| OSVDB ID | Disclosure Date | Title |
|---|
|
10058
Description:
(Description Provided by CVE) : Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions.
|
1998-01-30
|
Livingston Portmaster ComOS Predictable TCP ISN Generation Weakness
|
|
6328
Description:
A remote overflow exists in elm. The save_embedded_address() function fails to perform proper bounds checking resulting in a buffer overflow. By sending a message containing a "From" or "Reply-To" field with 512 bytes or more, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
1998-01-29
|
Elm save_embedded_address() Remote Overflow
|
|
3812
Description:
gzip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the gzexe script creates temp files insecurely. It is possible that the flaw may allow arbitrary file overwriting resulting in a loss of integrity.
|
1998-01-28
|
gzip gzexe Insecure Temp File Creation
|
|
6329
Description:
(Description Provided by CVE) : Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command line argument.
|
1998-01-28
|
Elm get_filter_rules() Command Line Overflow
|
|
8013
Description:
(Description Provided by CVE) : Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
|
1998-01-28
|
IBM AIX digest printq Arbitrary File Modification
|
|
90
Description:
(Description Provided by CVE) : htmlscript CGI program allows remote read access to files.
|
1998-01-27
|
Miva htmlscript URI Traversal Arbitrary File Access
|
|
1284
Description:
Unknown / Incomplete
|
1998-01-23
|
IRCnet IRCD channel.c Unspecified Overflow
|
|
2929
Description:
AOL Server installs with the "nsd.ini" file world readable. This file controls all aspects of the server including administrative login and password. A local malicious user can read the file to obtain the password hash and crack it. With the administrative password the attacker can modify the AOLserver configuration, change passwords or shutdown the server.
|
1998-01-22
|
AOL Server Admin Password Exposure
|
|
6430
Description:
A local overflow exists in CVSNT. The program fails to check the bounds of the 'arg' variable in server.c resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.
|
1998-01-22
|
CVSNT server.c arg Variable Overflow
|
|
83449
Description:
Yapp Conferencing System is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. When handling a specially crafted 'bbs' environment variable the program fails to perform a bounds check, which may allow a local attacker to potentially execute arbitrary code with root privileges.
|
1998-01-21
|
Yapp Conferencing System bbs Environment Variable Handling Local Overflow
|
|
3168
Description:
Debian's Xfree86 wrapper provided to add security to the X-Windows setup contains flaws that allow a local attacker to easily bypass the checks performed. The wrapper script performs several checks in an attempt to ensure only authorized users can access and execute the X-Windows related programs, however, due to these checks being poorly written, any local user attempting to access the X-Windows programs can trivially bypass the checks, rendering them useless.
|
1998-01-21
|
XFree86 on Debian Linux Security Wrapper Bypass Checks
|
|
11648
Description:
(Description Provided by CVE) : Unauthorized privileged access or denial of service via dtappgather program in CDE.
|
1998-01-21
|
CDE dtappgather Symlink Privilege Escalation
|
|
79047
Description:
Unknown / Incomplete
|
1998-01-21
|
Webmin Config File Cleartext Password Local Disclosure
|
|
8896
Description:
(Description Provided by CVE) : AAA authentication on Cisco systems allows attackers to execute commands without authorization.
|
1998-01-21
|
Cisco AAA Authentication Arbitrary Command Execution
|
|
914
Description:
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
|
1998-01-20
|
ssh-agent with RSA Authentication Remote Access
|
|
2931
Description:
Legacy versions of CyberSitter contains a flaw that causes the system to inadvertantly filter harmless and legitimate traffic. Due to the program installing software that modifies the TCP stack, all traffic to/from the box passes through the CyberSitter filter. The checks performed to identify bad traffic are poorly written causing the filter to flag legitimate traffic as bad.
|
1998-01-20
|
CyberSitter Traffic Filter Issue
|
|
83448
Description:
Red Hat Linux is prone to an overflow condition. This issue is triggered when msgchk fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a local attacker to execute arbitrary codes.
|
1998-01-19
|
Red Hat Linux MH msgchk Local Overflow
|
|
122
Description:
Netscape FastTrack contains a flaw that allows a remote user to obtain a directory listing of files regardless of the presence of "index.html" (or similar default files). The issue is due to FastTrack not properly handling lower case web requests. By requesting a "get" instead of "GET", an attacker can bypass the displaying of default files and see a raw listing of files in a directory.
|
1998-01-16
|
Netscape FastTrack get Command Forced Directory Listing
|
|
55
Description:
(Description Provided by CVE) : Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.
|
1998-01-16
|
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
|
|
6979
Description:
RealServer contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker telnets to the pnserver and issues a specially crafted request, and will result in loss of availability for the service.
|
1998-01-15
|
RealServer pnserver Malformed Request DoS
|
|
83795
Description:
NetBSD is prone to an overflow condition. This issue is triggered when a single file is mapped to an excessive amount of files, which will result in an integer overflow. When handling a specially crafted i_count member in the inode structure, a local attacker can potentially cause a denial of service or execute arbitrary code.
|
1998-01-14
|
NetBSD inode Structure i_count Member Handling Local Overflow DoS
|
|
83794
Description:
IRIX is prone to an overflow condition. This issue is triggered when a single file is mapped to an excessive amount of files, which will result in an integer overflow. When handling a specially crafted i_count member in the inode structure, a local attacker can potentially cause a denial of service or execute arbitrary code.
|
1998-01-14
|
IRIX inode Structure i_count Member Handling Local Overflow DoS
|
|
83793
Description:
BSDI is prone to an overflow condition. This issue is triggered when a single file is mapped to an excessive amount of files, which will result in an integer overflow. When handling a specially crafted i_count member in the inode structure, a local attacker can potentially cause a denial of service or execute arbitrary code.
|
1998-01-14
|
BSDI inode Structure i_count Member Handling Local Overflow DoS
|
|
942
Description:
(Description Provided by CVE) : Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
|
1998-01-14
|
Linux deliver Local Overflow
|
|
7634
Description:
(Description Provided by CVE) : Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
|
1998-01-14
|
Classic Cisco IOS Command History Information Disclosure
|
|
7830
Description:
(Description Provided by CVE) : Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
|
1998-01-14
|
Microsoft IE mk: URL Handling Remote Overflow
|
|
83447
Description:
Linux Kernel is prone to an overflow condition. This issue is triggered when a single file is mapped to an excessive amount of files, which will result in an integer overflow. When handling a specially crafted i_count member in the inode structure, a local attacker can potentially cause a denial of service or execute arbitrary code.
|
1998-01-14
|
Linux Kernel inode Structure i_count Member Handling Local Overflow
|
|
9051
Description:
(Description Provided by CVE) : sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
|
1998-01-12
|
sudo Double Dot Arbitrary Command Execution
|
|
205
Description:
(Description Provided by CVE) : Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
|
1998-01-10
|
Sendmail HELO Command Mail Identity Concealment
|
|
12960
Description:
(Description Provided by CVE) : Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script.
|
1998-01-10
|
cidentd .authlie Long Line Local Overflow
|
|
56528
Description:
(Description Provided by CVE) : AIX routed allows remote users to modify sensitive files.
|
1998-01-08
|
IBM AIX routed Crafted Packet Remote File Creation/Modification
|
|
11012
Description:
(Description Provided by CVE) : NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
|
1998-01-08
|
Novell NetWare NFS Read Only Unix Flag Local Privilege Escalation
|
|
11455
Description:
(Description Provided by CVE) : Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
|
1998-01-08
|
Microsoft IIS / PWS DOS Filename Request Access Bypass
|
|
9688
Description:
(Description Provided by CVE) : mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
|
1998-01-06
|
Apache HTTP Server mod_proxy Malformed FTP Command DoS
|
|
5730
Description:
Windows contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted IP packet fragments are sent to a target, and will result in loss of availability for the platform.
|
1998-01-05
|
Multiple Vendor TCP/IP Reassembly Remote DoS (Bonk)
|
|
13522
Description:
(Description Provided by CVE) : DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
|
1998-01-05
|
DIT TransferPro ff Device Driver Permission Weakness
|
|
13527
Description:
(Description Provided by CVE) : gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.
|
1998-01-02
|
Gnu GCC Temporary Files Symlink Arbitrary File Overwrite
|
|
52423
Description:
Unknown / Incomplete
|
1998-01-02
|
REDOC-III Algorithm Differential Attack Cryptanalysis Weakness
|
|
53062
Description:
Unknown / Incomplete
|
1998-01-01
|
Caucho Resin caucho-status Information Disclosure
|
|
871
Description:
By default, Motorola Vanguard Routers install with a default password. The "atds0" account has no password which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1998-01-01
|
Motorola Vanguard Default Telnet Account
|
