[CLOSE] OSVDB ID : 29234 - Disclosed: 1997-04-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8217 - Disclosed: 1997-04-27

Description:

(Description Provided by CVE) : Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

[CLOSE] OSVDB ID : 4894 - Disclosed: 1997-04-27

Description:

A local overflow exists in MIT Kerberos 5 when utilizing the Kerberos 4 compatibility libraries. Several Kerberos related programs fail to perform proper boundry checking on the KRB_CONF environment variable. With a specially crafted request, an attacker can gain unauthorized root access to vulnerable systems. This compromise would result in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 83 - Disclosed: 1997-04-24

Description:

Guestbook CGI contains a flaw that may allow a remote attacker to arbitrary execute commands. The problem is that the script does not validate user-supplied input, which may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 1110 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : Buffer overflow in PHP cgi program, php.cgi allows shell access.

[CLOSE] OSVDB ID : 6787 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : Buffer overflow in Solaris fdformat command gives root access to local users.

[CLOSE] OSVDB ID : 11018 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

[CLOSE] OSVDB ID : 88696 - Disclosed: 1997-04-09

Description:

By default, Kentrox Pacesetter Router is distrubited with default user credentials (username/password combination). The supervisor account has a password of 'SECRET', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 83672 - Disclosed: 1997-04-09

Description:

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. During NTLM authentication a remote attacker can set the negotiation between the NTLM authentication server and the client to a constant. This will allow an attacker to gain access to username, domain name, or workgroup and hostname information via a specially crafted request.

[CLOSE] OSVDB ID : 83797 - Disclosed: 1997-04-08

Description:

Microsoft Internet Explorer on Windows NT contains a flaw that is triggered when the program sends a hashed versions of the user's password during the authentication negotiation. This may allow a remote attacker to gain access to password information via a man-in-the-middle-attack.

[CLOSE] OSVDB ID : 2953 - Disclosed: 1997-04-08

Description:

Norton Utilities contains a flaw that allows a remote attacker to send commands from a remote machine that will be executed on the target server. The issue is due to a flaw in the Active-X implementation in Internet Explorer and the way Norton Utilities uses it.

[CLOSE] OSVDB ID : 6087 - Disclosed: 1997-04-07

Description:

FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.

[CLOSE] OSVDB ID : 82929 - Disclosed: 1997-04-06

Description:

Digital Unix contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to SUID binaries creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against a core dump to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 3543 - Disclosed: 1997-04-06

Description:

WebScripts WebBBS contains a non-descript flaw that allows users to include SSI in messages.

[CLOSE] OSVDB ID : 83141 - Disclosed: 1997-04-04

Description:

A local overflow exists in IBM AIX. The C Library (libc) fails to properly handle long values in the LC_MESSAGES environment variable resulting in a buffer overflow. With a specially crafted request, a local attacker can gain root access resulting in a loss of integrity. This can be exploited through binaries that use the library, such as /bin/host and /usr/sbin/mount.

[CLOSE] OSVDB ID : 247 - Disclosed: 1997-04-02

Description:

IRIX contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the wrap script not properly sanitizing user input, specifically directory traversal style attacks (../../).

[CLOSE] OSVDB ID : 10615 - Disclosed: 1997-04-02

Description:

(Description Provided by CVE) : Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.

[CLOSE] OSVDB ID : 1109 - Disclosed: 1997-04-01

Description:

(Description Provided by CVE) : Buffer overflow in NLS (Natural Language Service).

[CLOSE] OSVDB ID : 10975 - Disclosed: 1997-04-01

Description:

(Description Provided by CVE) : Denial of service through Winpopup using large user names.