[CLOSE] OSVDB ID : 9652 - Disclosed: 1998-07-30

Description:

(Description Provided by CVE) : Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

[CLOSE] OSVDB ID : 11064 - Disclosed: 1998-07-30

Description:

(Description Provided by CVE) : Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.

[CLOSE] OSVDB ID : 7863 - Disclosed: 1998-07-29

Description:

(Description Provided by CVE) : Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.

[CLOSE] OSVDB ID : 13512 - Disclosed: 1998-07-29

Description:

(Description Provided by CVE) : dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.

[CLOSE] OSVDB ID : 13516 - Disclosed: 1998-07-29

Description:

(Description Provided by CVE) : Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault.

[CLOSE] OSVDB ID : 56524 - Disclosed: 1998-07-28

Description:

(Description Provided by CVE) : Mutt mail client allows a remote attacker to execute commands via shell metacharacters.

[CLOSE] OSVDB ID : 11087 - Disclosed: 1998-07-28

Description:

(Description Provided by CVE) : Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.

[CLOSE] OSVDB ID : 5708 - Disclosed: 1998-07-27

Description:

A remote overflow exists in several mail user agents (MUAs). The MUAs fail to properly cope with tags that identify an attachment, resulting in a buffer overflow. With a specially crafted e-mail, an attacker can potentially execute arbitrary code resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 9856 - Disclosed: 1998-07-25

Description:

(Description Provided by CVE) : Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.

[CLOSE] OSVDB ID : 3542 - Disclosed: 1998-07-24

Description:

WebScripts WebBBS contains a non-descript flaw in the "delete" function available to users.

[CLOSE] OSVDB ID : 8211 - Disclosed: 1998-07-24

Description:

Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends an invalid very long address, or specific sequences of AUTH and XAUTH commands, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 10246 - Disclosed: 1998-07-24

Description:

Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker connects to the NNTP port and issues a specific sequence of AUTHINFO commands, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 11268 - Disclosed: 1998-07-24

Description:

Microsoft Exchange contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the Internet Mail Service (IMS) not properly sanitizing user-supplied input. By passing overly long data to the AUTH or AUTHINFO commands, an attacker can trigger a buffer overflow and crash the service.

[CLOSE] OSVDB ID : 11157 - Disclosed: 1998-07-23

Description:

(Description Provided by CVE) : FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

[CLOSE] OSVDB ID : 6674 - Disclosed: 1998-07-21

Description:

(Description Provided by CVE) : Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 12966 - Disclosed: 1998-07-21

Description:

(Description Provided by CVE) : Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command.

[CLOSE] OSVDB ID : 6788 - Disclosed: 1998-07-20

Description:

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks ioconfig, which does not use absolute paths in its system calls, into running arbitrary programs. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 936 - Disclosed: 1998-07-20

Description:

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks the disk_bandwidth program into running a malicious binary or a malicious script, due to its failure to use an absolute path in a system function call. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 10867 - Disclosed: 1998-07-20

Description:

(Description Provided by CVE) : NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.

[CLOSE] OSVDB ID : 911 - Disclosed: 1998-07-17

Description:

A remote overflow exists in the University of Washington IMAP server. The IMAP server fails to validate the argument passed to the AUTHENTICATE command resulting in a stack overflow. With a specially crafted request, an attacker can gain remote root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8018 - Disclosed: 1998-07-17

Description:

(Description Provided by CVE) : Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.

[CLOSE] OSVDB ID : 921 - Disclosed: 1998-07-16

Description:

(Description Provided by CVE) : Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

[CLOSE] OSVDB ID : 16644 - Disclosed: 1998-07-15

Description:

Cisco PIX Firewall contains a flaw that may allow a malicious remote user to connect to any port on a system where limited connections are explicitly allowed. The issue is triggered when the "established" command is used along with a normal conduit. The conduit is used to allow inbound traffic to a specific port on a host, for example port 25 on a mail server. The "established" command provides support for multiconnection protocols, where a host makes connection to an external host on one port, and the external host responds with an inbound connection on another port. If the firewall is configured with both a conduit and an "established" command for a host, it would be possible for a remote attacker to make a connection to the allowed port through the conduit, and then make a connection to any other port, bypassing normal firewall restrictions. If an attacker is able to make a connection to an FTP server that supports the PORT command, it is possible that the flaw may allow subsequent connections to any host behind the firewall, resulting in a potential loss of integrity.

[CLOSE] OSVDB ID : 83170 - Disclosed: 1998-07-15

Description:

Verity Search97 contains a flaw that may allow a remote denial of service. This issue is triggered due to the tasmgr service not requiring authorization for administrative commands. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 919 - Disclosed: 1998-07-15

Description:

(Description Provided by CVE) : HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

[CLOSE] OSVDB ID : 998 - Disclosed: 1998-07-15

Description:

(Description Provided by CVE) : Solaris SUNWadmap can be exploited to obtain root access.

[CLOSE] OSVDB ID : 8068 - Disclosed: 1998-07-15

Description:

(Description Provided by CVE) : cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

[CLOSE] OSVDB ID : 83129 - Disclosed: 1998-07-14

Description:

Verity Search97 contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the search97.vts script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'ResultTemplate' parameter. This directory traversal attack would allow the attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 45120 - Disclosed: 1998-07-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 83167 - Disclosed: 1998-07-13

Description:

SCO Open Server is prone to an overflow condition. The POP server fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 13525 - Disclosed: 1998-07-13

Description:

(Description Provided by CVE) : login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.

[CLOSE] OSVDB ID : 57268 - Disclosed: 1998-07-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8015 - Disclosed: 1998-07-11

Description:

(Description Provided by CVE) : (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.

[CLOSE] OSVDB ID : 8016 - Disclosed: 1998-07-11

Description:

(Description Provided by CVE) : (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.

[CLOSE] OSVDB ID : 11965 - Disclosed: 1998-07-11

Description:

(Description Provided by CVE) : KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.

[CLOSE] OSVDB ID : 12219 - Disclosed: 1998-07-10

Description:

(Description Provided by CVE) : Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.

[CLOSE] OSVDB ID : 13526 - Disclosed: 1998-07-08

Description:

(Description Provided by CVE) : Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter.

[CLOSE] OSVDB ID : 6668 - Disclosed: 1998-07-08

Description:

(Description Provided by CVE) : Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

[CLOSE] OSVDB ID : 12953 - Disclosed: 1998-07-08

Description:

(Description Provided by CVE) : Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port.

[CLOSE] OSVDB ID : 918 - Disclosed: 1998-07-07

Description:

(Description Provided by CVE) : ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.