

Description:

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

Status:Entry
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: OSVDB:433
Reference: URL:http://www.osvdb.org/433
Reference: XF:freebsd-fingerd-files(5385)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5385

Name: CVE-2000-0917

Description:

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1712
Reference: URL:http://www.securityfocus.com/bid/1712
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html
Reference: CALDERA:CSSA-2000-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt
Reference: CERT:CA-2000-22
Reference: URL:http://www.cert.org/advisories/CA-2000-22.html
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc
Reference: REDHAT:RHSA-2000:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065.html
Reference: XF:lprng-format-string(5287)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5287

Name: CVE-2000-0919

Description:

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: OSVDB:472
Reference: URL:http://www.osvdb.org/472
Reference: XF:phpix-dir-traversal(5331)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5331

Name: CVE-2000-0920

Description:

Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."

Status:Entry
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: XF:boa-webserver-get-dir-traversal(5330)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5330

Name: CVE-2000-0921

Description:

Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status:Entry
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: OSVDB:1596
Reference: URL:http://www.osvdb.org/1596
Reference: XF:hassan-shopping-cart-dir-traversal(5342)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5342

Name: CVE-2000-0922

Description:

Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.

Status:Entry
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: XF:web-shopper-directory-traversal(5351)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5351

Name: CVE-2000-0923

Description:

authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Status:Entry
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute(5333)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5333

Name: CVE-2000-0924

Description:

Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.

Status:Entry
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: OSVDB:461
Reference: URL:http://www.osvdb.org/461
Reference: XF:master-index-directory-traversal(5355)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5355

Name: CVE-2000-0925

Description:

The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.

Status:Entry
Reference: BID:1734
Reference: URL:http://www.securityfocus.com/bid/1734
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://marc.info/?l=bugtraq&m=97050819812055&w=2
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html
Reference: XF:cyberoffice-world-readable-directory(5318)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5318

Name: CVE-2000-0926

Description:

SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.

Status:Entry
Reference: BID:1733
Reference: URL:http://www.securityfocus.com/bid/1733
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
Reference: URL:http://marc.info/?l=bugtraq&m=97050627707128&w=2
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
Reference: XF:cyberoffice-price-modification(5319)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5319

Name: CVE-2000-0927

Description:

WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

Status:Entry
Reference: BID:1724
Reference: URL:http://www.securityfocus.com/bid/1724
Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html
Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html
Reference: XF:quotaadvisor-quota-bypass(5302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5302

Name: CVE-2000-0928

Description:

WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.

Status:Entry
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: XF:quotaadvisor-list-files(5327)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5327

Name: CVE-2000-0929

Description:

Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.

Status:Entry
Reference: BID:1714
Reference: URL:http://www.securityfocus.com/bid/1714
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Reference: URL:http://marc.info/?l=bugtraq&m=97024839222747&w=2
Reference: MS:MS00-068
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068
Reference: XF:mediaplayer-outlook-dos(5309)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5309

Name: CVE-2000-0930

Description:

Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.

Status:Entry
Reference: BID:1738
Reference: URL:http://www.securityfocus.com/bid/1738
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html
Reference: XF:pegasus-file-forwarding(5326)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5326

Name: CVE-2000-0932

Description:

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html
Reference: XF:mailsweeper-smtp-dos(5641)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5641

Name: CVE-2000-0933

Description:

The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

Status:Entry
Reference: BID:1729
Reference: URL:http://www.securityfocus.com/bid/1729
Reference: MS:MS00-069
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-069
Reference: XF:win2k-simplified-chinese-ime(5301)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5301

Name: CVE-2000-0934

Description:

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.

Status:Entry
Reference: BID:1703
Reference: URL:http://www.securityfocus.com/bid/1703
Reference: REDHAT:RHSA-2000:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-062.html
Reference: XF:glint-symlink(5271)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5271

Name: CVE-2000-0935

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

Status:Entry
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-logging-sym-link(5443)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5443

Name: CVE-2000-0936

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

Status:Entry
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-logfile-info(5445)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5445

Name: CVE-2000-0937

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

Status:Entry
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5442

Name: CVE-2000-0938

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.

Status:Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5442

Name: CVE-2000-0941

Description:

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

Status:Entry
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: XF:kw-whois-meta(5438)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5438

Name: CVE-2000-0942

Description:

The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

Status:Entry
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-084
Reference: XF:iis-htw-cross-scripting(5441)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5441

Name: CVE-2000-0943

Description:

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.

Status:Entry
Reference: BID:1858
Reference: URL:http://www.securityfocus.com/bid/1858
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: XF:bftpd-user-bo(5426)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5426

Name: CVE-2000-0944

Description:

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

Status:Entry
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: XF:news-update-bypass-password(5433)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5433

Name: CVE-2000-0945

Description:

The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Status:Entry
Reference: BID:1846
Reference: URL:http://www.securityfocus.com/bid/1846
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
Reference: OSVDB:444
Reference: URL:http://www.osvdb.org/444
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5415

Name: CVE-2000-0946

Description:

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

Status:Entry
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: OSVDB:5831
Reference: URL:http://www.osvdb.org/5831
Reference: XF:compaq-ea-elevate-privileges(5718)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5718

Name: CVE-2000-0947

Description:

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Status:Entry
Reference: BID:1757
Reference: URL:http://www.securityfocus.com/bid/1757
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Reference: MANDRAKE:MDKSA-2000:061
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Reference: NETBSD:NetBSD-SA2000-013
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Reference: XF:cfengine-cfd-format-string(5630)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5630

Name: CVE-2000-0948

Description:

GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1761
Reference: URL:http://www.securityfocus.com/bid/1761
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/136866
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html
Reference: MANDRAKE:MDKSA-2000:055
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0
Reference: REDHAT:RHSA-2000:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html
Reference: XF:gnorpm-temp-symlink(5317)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5317

Name: CVE-2000-0949

Description:

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

Status:Entry
Reference: BID:1739
Reference: URL:http://www.securityfocus.com/bid/1739
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
Reference: CALDERA:CSSA-2000-034.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: URL:http://www.debian.org/security/2000/20001013
Reference: MANDRAKE:MDKSA-2000:053
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
Reference: REDHAT:RHSA-2000:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078.html
Reference: TURBO:TLSA2000023-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
Reference: XF:traceroute-heap-overflow(5311)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5311

Name: CVE-2000-0951

Description:

A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.

Status:Entry
Reference: ATSTAKE:A100400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt
Reference: BID:1756
Reference: URL:http://www.securityfocus.com/bid/1756
Reference: MSKB:Q272079
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079
Reference: XF:iis-index-dir-traverse(5335)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5335

Name: CVE-2000-0952

Description:

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:64
Reference: NETBSD:NetBSD-SA2000-014
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: OSVDB:6486
Reference: URL:http://www.osvdb.org/6486
Reference: XF:global-execute-remote-commands(5424)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5424

Name: CVE-2000-0953

Description:

Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.

Status:Entry
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: XF:shambala-connection-dos(5345)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5345

Name: CVE-2000-0956

Description:

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.

Status:Entry
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: REDHAT:RHSA-2000:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: XF:cyrus-sasl-gain-access(5427)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5427

Name: CVE-2000-0957

Description:

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

Status:Entry
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input(5447)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5447

Name: CVE-2000-0958

Description:

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.

Status:Entry
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access(5428)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5428

Name: CVE-2000-0959

Description:

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1719
Reference: URL:http://www.securityfocus.com/bid/1719
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Reference: URL:http://www.securityfocus.com/archive/1/85028
Reference: XF:glibc-unset-symlink(5299)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5299

Name: CVE-2000-0960

Description:

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

Status:Entry
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.info/?l=bugtraq&m=97138100426121&w=2
Reference: XF:netscape-messaging-email-verify(5364)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5364

Name: CVE-2000-0961

Description:

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

Status:Entry
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: XF:netscape-messaging-list-dos(5292)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5292

Name: CVE-2000-0962

Description:

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1723
Reference: URL:http://www.securityfocus.com/bid/1723
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: OSVDB:1574
Reference: URL:http://www.osvdb.org/1574
Reference: XF:openbsd-nmap-dos(5634)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5634

Name: CVE-2000-0964

Description:

Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1727
Reference: URL:http://www.securityfocus.com/bid/1727
Reference: BUGTRAQ:20000928 Another thingy.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html
Reference: XF:hinet-ipphone-get-bo(5298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5298

Name: CVE-2000-0965

Description:

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).

Status:Entry
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html
Reference: XF:hp-virtualvault-nsapi-dos(5361)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5361

Name: CVE-2000-0966

Description:

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: OSVDB:7244
Reference: URL:http://www.osvdb.org/7244
Reference: XF:hp-lpspooler-bo(5379)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5379

Name: CVE-2000-0967

Description:

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Status:Entry
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: DEBIAN:20001014a
Reference: DEBIAN:20001014b
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: XF:php-logging-format-string(5359)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5359

Name: CVE-2000-0968

Description:

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.

Status:Entry
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-server-changelevel-bo(5375)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5375

Name: CVE-2000-0969

Description:

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

Status:Entry
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: OSVDB:6983
Reference: URL:http://www.osvdb.org/6983
Reference: XF:halflife-rcon-format-string(5413)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5413

Name: CVE-2000-0970

Description:

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Status:Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
Reference: MS:MS00-080
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080
Reference: OSVDB:7265
Reference: URL:http://www.osvdb.org/7265
Reference: XF:session-cookie-remote-retrieval(5396)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5396

Name: CVE-2000-0972

Description:

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

Status:Entry
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files(5410)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5410

Name: CVE-2000-0973

Description:

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

Status:Entry
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: DEBIAN:20001013a
Reference: FREEBSD:FreeBSD-SA-00:72
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: XF:curl-error-bo(5374)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5374

Name: CVE-2000-0974

Description:

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

Status:Entry
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: CALDERA:CSSA-2000-038.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: DEBIAN:20001111 gnupg: incorrect signature verification
Reference: URL:http://www.debian.org/security/2000/20001111
Reference: FREEBSD:FreeBSD-SA-00:67
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: OSVDB:1608
Reference: URL:http://www.osvdb.org/1608
Reference: REDHAT:RHSA-2000:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089.html
Reference: XF:gnupg-message-modify(5386)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5386

Name: CVE-2000-0975

Description:

Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html
Reference: OSVDB:435
Reference: URL:http://www.osvdb.org/435
Reference: XF:anaconda-apexec-directory-traversal(5750)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5750

Name: CVE-2000-0976

Description:

Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

Status:Entry
Reference: BID:1805
Reference: URL:http://www.securityfocus.com/bid/1805
Reference: BUGTRAQ:20001012 another Xlib buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html
Reference: SGI:20020502-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I
Reference: XF:xfree-xlib-bo(5751)
Reference: URL:http://www.iss.net/security_center/static/5751.php

Name: CVE-2000-0977

Description:

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

Status:Entry
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: XF:mailfile-post-file-read(5358)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5358

Name: CVE-2000-0978

Description:

bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.

Status:Entry
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: XF:bb4-netmon-execute-commands(5719)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5719

Name: CVE-2000-0979

Description:

File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

Status:Entry
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.info/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072
Reference: OVAL:oval:org.mitre.oval:def:996
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996
Reference: XF:win9x-share-level-password(5395)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5395

Name: CVE-2000-0980

Description:

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.

Status:Entry
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: MS:MS00-073
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-073
Reference: XF:win-nmpi-packet-dos(5357)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5357

Name: CVE-2000-0981

Description:

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

Status:Entry
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication(5409)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5409

Name: CVE-2000-0982

Description:

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

Status:Entry
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt
Reference: MS:MS00-076
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076
Reference: XF:ie-cache-info(5367)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5367

Name: CVE-2000-0983

Description:

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.

Status:Entry
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077
Reference: MSKB:Q273854
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854
Reference: XF:netmeeting-desktop-sharing-dos(5368)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5368

Name: CVE-2000-0984

Description:

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Status:Entry
Reference: BID:1838
Reference: URL:http://www.securityfocus.com/bid/1838
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] Cisco IOS HTTP server DoS
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: XF:cisco-ios-query-dos(5412)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5412

Name: CVE-2000-0989

Description:

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.

Status:Entry
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: OSVDB:6488
Reference: URL:http://www.osvdb.org/6488
Reference: XF:intel-email-username-bo(5414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5414

Name: CVE-2000-0990

Description:

cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.

Status:Entry
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: XF:cmd5checkpw-qmail-bypass-authentication(5382)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5382

Name: CVE-2000-0991

Description:

Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.

Status:Entry
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: MS:MS00-079
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-079
Reference: XF:win-hyperterminal-telnet-bo(5387)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5387

Name: CVE-2000-0992

Description:

Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1742
Reference: URL:http://www.securityfocus.com/bid/1742
Reference: BUGTRAQ:20000930 scp file transfer hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Reference: BUGTRAQ:20001001 openssh2.2.p1 - Re: scp file transfer hole
Reference: MANDRAKE:MDKSA-2000:057
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057
Reference: XF:scp-overwrite-files(5312)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5312

Name: CVE-2000-0993

Description:

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Status:Entry
Reference: BID:1744
Reference: URL:http://www.securityfocus.com/bid/1744
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: FREEBSD:FreeBSD-SA-00:58
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
Reference: NETBSD:NetBSD-SA2000-015
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function.
Reference: URL:http://www.openbsd.org/errata27.html#pw_error
Reference: XF:bsd-libutil-format(5339)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5339

Name: CVE-2000-0994

Description:

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Status:Entry
Reference: BID:1746
Reference: URL:http://www.securityfocus.com/bid/1746
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: XF:bsd-fstat-format(5338)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5338

Name: CVE-2000-0995

Description:

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Status:Entry
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: OSVDB:6125
Reference: URL:http://www.osvdb.org/6125
Reference: XF:bsd-yp-passwd-format(5635)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5635

Name: CVE-2000-0996

Description:

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Status:Entry
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: OSVDB:6124
Reference: URL:http://www.osvdb.org/6124
Reference: XF:bsd-su-format(5636)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5636

Name: CVE-2000-1000

Description:

Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.

Status:Entry
Reference: BID:1747
Reference: URL:http://www.securityfocus.com/bid/1747
Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS
Reference: URL:http://www.securityfocus.com/archive/1/137374
Reference: XF:aim-file-transfer-dos(5314)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5314

Name: CVE-2000-1001

Description:

add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.

Status:Entry
Reference: BUGTRAQ:20001024 Price modification in Element InstantShop
Reference: URL:http://marc.info/?l=bugtraq&m=97240616129614&w=2
Reference: OSVDB:6487
Reference: URL:http://www.osvdb.org/6487
Reference: XF:instantshop-modify-price(5402)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5402

Name: CVE-2000-1002

Description:

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.

Status:Entry
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify(5363)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5363

Name: CVE-2000-1003

Description:

NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.

Status:Entry
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: XF:win-netbios-driver-type-dos(5370)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5370

Name: CVE-2000-1004

Description:

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Status:Entry
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: OSVDB:6123
Reference: URL:http://www.osvdb.org/6123
Reference: XF:bsd-photurisd-format(5336)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5336

Name: CVE-2000-1005

Description:

Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status:Entry
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: XF:extropia-webstore-fileread(5347)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5347

Name: CVE-2000-1006

Description:

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

Status:Entry
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869
Reference: MS:MS00-082
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-082
Reference: XF:ms-exchange-mime-dos(5448)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5448

Name: CVE-2000-1007

Description:

I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.

Status:Entry
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html
Reference: XF:igear-invalid-log(5791)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5791

Name: CVE-2000-1010

Description:

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Status:Entry
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: XF:linux-talkd-overwrite-root(5344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5344

Name: CVE-2000-1011

Description:

Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
Reference: OSVDB:6070
Reference: URL:http://www.osvdb.org/6070
Reference: XF:freebsd-catopen-bo(5638)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5638

Name: CVE-2000-1014

Description:

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

Status:Entry
Reference: BID:1717
Reference: URL:http://www.securityfocus.com/bid/1717
Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html
Reference: OSVDB:3240
Reference: URL:http://www.osvdb.org/3240
Reference: XF:unixware-scohelp-format(5291)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5291

Name: CVE-2000-1016

Description:

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Status:Entry
Reference: BID:1707
Reference: URL:http://www.securityfocus.com/bid/1707
Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4
Reference: URL:http://www.securityfocus.com/archive/1/84360
Reference: XF:suse-installed-packages-exposed(5276)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5276

Name: CVE-2000-1018

Description:

shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.

Status:Entry
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.info/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.info/?l=bugtraq&m=97131166004145&w=2
Reference: XF:shred-recover-files(5722)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5722

Name: CVE-2000-1019

Description:

Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.

Status:Entry
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97301487015664&w=2
Reference: XF:ultraseek-malformed-url-dos(5439)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5439

Name: CVE-2000-1022

Description:

The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.

Status:Entry
Reference: BID:1698
Reference: URL:http://www.securityfocus.com/bid/1698
Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Reference: XF:cisco-pix-smtp-filtering(5277)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5277

Name: CVE-2000-1024

Description:

eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.

Status:Entry
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.info/?l=bugtraq&m=97306581513537&w=2
Reference: XF:ewave-servletexec-file-upload(5450)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5450

Name: CVE-2000-1026

Description:

Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870
Reference: DEBIAN:20001120a
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: SUSE:SuSE-SA:2000:46
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
Reference: XF:tcpdump-afs-packet-overflow(5480)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5480

Name: CVE-2000-1027

Description:

Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.

Status:Entry
Reference: BID:1877
Reference: URL:http://www.securityfocus.com/bid/1877
Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs
Reference: URL:http://marc.info/?l=bugtraq&m=97059440000367&w=2
Reference: OSVDB:1623
Reference: URL:http://www.osvdb.org/1623
Reference: XF:cisco-pix-reveal-address(5646)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5646

Name: CVE-2000-1031

Description:

Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

Status:Entry
Reference: BID:1889
Reference: URL:http://www.securityfocus.com/bid/1889
Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )
Reference: URL:http://www.securityfocus.com/archive/1/75188
Reference: BUGTRAQ:20020902 Happy Labor Day from Snosoft
Reference: URL:http://www.securityfocus.com/archive/1/290115
Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: CERT-VN:VU#320067
Reference: URL:http://www.kb.cert.org/vuls/id/320067
Reference: FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: HP:HPSBUX0011-128
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html
Reference: HP:SSRT2275
Reference: URL:http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
Reference: HP:SSRT2280
Reference: XF:hp-dtterm(5461)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5461

Name: CVE-2000-1032

Description:

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.

Status:Entry
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: OSVDB:1632
Reference: URL:http://www.osvdb.org/1632
Reference: XF:fw1-login-response(5816)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5816

Name: CVE-2000-1034

Description:

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.

Status:Entry
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-085
Reference: XF:system-monitor-activex-bo(5467)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5467

Name: CVE-2000-1036

Description:

Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.

Status:Entry
Reference: BID:1704
Reference: URL:http://www.securityfocus.com/bid/1704
Reference: BUGTRAQ:20000920 Extent RBS directory Transversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html
Reference: XF:rbs-isp-directory-traversal(5275)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5275

Name: CVE-2000-1038

Description:

The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.

Status:Entry
Reference: AIXAPAR:SA90544
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=SA90544&apar=only
Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Reference: XF:as400-firewall-dos(5266)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5266

Name: CVE-2000-1040

Description:

Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.

Status:Entry
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: REDHAT:RHSA-2000:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086.html
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-printf-format-string(5394)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5394

Name: CVE-2000-1041

Description:

Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-remote-bo(5759)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5759

Name: CVE-2000-1042

Description:

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status:Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-bo(5730)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5730

Name: CVE-2000-1043

Description:

Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status:Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-format-string(5731)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5731

Name: CVE-2000-1044

Description:

Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.

Status:Entry
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-printf-format-string(5394)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5394

Name: CVE-2000-1045

Description:

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

Status:Entry
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: XF:nssldap-nscd-dos(5449)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5449

Name: CVE-2000-1047

Description:

Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.

Status:Entry
Reference: BID:1905
Reference: URL:http://www.securityfocus.com/bid/1905
Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server
Reference: URL:http://www.securityfocus.com/archive/1/143071
Reference: OSVDB:442
Reference: URL:http://www.osvdb.org/442
Reference: XF:lotus-domino-smtp-envid(5488)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5488

Name: CVE-2000-1049

Description:

Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.

Status:Entry
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.info/?l=bugtraq&m=97310314724964&w=2
Reference: XF:allaire-jrun-servlet-dos(5452)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5452

Name: CVE-2000-1050

Description:

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

Status:Entry
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.info/?l=bugtraq&m=97236316510117&w=2
Reference: OSVDB:500
Reference: URL:http://www.osvdb.org/500
Reference: XF:allaire-jrun-webinf-access(5407)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5407

Name: CVE-2000-1051

Description:

Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.

Status:Entry
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.info/?l=bugtraq&m=97236692714978&w=2
Reference: XF:allaire-jrun-ssifilter-url(5405)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5405

Name: CVE-2000-1054

Description:

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.

Status:Entry
Reference: BID:1705
Reference: URL:http://www.securityfocus.com/bid/1705
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: XF:ciscosecure-csadmin-bo(5272)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5272

Name: CVE-2000-1055

Description:

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.

Status:Entry
Reference: BID:1706
Reference: URL:http://www.securityfocus.com/bid/1706
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: OSVDB:1569
Reference: URL:http://www.osvdb.org/1569
Reference: XF:ciscosecure-tacacs-dos(5273)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5273

Name: CVE-2000-1056

Description:

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.

Status:Entry
Reference: BID:1708
Reference: URL:http://www.securityfocus.com/bid/1708
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: XF:ciscosecure-ldap-bypass-authentication(5274)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5274

Name: CVE-2000-1057

Description:

Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

Status:Entry
Reference: BID:1682
Reference: URL:http://www.securityfocus.com/bid/1682
Reference: HP:HPSBUX0009-120
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html
Reference: XF:hp-openview-nnm-scripts(5229)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5229

Name: CVE-2000-1058

Description:

Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

Status:Entry
Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
Reference: URL:http://marc.info/?l=bugtraq&m=97004856403173&w=2
Reference: HP:HPSBUX0009-121
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html
Reference: XF:openview-nmm-snmp-bo(5282)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5282

Name: CVE-2000-1059

Description:

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Status:Entry
Reference: BID:1735
Reference: URL:http://www.securityfocus.com/bid/1735
Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security.
Reference: URL:http://www.securityfocus.com/archive/1/136495
Reference: MANDRAKE:MDKSA-2000:052
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
Reference: XF:xinitrc-bypass-xauthority(5305)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5305

Name: CVE-2000-1060

Description:

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Status:Entry
Reference: BID:1736
Reference: URL:http://www.securityfocus.com/bid/1736
Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
Reference: FREEBSD:FreeBSD-SA-00:65
Reference: XF:xinitrc-bypass-xauthority(5305)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5305

Name: CVE-2000-1061

Description:

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

Status:Entry
Reference: MS:MS00-075
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075
Reference: XF:java-vm-applet(5127)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5127

Name: CVE-2000-1068

Description:

pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: CONFIRM:http://www.cgi-world.com/pollit.html
Reference: XF:pollit-polloptions-execute-commands(5792)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5792

Name: CVE-2000-1069

Description:

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var(5419)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5419

Name: CVE-2000-1070

Description:

pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-webroot-gain-access(5794)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5794

Name: CVE-2000-1071

Description:

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767
Reference: OSVDB:7213
Reference: URL:http://www.osvdb.org/7213
Reference: XF:ical-xhost-gain-privileges(5752)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5752

Name: CVE-2000-1072

Description:

iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768
Reference: OSVDB:7212
Reference: URL:http://www.osvdb.org/7212
Reference: XF:ical-iplncal-gain-access(5756)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5756

Name: CVE-2000-1073

Description:

csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: OSVDB:7210
Reference: URL:http://www.osvdb.org/7210
Reference: XF:ical-csstart-gain-access(5757)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5757

Name: CVE-2000-1074

Description:

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: OSVDB:7209
Reference: URL:http://www.osvdb.org/7209
Reference: XF:ical-csstart-gain-access(5757)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5757

Name: CVE-2000-1075

Description:

Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

Status:Entry
Reference: BID:1839
Reference: URL:http://www.securityfocus.com/bid/1839
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html
Reference: OSVDB:4086
Reference: URL:http://www.osvdb.org/4086
Reference: OSVDB:486
Reference: URL:http://www.osvdb.org/486
Reference: XF:iplanet-netscape-directory-traversal(5421)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5421

Name: CVE-2000-1077

Description:

Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.

Status:Entry
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo(5446)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5446

Name: CVE-2000-1080

Description:

Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.

Status:Entry
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.info/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: XF:quake-empty-udp-dos(5527)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5527

Name: CVE-2000-1089

Description:

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

Status:Entry
Reference: ATSTAKE:A120400-1
Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt
Reference: BID:2048
Reference: URL:http://www.securityfocus.com/bid/2048
Reference: MS:MS00-094
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-094
Reference: XF:phone-book-service-bo(5623)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5623

Name: CVE-2000-1094

Description:

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Status:Entry
Reference: ATSTAKE:A121200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt
Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97668265628917&w=2
Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97683774417132&w=2
Reference: OSVDB:1692
Reference: URL:http://www.osvdb.org/1692
Reference: XF:aolim-buddyicon-bo

Name: CVE-2000-1095

Description:

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: XF:linux-modprobe-execute-code(5516)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5516

Name: CVE-2000-1096

Description:

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Status:Entry
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118a
Reference: XF:vixie-cron-execute-commands(5543)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5543

Name: CVE-2000-1097

Description:

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

Status:Entry
Reference: BID:2013
Reference: URL:http://www.securityfocus.com/bid/2013
Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
Reference: OSVDB:1667
Reference: URL:http://www.osvdb.org/1667
Reference: XF:sonicwall-soho-dos(5596)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5596

Name: CVE-2000-1099

Description:

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

Status:Entry
Reference: HP:HPSBUX0011-132
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132
Reference: OSVDB:7255
Reference: URL:http://www.osvdb.org/7255
Reference: SUN:00199
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba
Reference: XF:jdk-untrusted-java-class(5605)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5605

Name: CVE-2000-1101

Description:

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Status:Entry
Reference: BID:2005
Reference: URL:http://www.securityfocus.com/bid/2005
Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html
Reference: XF:wftpd-dir-traverse(5608)
Reference: URL:http://www.iss.net/security_center/static/5608.php

Name: CVE-2000-1106

Description:

Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.

Status:Entry
Reference: BID:2014
Reference: URL:http://www.securityfocus.com/bid/2014
Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem
Reference: URL:http://www.securityfocus.com/archive/1/147563
Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html
Reference: XF:interscan-viruswall-unauth-access(5606)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5606

Name: CVE-2000-1107

Description:

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

Status:Entry
Reference: BID:2015
Reference: URL:http://www.securityfocus.com/bid/2015
Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html
Reference: XF:linux-ident-bo(5590)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5590

Name: CVE-2000-1108

Description:

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Status:Entry
Reference: BID:1945
Reference: URL:http://www.securityfocus.com/bid/1945
Reference: BUGTRAQ:20001113 Problems with cons.saver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
Reference: DEBIAN:20001125 mc: local DoS
Reference: URL:http://www.debian.org/security/2000/20001125
Reference: MANDRAKE:MDKSA-2000:078
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3
Reference: XF:midnight-commander-conssaver-symlink(5519)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5519

Name: CVE-2000-1109

Description:

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

Status:Entry
Reference: BID:2016
Reference: URL:http://www.securityfocus.com/bid/2016
Reference: BUGTRAQ:20001127 Midnight Commander
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
Reference: DEBIAN:DSA-036
Reference: URL:http://www.debian.org/security/2001/dsa-036
Reference: SUSE:SuSE-SA:2001:11
Reference: URL:http://www.novell.com/linux/security/advisories/2001_011_mc.html
Reference: XF:midnight-commander-elevate-privileges(5929)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5929

Name: CVE-2000-1111

Description:

Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.

Status:Entry
Reference: BID:2018
Reference: URL:http://www.securityfocus.com/bid/2018
Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS
Reference: URL:http://www.securityfocus.com/archive/1/147914
Reference: XF:win2k-telnet-dos(5598)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5598

Name: CVE-2000-1112

Description:

Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

Status:Entry
Reference: BID:1976
Reference: URL:http://www.securityfocus.com/bid/1976
Reference: MS:MS00-090
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090
Reference: XF:mediaplayer-wms-script-exe(5575)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5575

Name: CVE-2000-1113

Description:

Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.

Status:Entry
Reference: ATSTAKE:A112300-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt
Reference: BID:1980
Reference: URL:http://www.securityfocus.com/bid/1980
Reference: MS:MS00-090
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090
Reference: XF:mediaplayer-asx-bo(5574)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5574

Name: CVE-2000-1115

Description:

Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1979
Reference: URL:http://www.securityfocus.com/bid/1979
Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html
Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html
Reference: XF:software602-lan-suite-bo(5583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5583

Name: CVE-2000-1119

Description:

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

Status:Entry
Reference: AIXAPAR:IY08812
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only
Reference: AIXAPAR:IY10721
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only
Reference: BID:2032
Reference: URL:http://www.securityfocus.com/bid/2032
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: OSVDB:1676
Reference: URL:http://www.osvdb.org/1676
Reference: XF:aix-setsenv-bo(5621)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5621

Name: CVE-2000-1120

Description:

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

Status:Entry
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2033
Reference: URL:http://www.securityfocus.com/bid/2033
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-digest-bo(5620)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5620

Name: CVE-2000-1121

Description:

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

Status:Entry
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2034
Reference: URL:http://www.securityfocus.com/bid/2034
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-enq-bo(5619)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5619

Name: CVE-2000-1122

Description:

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

Status:Entry
Reference: AIXAPAR:IY07790
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07790&apar=only
Reference: AIXAPAR:IY07831
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07831&apar=only
Reference: BID:2035
Reference: URL:http://www.securityfocus.com/bid/2035
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2

Name: CVE-2000-1123

Description:

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

Status:Entry
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2036
Reference: URL:http://www.securityfocus.com/bid/2036
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-pioout-bo(5617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5617

Name: CVE-2000-1124

Description:

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

Status:Entry
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2037
Reference: URL:http://www.securityfocus.com/bid/2037
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-piobe-bo(5616)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5616

Name: CVE-2000-1131

Description:

Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.

Status:Entry
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: XF:gbook-cgi-remote-execution(5509)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5509

Name: CVE-2000-1132

Description:

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.

Status:Entry
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1
Reference: OSVDB:1646
Reference: URL:http://www.osvdb.org/1646
Reference: XF:dcforum-cgi-view-files(5533)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5533

Name: CVE-2000-1135

Description:

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001130
Reference: OSVDB:7208
Reference: URL:http://www.osvdb.org/7208
Reference: XF:linux-fsh-symlink(5633)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5633

Name: CVE-2000-1136

Description:

elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: BID:1984
Reference: URL:http://www.securityfocus.com/bid/1984
Reference: BUGTRAQ:20001122 New version of elvis-tiny released
Reference: URL:http://marc.info/?l=bugtraq&m=97502995616099&w=2
Reference: XF:linux-tinyelvis-tmpfiles(5632)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5632

Name: CVE-2000-1137

Description:

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Status:Entry
Reference: BUGTRAQ:20001211 Immunix OS Security update for ed
Reference: CONECTIVA:CLA-2000:359-2
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359
Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001129
Reference: MANDRAKE:MDKSA-2000:076
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3
Reference: OSVDB:6491
Reference: URL:http://www.osvdb.org/6491
Reference: REDHAT:RHSA-2000:123
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html
Reference: XF:gnu-ed-symlink(5723)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5723

Name: CVE-2000-1139

Description:

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

Status:Entry
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958
Reference: MS:MS00-088
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-088
Reference: XF:ms-exchange-username-pwd(5537)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5537

Name: CVE-2000-1140

Description:

Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.

Status:Entry
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

Name: CVE-2000-1141

Description:

Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

Name: CVE-2000-1142

Description:

Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-pwd-reveal-information(5949)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5949

Name: CVE-2000-1143

Description:

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

Name: CVE-2000-1144

Description:

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.

Status:Entry
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-inode-disclosure(5472)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5472

Name: CVE-2000-1145

Description:

Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-identify-processes(5950)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5950

Name: CVE-2000-1146

Description:

Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.

Status:Entry
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-dir-dos(5528)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5528

Name: CVE-2000-1148

Description:

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.

Status:Entry
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: XF:volanochatpro-plaintext-password(5465)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5465

Name: CVE-2000-1149

Description:

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.

Status:Entry
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-087
Reference: XF:nt-termserv-gina-bo(5489)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5489

Name: CVE-2000-1162

Description:

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: BID:1990
Reference: URL:http://www.securityfocus.com/bid/1990
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: REDHAT:RHSA-2000:114
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html
Reference: XF:ghostscript-sym-link(5563)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5563

Name: CVE-2000-1163

Description:

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Status:Entry
Reference: BID:1991
Reference: URL:http://www.securityfocus.com/bid/1991
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: XF:ghostscript-env-variable(5564)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5564

Name: CVE-2000-1164

Description:

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

Status:Entry
Reference: BID:1961
Reference: URL:http://www.securityfocus.com/bid/1961
Reference: BUGTRAQ:20001118 WinVNC 3.3.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html
Reference: XF:winvnc-modify-registry(5545)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5545

Name: CVE-2000-1165

Description:

Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.

Status:Entry
Reference: BID:1981
Reference: URL:http://www.securityfocus.com/bid/1981
Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html
Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/
Reference: FREEBSD:FreeBSD-SA-01:02
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc
Reference: XF:balabit-syslog-ng-dos(5576)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5576

Name: CVE-2000-1166

Description:

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Status:Entry
Reference: BID:1998
Reference: URL:http://www.securityfocus.com/bid/1998
Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html
Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG
Reference: XF:twig-php3-script-execute(5581)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5581

Name: CVE-2000-1167

Description:

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

Status:Entry
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: OSVDB:1655
Reference: URL:http://www.osvdb.org/1655
Reference: XF:freebsd-ppp-bypass-gateway(5584)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5584

Name: CVE-2000-1169

Description:

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

Status:Entry
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: OSVDB:2114
Reference: URL:http://www.osvdb.org/2114
Reference: OSVDB:6248
Reference: URL:http://www.osvdb.org/6248
Reference: REDHAT:RHSA-2000:111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: XF:openssh-unauthorized-access(5517)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5517

Name: CVE-2000-1170

Description:

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1956
Reference: URL:http://www.securityfocus.com/bid/1956
Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=97439536016554&w=2
Reference: CONFIRM:http://www.netsnap.com/new.htm
Reference: XF:netsnap-remote-bo(5534)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5534

Name: CVE-2000-1171

Description:

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.

Status:Entry
Reference: BID:1963
Reference: URL:http://www.securityfocus.com/bid/1963
Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
Reference: XF:cgiforum-view-files(5553)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5553

Name: CVE-2000-1174

Description:

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

Status:Entry
Reference: BID:1972
Reference: URL:http://www.securityfocus.com/bid/1972
Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html
Reference: CONECTIVA:CLSA-2000:342
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342
Reference: DEBIAN:20001121 ethereal: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001122a
Reference: FREEBSD:FreeBSD-SA-00:81
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc
Reference: REDHAT:RHSA-2000:116
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html
Reference: XF:ethereal-afs-bo(5557)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5557

Name: CVE-2000-1178

Description:

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

Status:Entry
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.info/?l=bugtraq&m=97500174210821&w=2
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: REDHAT:RHSA-2000:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: XF:joe-symlink-corruption(5546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5546

Name: CVE-2000-1179

Description:

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.

Status:Entry
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.info/?l=bugtraq&m=97440068130051&w=2
Reference: XF:netopia-view-system-log(5536)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5536

Name: CVE-2000-1180

Description:

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.

Status:Entry
Reference: BID:1968
Reference: URL:http://www.securityfocus.com/bid/1968
Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle
Reference: URL:http://marc.info/?l=bugtraq&m=97474521003453&w=2
Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
Reference: XF:oracle-cmctl-bo(5551)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5551

Name: CVE-2000-1181

Description:

Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

Status:Entry
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: XF:realserver-gain-access(5538)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5538

Name: CVE-2000-1182

Description:

WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.

Status:Entry
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: XF:watchguard-firebox-ftp-dos(5535)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5535

Name: CVE-2000-1184

Description:

telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc
Reference: OSVDB:6083
Reference: URL:http://www.osvdb.org/6083
Reference: XF:telnetd-termcap-dos(5959)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5959

Name: CVE-2000-1187

Description:

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

Status:Entry
Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape
Reference: URL:http://marc.info/?l=bugtraq&m=97500270012529&w=2
Reference: CONECTIVA:CLSA-2000:344
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344
Reference: FREEBSD:FreeBSD-SA-00:66
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
Reference: OSVDB:7207
Reference: URL:http://www.osvdb.org/7207
Reference: REDHAT:RHSA-2000:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html
Reference: SUSE:SuSE-SA:2000:48
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html
Reference: XF:netscape-client-html-bo(5542)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5542

Name: CVE-2000-1189

Description:

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

Status:Entry
Reference: CONECTIVA:CLA-2000:358
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358
Reference: MANDRAKE:MDKSA-2000:082-1
Reference: URL:http://www.linux-mandrake.