[CLOSE] OSVDB ID : 7393 - Disclosed: 1998-05-28

Description:

(Description Provided by CVE) : xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

[CLOSE] OSVDB ID : 8565 - Disclosed: 1998-05-27

Description:

(Description Provided by CVE) : Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges.

[CLOSE] OSVDB ID : 8566 - Disclosed: 1998-05-27

Description:

(Description Provided by CVE) : Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges.

[CLOSE] OSVDB ID : 8757 - Disclosed: 1998-05-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1000 - Disclosed: 1998-05-26

Description:

(Description Provided by CVE) : Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

[CLOSE] OSVDB ID : 83791 - Disclosed: 1998-05-23

Description:

PHP contains a flaw that may allow a remote denial of service. The issue is triggered during the handling of a specially crafted ftp:// URL. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 83790 - Disclosed: 1998-05-23

Description:

PHP is prone to an overflow condition. The Sybase-DB module fails to properly sanitize user-supplied input resulting in an overflow. With a specially crafted numeric data string, a remote attacker can potentially cause a loss of availability or execute arbitrary code.

[CLOSE] OSVDB ID : 11504 - Disclosed: 1998-05-21

Description:

(Description Provided by CVE) : Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

[CLOSE] OSVDB ID : 9769 - Disclosed: 1998-05-18

Description:

(Description Provided by CVE) : Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.

[CLOSE] OSVDB ID : 9984 - Disclosed: 1998-05-16

Description:

(Description Provided by CVE) : Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.

[CLOSE] OSVDB ID : 12961 - Disclosed: 1998-05-16

Description:

The 'man.sh' CGI script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2930 - Disclosed: 1998-05-15

Description:

Many old Award BIOS chips contained default passwords installed by the manufacturer to aid in tech support issues. Mid to late 1990's Award BIOS were often found to have one of the following default/backdoor passwords: "Condo", "AWARD_SW", "j332", and "589589".

[CLOSE] OSVDB ID : 5840 - Disclosed: 1998-05-14

Description:

(Description Provided by CVE) : libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

[CLOSE] OSVDB ID : 6089 - Disclosed: 1998-05-14

Description:

FreeBSD contains a flaw that may allow a malicious user to spoof a connection. The issue is triggered when a TCP CC larger than the one currently in per-host cache is sent to the victim platform. It is possible that the flaw may allow spoofing attacks resulting in a loss of integrity.

[CLOSE] OSVDB ID : 6610 - Disclosed: 1998-05-13

Description:

(Description Provided by CVE) : Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

[CLOSE] OSVDB ID : 6060 - Disclosed: 1998-05-11

Description:

3Com Total Control NETServer Card contains a flaw that may allow a remote attacker to bypass filtering mechanisms. The issue is triggered when a port is set to "set host prompt", which allows an remote attacker to bypass restrictions by providing the hostname twice at the "host:" prompt, and gain unauthorized access to the system.

[CLOSE] OSVDB ID : 4416 - Disclosed: 1998-05-11

Description:

Check Point FireWall-1 contains a flaw that may allow attackers access to resources that were intended to be restricted. The issue is due to a flaw in the firewall keyword mechanism and certain keywords being reserved. When a reserved keyword is used, the firewall rule will default to "ANY" which may allow traffic to a resource that was intended to be blocked.

[CLOSE] OSVDB ID : 44249 - Disclosed: 1998-05-10

Description:

By default, 3Com SuperStack II Switches install with multiple default accounts. The monitor, manager and security accounts each have a password the same as the account name, which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 44251 - Disclosed: 1998-05-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6427 - Disclosed: 1998-05-10

Description:

CVSNT for Debian contains a non-descript flaw related to cvsconfig and the use of tempfile. No further details have been provided.

[CLOSE] OSVDB ID : 7297 - Disclosed: 1998-05-10

Description:

(Description Provided by CVE) : A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.

[CLOSE] OSVDB ID : 44264 - Disclosed: 1998-05-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10609 - Disclosed: 1998-05-09

Description:

(Description Provided by CVE) : Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.

[CLOSE] OSVDB ID : 965 - Disclosed: 1998-05-07

Description:

(Description Provided by CVE) : Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

[CLOSE] OSVDB ID : 44248 - Disclosed: 1998-05-06

Description:

By default, multiple 3Com switches install with a default password. The 'debug' account has a password of 'synnet' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 44250 - Disclosed: 1998-05-05

Description:

By default, multiple 3Com routers install with a default password. The 'tech' account has a password of 'tech' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 36 - Disclosed: 1998-05-04

Description:

(Description Provided by CVE) : Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.

[CLOSE] OSVDB ID : 83127 - Disclosed: 1998-05-02

Description:

By default, multiple Quake products install with a default password that can be used as a backdoor. The issue is triggered by the program allowing an attacker to remotely send commands to the quake console. A remote attacker may be able to bypass authentication via a specially crafted UDP packet with a header containing the rcon command and the "tms" password with a source IP coming from ID software's subnet. When this is exploited, no logs are reported of the rcon command being used and the attacker may compromise an administrators access on any Quake server.

[CLOSE] OSVDB ID : 2951 - Disclosed: 1998-05-02

Description:

Hayes Century MR200 Channelized T-1 and PRI modem racks contain a default password allowing any remote user to successfully log in.

[CLOSE] OSVDB ID : 902 - Disclosed: 1998-05-01

Description:

(Description Provided by CVE) : Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.