| OSVDB ID | Disclosure Date | Title |
|---|
|
1150
Description:
A local overflow exists in xmindpath, a FreeBSD port. It fails to check bounds when the "-f" argument is passed, resulting in a local buffer overflow. With a specially crafted request, an attacker can execute arbitrary shellcode with the privileges of suid uucp resulting in a loss of integrity.
|
1999-11-30
|
FreeBSD xmindpath Local Overflow
|
|
1151
Description:
A local overflow exists in angband, a FreeBSD port. This game fails to check bounds when command line arguments "-u" and "-d" are passed, resulting in a buffer overflow. With a specially crafted request, an attacker can obtain the privileges of setgid games resulting in a loss of integrity.
|
1999-11-30
|
FreeBSD angband Local Overflow
|
|
1783
Description:
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
|
1999-11-30
|
Solaris kcms_configure NETPATH Environment Variable Handling Local Overflow
|
|
5999
Description:
A local overflow exists in FreeBSD. The gdc fails to check boundaries resulting in a buffer overflow. With a specially crafted request, in which the -t flag (time) in a gdc argument exceeds its predefined buffer length, an attacker who is in the wheel group can execute arbitrary code resulting in a loss of integrity.
|
1999-11-30
|
FreeBSD gdc Local Overflow
|
|
6000
Description:
FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user creates a symbolic link which is traversed by gdc when writing its debug ouput to a file, typically and inappropriately redirected to "/var/tmp/gated_dump" or "/var/tmp/gdb_dump". This flaw can be used to overwrite any file on the victim system as gdc runs setuid root and may consequently lead to a loss of integrity.
|
1999-11-30
|
FreeBSD gdc Symlink Arbitrary File Modification
|
|
6001
Description:
(Description Provided by CVE) : FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
|
1999-11-30
|
FreeBSD seyon -emulator Argument Arbitrary Program Execution Local Privilege Escalation
|
|
6992
Description:
A remote overflow exists in Qpopper. The Qpopper fails to check the boundary in "pop_msg.c" function, resulting in a buffer overflow. With a specially crafted request, a remote attacker can overflow a buffer and gain root privileges on the system, resulting in a loss of confidentiality and integrity.
|
1999-11-30
|
Qpopper pop_msg.c AUTH Overflow
|
|
1147
Description:
(Description Provided by CVE) : A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
|
1999-11-30
|
NT Subst.exe Arbitrary Folder Modification
|
|
8853
Description:
(Description Provided by CVE) : Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
|
1999-11-30
|
Ultimate Bulletin Board CGI Directory Password Disclosure
|
|
10830
Description:
(Description Provided by CVE) : The default permissions for Endymion MailMan allow local users to read email or modify files.
|
1999-11-30
|
Endymion MailMan Permission Weakness Local Arbitrary File Modification
|
|
130
Description:
The Microsoft NTMail 4 and 5 SMTP server allows anyone to use it as a mail relay, provided that the source address is set to '<>'. This could allow an intruder to use this host to send unsolicited emails.
|
1999-11-29
|
Gordano NTMail Crafted Source Address Arbitrary Mail Relay
|
|
1144
Description:
Symantec Mail-Gear contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the "Display" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "what" variable.
|
1999-11-29
|
Symantec Mail-Gear Traversal Arbitrary File Access
|
|
9762
Description:
(Description Provided by CVE) : Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
|
1999-11-29
|
Solaris CDE mailtool MIME Content-Type Handling Overflow
|
|
58090
Description:
NTMail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by a failure to disable the VRFY command even if an administrator has explicitly done so, which will disclose user information resulting in a loss of confidentiality.
|
1999-11-29
|
Gordano NTMail Persistent VRFY Functionality Remote Information Disclosure
|
|
109
Description:
(Description Provided by CVE) : Denial of service in MDaemon 2.7 via a large number of connection attempts.
|
1999-11-29
|
MDaemon Connection Saturation Remote DoS
|
|
1145
Description:
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
|
1999-11-29
|
Microsoft IE Offline Browsing Pack Task Scheduler
|
|
1146
Description:
(Description Provided by CVE) : A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
|
1999-11-29
|
Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
|
|
6708
Description:
(Description Provided by CVE) : Buffer overflow in free internet chess server (FICS) program, xboard.
|
1999-11-29
|
Free Internet Chess Server xboard Overflow
|
|
7676
Description:
(Description Provided by CVE) : HP Secure Web Console uses weak encryption.
|
1999-11-29
|
HP Secure Web Console Weak Encryption Issue
|
|
9763
Description:
(Description Provided by CVE) : Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
|
1999-11-29
|
Solaris CDE dtmail -f Parameter Local Overflow
|
|
9764
Description:
(Description Provided by CVE) : Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
|
1999-11-29
|
Solaris CDE dtmailpr -f Parameter Local Overflow
|
|
8336
Description:
A local overflow exists in SCO UnixWare. UnixWare fails to check the boundary of arguments supplied to the "Xsco" command, resulting in a buffer overflow. By passing an overly long argument (argv[1]) to Xsco, an local attacker can cause a buffer overflow and gain superuser privileges, resulting in a loss of integrity.
|
1999-11-26
|
SCO UnixWare /usr/bin/X11/Xsco Command Overflow
|
|
8789
Description:
(Description Provided by CVE) : Buffer overflow in SCO su program allows local users to gain root access via a long username.
|
1999-11-25
|
SCO UNIX /bin/su Username Variable Local Overflow
|
|
7298
Description:
(Description Provided by CVE) : The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
|
1999-11-25
|
Motorola CableRouter Unauthorized Remote Administration
|
|
9416
Description:
(Description Provided by CVE) : Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
|
1999-11-25
|
Oracle Web Listener Hex Encoded URL Authentication Bypass
|
|
83861
Description:
SCO UnixWare is prone to an overflow condition. This issue is triggered when xlock fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted username, a local attacker can potentially execute arbitrary code.
|
1999-11-25
|
SCO UnixWare xlock Username Handling Local Overflow
|
|
12034
Description:
(Description Provided by CVE) : Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
|
1999-11-24
|
MDaemon WebConfig HTTP Server URL Overflow Remote DoS
|
|
12035
Description:
(Description Provided by CVE) : Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
|
1999-11-24
|
MDaemon WorldClient HTTP Server URL Overflow Remote DoS
|
|
7941
Description:
Unknown / Incomplete
|
1999-11-24
|
Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
|
|
1353
Description:
(Description Provided by CVE) : Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
|
1999-11-24
|
INN Crafted Article Handling Remote Overflow
|
|
10060
Description:
(Description Provided by CVE) : Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.
|
1999-11-24
|
Cabletron SmartSwitch Router 8000 ARP Request Saturation DoS
|
|
12969
Description:
(Description Provided by CVE) : Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
|
1999-11-24
|
Netscape Navigator / Communicator Multiple File Type ? Request Overflow
|
|
115
Description:
(Description Provided by CVE) : Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.
|
1999-11-23
|
Sun NetBeans Java IDE HTTP Server IP Restriction Bypass Arbitrary File/Directory Access
|
|
11060
Description:
(Description Provided by CVE) : Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.
|
1999-11-23
|
HP Series 800 S/X/V Class Server SSP Testation Class Console Access
|
|
9834
Description:
A remote overflow exists in Vermillion FTPD. The daemon fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long CWD command containing 504 or more characters three times in a row, a remote attacker can cause the daemon to crash resulting in a loss of availability for the service.
|
1999-11-22
|
Vermillion FTPD Long CWD Commands DoS
|
|
83860
Description:
Microsoft Internet Explorer contains a flaw that is triggered during the handling of specially crafted data element within an XML request. This may allow a remote attacker to gain access to arbitrary files.
|
1999-11-22
|
Microsoft IE XML Data Handling Arbitrary File Access
|
|
83859
Description:
Solaris is prone to an overflow condition. This issue is triggered when rpc.ttdbserver fails to properly sanitize user-supplied input resulting in a buffer overflow. When handling a function 15 request, a remote attacker can potentially cause a loss of availability.
|
1999-11-20
|
Solaris rpc.ttdbserver Function 15 Handling Overflow Remote DoS
|
|
113
Description:
The Tektronix PhaserLink Printer 930 and earlier web interface allows unauthenticated users to obtain administrator access by accessing restricted URLs directly. An attacker can use this interface to reconfigure the printer or cause a denial of service condition.
|
1999-11-19
|
Tektronix PhaserLink Printer Web Server Direct Request Administrator Access
|
|
10173
Description:
(Description Provided by CVE) : ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
|
1999-11-19
|
ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
|
|
1141
Description:
(Description Provided by CVE) : Denial of service in Linux syslogd via a large number of connections.
|
1999-11-18
|
Linux syslogd Connection Saturation DoS
|
