[CLOSE] OSVDB ID : 4748 - Disclosed: 1992-12-14

Description:

Hermes Bulletin Board Software allows a remote attacker to gain administrative privileges. The flaw is due to a backdoor coded into the software. By logging in with a specific name, phone number and password, any person can gain full administrative control over the BBS.

[CLOSE] OSVDB ID : 45578 - Disclosed: 1992-12-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 796 - Disclosed: 1992-12-10

Description:

Cisco IOS contains a flaw that may allow a malicious user to bypass Access Control Lists. The issue is triggered by a combination of configuration options which combine to affect the way certain ACLs are evaluated. It is possible that the flaw may allow unauthorized network traffic resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 64 - Disclosed: 1992-10-28

Description:

(Description Provided by CVE) : Finger redirection allows finger bombs.

[CLOSE] OSVDB ID : 7623 - Disclosed: 1992-10-14

Description:

(Description Provided by CVE) : Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

[CLOSE] OSVDB ID : 8615 - Disclosed: 1992-08-23

Description:

UnZip contains a flaw related to the 'sco_dos' cross-compilation target that may allow an attacker to cause a stack overflow. No further details have been provided.

[CLOSE] OSVDB ID : 893 - Disclosed: 1992-07-22

Description:

(Description Provided by CVE) : NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.

[CLOSE] OSVDB ID : 14739 - Disclosed: 1992-07-10

Description:

ViSiON-X contains a flaw that may allow a regular user to gain elevated privileges or execute arbitrary programs. The issue is due to the upload Matrix not properly sanitizing file names and storing files in the main BBS directory. An attacker could upload a file named VISION-X.EXE, COMMAND.COM, or COMMAND.EXE which would be executed the next time the BBS was run.

[CLOSE] OSVDB ID : 84726 - Disclosed: 1992-07-08

Description:

Ultrix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when /bin/mail is ran from shell-escape. This will allow a local attacker to gain access to any password submitted to su.

[CLOSE] OSVDB ID : 894 - Disclosed: 1992-07-02

Description:

(Description Provided by CVE) : Denial of service by sending forged ICMP unreachable packets.

[CLOSE] OSVDB ID : 3276 - Disclosed: 1992-06-25

Description:

Unicos contains a flaw that allows an unprivileged local user to read arbitrary files and modify system configurations. The issue is due to a non-descript flaw in the "accton" command.

[CLOSE] OSVDB ID : 8111 - Disclosed: 1992-06-04

Description:

NIS contains a flaw that may allow a malicious user to get password files. The issue is due to the insufficient access control for NIS Query. By guessing and requesting a domain name, a remote attacker can collect a password file from the NIS map replied by a NIS server, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 8028 - Disclosed: 1992-05-27

Description:

(Description Provided by CVE) : SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

[CLOSE] OSVDB ID : 30926 - Disclosed: 1992-05-26

Description:

(Description Provided by CVE) : Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.

[CLOSE] OSVDB ID : 25089 - Disclosed: 1992-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 892 - Disclosed: 1992-04-27

Description:

(Description Provided by CVE) : FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 891 - Disclosed: 1992-03-19

Description:

IBM AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an insecure default configuration of UUCP where users can aquire root privileges. This flaw may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 7988 - Disclosed: 1992-03-01

Description:

(Description Provided by CVE) : AIX passwd allows local users to gain root access.

[CLOSE] OSVDB ID : 8318 - Disclosed: 1992-02-28

Description:

(Description Provided by CVE) : SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 890 - Disclosed: 1992-02-25

Description:

(Description Provided by CVE) : Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 17069 - Disclosed: 1992-02-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15267 - Disclosed: 1992-01-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 84725 - Disclosed: 1992-01-08

Description:

UNIX and SysV R4 contain a flaw that is triggered by sadc having root privileges. This may allow an attacker to create arbitrary files that contain escalated privileges.

[CLOSE] OSVDB ID : 84724 - Disclosed: 1992-01-08

Description:

A/UX contains a flaw that is triggered by sadc having root privileges. This may allow an attacker to create arbitrary files that contain escalated privileges.

[CLOSE] OSVDB ID : 17063 - Disclosed: 1992-01-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11449 - Disclosed: 1992-01-01

Description:

(Description Provided by CVE) : The rwho/rwhod service is running, which exposes machine status and user information.

[CLOSE] OSVDB ID : 11451 - Disclosed: 1992-01-01

Description:

The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks.

[CLOSE] OSVDB ID : 14727 - Disclosed: 1992-01-01

Description:

KBBS contains a flaw that may allow a regular user to spoof the system operator (SYSOP) email. The issue is due to the bulletin board accepting white space in user names. This may allow a user to create a name that appears to be the same as the system operator (ie: "John Doe " instead of "John Doe"). Email from such a user may appear to be from the legitimate SYSOP and convince other users to execute commands or perform actions they would not otherwise do.

[CLOSE] OSVDB ID : 14728 - Disclosed: 1992-01-01

Description:

By default, Oblivion/2 installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 14729 - Disclosed: 1992-01-01

Description:

PCBoard contains a flaw that may allow a user to gain elevated privileges. The issue is due to the system not properly sanitizing input to the OP (Open door) command. If the system allows parameters such as /SYSOP, /DEBUG, or /SEC:255, these parameters can be invoked via the OPEN command to gain privileges.