| OSVDB ID | Disclosure Date | Title |
|---|
|
11264
Description:
(Description Provided by CVE) : Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
|
1999-10-31
|
Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS
|
|
7034
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass idle user screen locking. The issue is triggered when the debugger is launched by either using the programmer's switch or cmd-pwr key combination, from which an attacker can kill the idle screen. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-31
|
Mac OS 9 Idle Lock Debugger Password Bypass
|
|
83804
Description:
Avirt Gateway Suite is prone to an overflow condition. The mail serverfails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted password that contains more than 856 characters, a remote attacker can potentially execute arbitrary code.
|
1999-10-31
|
Avirt Gateway Suite Mail Server Password Handling Remote Overflow
|
|
83803
Description:
Avirt Gateway Suite Mail Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the RCPT TO command. This directory traversal attack would allow the attacker to create an arbitrary directory.
|
1999-10-31
|
Avirt Gateway Suite Mail Server RCPT TO Command Traversal Arbitrary Directory Creation
|
|
57211
Description:
Unknown / Incomplete
|
1999-10-30
|
Xitami Web Server Administrative Port Remote Overflow DoS
|
|
1122
Description:
(Description Provided by CVE) : Buffer overflow in Skyfull mail server via MAIL FROM command.
|
1999-10-29
|
Skyfull Mail Server MAIL FROM Command Remote Overflow
|
|
13555
Description:
(Description Provided by CVE) : Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
|
1999-10-29
|
Netscape Messaging Server RCPT TO Command Saturation DoS
|
|
11100
Description:
(Description Provided by CVE) : Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
|
1999-10-29
|
Netscape Communicator Long Certificate Key Remote Overflow
|
|
13550
Description:
(Description Provided by CVE) : Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
|
1999-10-29
|
Celtech ExpressFS FTP Server Long USER Command Overflow
|
|
1129
Description:
URL Live! contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
|
1999-10-28
|
URL Live! Traversal Arbitrary File Access
|
|
1130
Description:
(Description Provided by CVE) : Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
|
1999-10-27
|
Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow
|
|
8863
Description:
(Description Provided by CVE) : Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.
|
1999-10-27
|
rpc.yppasswdd MD5 Generation Overflow
|
|
11272
Description:
(Description Provided by CVE) : ypserv allows a local user to modify the GECOS and login shells of other users.
|
1999-10-27
|
Multiple Linux ypserv Arbitrary Password Field Modification
|
|
7033
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass the idle user screen locking mechanism. The issue is triggered when the attacker selects "logout" from the password dialog, and a running application prompts for confirmation, which will allow the attacker to click cancel and return to the desktop. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-26
|
Mac OS 9 Idle Lock Password Bypass
|
|
81102
Description:
libmikmod on Unix contains an unspecified flaw related to multiple drivers. No further information is currently available.
|
1999-10-25
|
MikMod libmikmod on Unix Multiple Drivers Unspecified Issue
|
|
1043
Description:
(Description Provided by CVE) : Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
|
1999-10-25
|
hybrid-6 IRC Server m_invite Option Remote Overflow
|
|
1125
Description:
(Description Provided by CVE) : Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
|
1999-10-25
|
Squid Web Proxy Newline Cross-User Authentication Bypass
|
|
1126
Description:
Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.
|
1999-10-25
|
Zeus Technologies Zeus Web Server Arbitrary File Retrieval
|
|
1128
Description:
(Description Provided by CVE) : genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
|
1999-10-25
|
IBM AIX Packet Filtering Module genfilt Port Restriction Bypass
|
|
8186
Description:
Zeus Web Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to MD5 hashed passwords in the default file '/usr/local/zeus/admin/website' as they are base64 encoded, which may lead to a loss of confidentiality.
|
1999-10-25
|
Zeus Technologies Zeus Web Server Weak Encryption
|
|
9666
Description:
(Description Provided by CVE) : IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
|
1999-10-24
|
IBM WebSphere ikeyman Database Password Storage Encryption Weakness
|
|
1127
Description:
Falcon Web Server contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
|
1999-10-24
|
Falcon Web Server Arbitrary File Access
|
|
9782
Description:
Falcon Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the handling of long file name requests, which will reveal the installation path resulting in a loss of confidentiality.
|
1999-10-24
|
Falcon Web Server Long Filename Path Disclosure
|
|
47680
Description:
Unknown / Incomplete
|
1999-10-23
|
FROG Algorithm Weak Key Chosen-plaintext Attack Cryptanalysis Weakness
|
|
47681
Description:
Unknown / Incomplete
|
1999-10-23
|
FROG Algorithm Decryption Function Diffusion Rate Cryptanalysis Weakness
|
|
3380
Description:
OmniHTTPd contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the "imagemap.exe" program (installed by default) not sanitizing input. By passing overly long arguments to the program, the attacker can overflow a strcpy() call and execute remote code.
|
1999-10-22
|
OmniHTTPd imagemap.exe Remote Overflow
|
|
9596
Description:
(Description Provided by CVE) : Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.
|
1999-10-22
|
Linux Kernel TIOCSETD TTY Device Unpriveleged IP Forgery
|
|
22124
Description:
Unknown / Incomplete
|
1999-10-21
|
dopewars ExtractWord() Function Overflow
|
|
1056
Description:
(Description Provided by CVE) : The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
|
1999-10-21
|
Microsoft Java Virtual Machine Sandbox Bypass
|
|
8053
Description:
(Description Provided by CVE) : Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
|
1999-10-21
|
Microsoft Virtual Machine Illegal Cast Operation Command Execution
|
|
1117
Description:
Check Point FireWall-1 was reported to have a flaw that allowed LDAP authenticated users to access more resources than the firewall was intended to allow. The issue is due to the "fw1allowed-dst" rule apparently ignoring the LDAP attribute and granting access to "any" instead. Check Point has responded that this is the desired behavior and working as intended.
|
1999-10-20
|
Check Point FireWall-1 LDAP fw1allowed-dst Access
|
|
1121
Description:
Symantec Raptor Firewall contains a flaw that may allow a remote denial of service. The issue is triggered when the firewall tries to parse a "benign" option (such as the Timestamp or Security options) and does not check to see if it is of zero length. If encountered, the firewall will fall into an infinite loop and lock up.
|
1999-10-20
|
Symantec Raptor Firewall Zero Length IP DoS
|
|
14790
Description:
(Description Provided by CVE) : Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
|
1999-10-20
|
WU-FTPD Message File Macro Expansion Remote Overflow
|
|
45191
Description:
Unknown / Incomplete
|
1999-10-20
|
DEAL Algorithm Key Schedule Related-key Cryptanalysis Weakness
|
|
10736
Description:
(Description Provided by CVE) : Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
|
1999-10-20
|
Microsoft Excel SYLK Macro Arbitrary Command Execution
|
|
11273
Description:
(Description Provided by CVE) : Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
|
1999-10-20
|
Red Hat Linux screen Unix98 ptys Configuration Arbitrary Terminal Write
|
|
34743
Description:
Unknown / Incomplete
|
1999-10-19
|
WU-FTPD ftpshut Local Overflow
|
|
249
Description:
(Description Provided by CVE) : Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.
|
1999-10-19
|
WU-FTPD SITE NEWER Command Memory Exhaustion DoS
|
|
1175
Description:
(Description Provided by CVE) : Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
|
1999-10-18
|
Netscape Communicator prefs.js Handling Local Overflow
|
|
4688
Description:
Network Associates, Inc. (NAI) Gauntlet Firewall for BSDI Unix contains a flaw that may allow an attacker to bypass Access Control Lists (ACL). The issue occurs when a specific sequence of BSDI and Gauntlet related software is installed. This specific sequence causes the Firewall not to properly block traffic, allowing remote attackers to bypass any ACLs currently set up. Additionally, no activity will appear in the /var/log/messages log file to indicate a problem.
|
1999-10-18
|
NAI Gauntlet Firewall BSDI Patch Installation Remote ACL Bypass
|
