| OSVDB ID | Disclosure Date | Title |
|---|
|
1760
Description:
(Description Provided by CVE) : Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
|
1998-12-29
|
SCO UNIX calserver Remote Buffer Overflow
|
|
6604
Description:
(Description Provided by CVE) : SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
|
1998-12-28
|
SSH Unprivileged Remote Port Forward
|
|
9412
Description:
(Description Provided by CVE) : Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
|
1998-12-28
|
Oracle TNSLSNR SQL*Net Listener Malformed String DoS
|
|
6605
Description:
(Description Provided by CVE) : mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
|
1998-12-27
|
MySQL mysqld Readable Log File Information Disclosure
|
|
13022
Description:
(Description Provided by CVE) : Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program.
|
1998-12-27
|
Breeze Network Server configbreeze CGI Script Unauthorized Reboot DoS
|
|
13024
Description:
(Description Provided by CVE) : Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
|
1998-12-27
|
Linux Kernel Random Device Large Buffer Read DoS
|
|
1640
Description:
(Description Provided by CVE) : Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
|
1998-12-26
|
BNC IRC Proxy USER Command Remote Overflow
|
|
12983
Description:
(Description Provided by CVE) : nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl.
|
1998-12-26
|
nlog nlog-smb.pl IP Address Argument Arbitrary Command Execution
|
|
12984
Description:
(Description Provided by CVE) : nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl.
|
1998-12-26
|
nlog rpc-nlog.pl IP Address Argument Arbitrary Command Execution
|
|
61249
Description:
Unknown / Incomplete
|
1998-12-25
|
Microsoft IIS ctss.idc table Parameter SQL Injection
|
|
1
Description:
ColdFusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker specifies the OpenFilePath variable in the Expression Evaluator. This allows an attacker to view the contents of arbitrary files on the server and may result in a loss of confidentiality.
|
1998-12-25
|
ColdFusion Application Server exprcalc.cfm OpenFilePath Parameter Arbitrary File Disclosure
|
|
475
Description:
Unknown / Incomplete
|
1998-12-25
|
Microsoft IIS bdir.htr Arbitrary Directory Listing
|
|
10493
Description:
(Description Provided by CVE) : HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
|
1998-12-25
|
ColdFusion HTTP Client mainframeset.cfm Page Restriction Bypass
|
|
7526
Description:
(Description Provided by CVE) : Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
|
1998-12-24
|
Solaris kcms_configure Local Command Overflow
|
|
8786
Description:
(Description Provided by CVE) : BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.
|
1998-12-24
|
BackWeb Client Cleartext Proxy Password
|
|
7866
Description:
(Description Provided by CVE) : Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
|
1998-12-23
|
Microsoft IE Frame Spoofing Content Injection
|
|
7874
Description:
(Description Provided by CVE) : By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
|
1998-12-23
|
Microsoft IE Cross-domain Sub-frame Navigation Content Spoofing
|
|
11497
Description:
(Description Provided by CVE) : Linux PAM modules allow local users to gain root access using temporary files.
|
1998-12-23
|
Linux PAM Modules Insecure Temp File Privilege Escalation
|
|
88776
Description:
By default, DEC DECnet installs with default user credentials (username/password combination). The 'DECNET' account has no password, which is publicly known and documented. This allows local attackers to trivially access the program or system and gain privileged access.
|
1998-12-22
|
DEC DECnet Default DECNET Account
|
|
5707
Description:
BSD-derived TCP/IP implementations contain a flaw that may allow a remote denial of service. The issue is triggered when short TCP packets with certain options set are sent to the system, and will result in loss of availability for the system.
|
1998-12-21
|
Multiple BSD-derived TCP/IP Short Packet DoS
|
|
12956
Description:
(Description Provided by CVE) : Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
|
1998-12-18
|
Corel Word Perfect for Linux Installation Symlink Arbitrary File Overwrite
|
|
923
Description:
(Description Provided by CVE) : The passwd command in Solaris can be subjected to a denial of service.
|
1998-12-17
|
Solaris passwd Local DoS
|
|
11257
Description:
A remote overflow exists in Microsoft Internet Information Server (IIS). The server fails to validate the length of GET requests, resulting in a buffer overflow. With a specially crafted request, an attacker can cause the server to consume all available resources on the host, resulting in a loss of availability.
|
1998-12-17
|
Microsoft IIS Malformed GET Request DoS
|
|
1669
Description:
(Description Provided by CVE) : classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
|
1998-12-15
|
Greg Mathews classifieds.cgi Shell Metacharacter Arbitrary File Access
|
|
1673
Description:
Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'classifieds.cgi' not properly sanitizing user-supplied input. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
1998-12-15
|
Greg Mathews classifieds.cgi Hidden Variable Manipulation Arbitrary Command Execution
|
|
12959
Description:
(Description Provided by CVE) : ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
|
1998-12-15
|
Iomega ZIP Drive Alternate Disk Known Password Bypass
|
|
7347
Description:
Rule Set Based Access Control (RSBAC) contains a flaw related to the receiving and sending datagram sockets that may allow an attacker to gain escalated privileges. No further details have been provided.
|
1998-12-11
|
RSBAC Unspecified Send/Receive Datagram Socket
|
|
925
Description:
(Description Provided by CVE) : Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
|
1998-12-10
|
Microsoft Excel 97 CALL Arbitrary Command Execution
|
|
8516
Description:
IRIX contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker causes the fcagent daemon to disable a FibreVault enclosure. The vulnerability can be exploited remotely by using carefully crafted RPC packets that are sent to the fcagent(1m) daemon, and will result in loss of availability for the service.
|
1998-12-10
|
IRIX fcagent Unspecified Remote DoS
|
|
11509
Description:
(Description Provided by CVE) : ICMP redirect messages may crash or lock up a host.
|
1998-12-10
|
Multiple Vendor ICMP Redirect Message DoS
|
|
13023
Description:
RealNetwork's RealSystem G2 contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text admin passwords when installation occurs, which may lead to a loss of confidentiality.
|
1998-12-10
|
RealSystem G2 Server Config File Admin Cleartext Password Disclosure
|
|
8100
Description:
(Description Provided by CVE) : fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
|
1998-12-07
|
fte-console Virtual Console Device Local Privilege Escalation
|
|
17947
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX remshd Unspecified Privilege Escalation
|
|
17948
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rexecd Unspecified Privilege Escalation
|
|
17949
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rlogind Unspecified Privilege Escalation
|
|
17950
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rlogin Unspecified Privilege Escalation
|
|
17951
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX remsh Unspecified Privilege Escalation
|
|
17952
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rcp Unspecified Privilege Escalation
|
|
17953
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rexec Unspecified Privilege Escalation
|
|
17954
Description:
(Description Provided by CVE) : Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
1998-12-06
|
HP-UX rdist Unspecified Privilege Escalation
|
