[CLOSE] OSVDB ID : 39 - Disclosed: 1999-07-31

Description:

By default, the Cisco 675 router installs with no password. This allows attackers to trivially access the system via telnet.

[CLOSE] OSVDB ID : 1029 - Disclosed: 1999-07-30

Description:

Gauntlet Firewall contains a flaw that may allow a remote attacker to crash the firewall. The issue is due to a flaw in the packet filter when it receives a ICMP Parameter Problem packets. If an attacker sends a specially crafted packet with such an option to a machine behind the firewall, Gauntlet will crash.

[CLOSE] OSVDB ID : 11864 - Disclosed: 1999-07-30

Description:

(Description Provided by CVE) : Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

[CLOSE] OSVDB ID : 83461 - Disclosed: 1999-07-30

Description:

ELS Screen to Screen contains a flaw that may lead to an unauthorized information disclosure. This issue is triggered due to password information being stored in the "Authorization" file. The encoded system protecting this file is considered weak and is able to be decoded. This issues may allow a local attacker to gain access to password information.

[CLOSE] OSVDB ID : 83445 - Disclosed: 1999-07-30

Description:

Autothenticate contains a flaw that may lead to an unauthorized information disclosure. This issue is triggered when encoded site credentials are stored in the "AutothenticatePreferences" file located in the preferences folder. The encoding system used to protect this file is considered weak and is susceptible to being decoded, which may allow a local attacker to gain access to website login credentials.

[CLOSE] OSVDB ID : 4485 - Disclosed: 1999-07-30

Description:

(Description Provided by CVE) : Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.

[CLOSE] OSVDB ID : 7406 - Disclosed: 1999-07-30

Description:

(Description Provided by CVE) : OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

[CLOSE] OSVDB ID : 11066 - Disclosed: 1999-07-30

Description:

(Description Provided by CVE) : DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.

[CLOSE] OSVDB ID : 11447 - Disclosed: 1999-07-30

Description:

(Description Provided by CVE) : The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

[CLOSE] OSVDB ID : 13557 - Disclosed: 1999-07-30

Description:

Salesbuilder contains a flaw related to the to the .sbstart script that may allow an attacker to escalate privileges on the affected host. When installed the script is world-writeable and, if installed by root, will allow execution of commands at that privilege level.

[CLOSE] OSVDB ID : 83460 - Disclosed: 1999-07-29

Description:

ELS Screen to Screen contains a flaw that may lead to an unauthorized information disclosure. This issue is triggered due to password information being stored in the "Authorization" file. When the file is deleted the username is reset to "Administrator" and the password is reset to "admin." This issues may allow a local attacker to bypass authentication.

[CLOSE] OSVDB ID : 1027 - Disclosed: 1999-07-29

Description:

Check Point VPN-1/FireWall-1 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends an abundance of ACK packets to a non-existant machine which fills the connection table, and will result in loss of availability for the firewall.

[CLOSE] OSVDB ID : 7405 - Disclosed: 1999-07-29

Description:

(Description Provided by CVE) : Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

[CLOSE] OSVDB ID : 83459 - Disclosed: 1999-07-29

Description:

On Guard for MacOS contains a flaw in the emergency password feature, which may allow an attacker to generate an emergency code and gain access to password information without placing a call to the vendor (Power on Software). This will allow the attacker to bypass authentication.

[CLOSE] OSVDB ID : 1028 - Disclosed: 1999-07-29

Description:

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

[CLOSE] OSVDB ID : 1052 - Disclosed: 1999-07-29

Description:

(Description Provided by CVE) : The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

[CLOSE] OSVDB ID : 10356 - Disclosed: 1999-07-29

Description:

(Description Provided by CVE) : WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.

[CLOSE] OSVDB ID : 11369 - Disclosed: 1999-07-29

Description:

(Description Provided by CVE) : SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control.

[CLOSE] OSVDB ID : 11370 - Disclosed: 1999-07-29

Description:

(Description Provided by CVE) : SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control.

[CLOSE] OSVDB ID : 83458 - Disclosed: 1999-07-28

Description:

Internet Config for MacOS contains a flaw related to the preferences file in the preferences folder. The issue is triggered by the encryption used to protect the preferences file being weak and easily broken. This may allow an attacker to more easily gain access to password information.

[CLOSE] OSVDB ID : 83792 - Disclosed: 1999-07-28

Description:

PHP contains a flaw that may allow a remote denial of service. The issue is triggered when the fopen wrappers process a specially crafted URL. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 8659 - Disclosed: 1999-07-28

Description:

(Description Provided by CVE) : rpc.admind in Solaris is not running in a secure mode.

[CLOSE] OSVDB ID : 9345 - Disclosed: 1999-07-28

Description:

(Description Provided by CVE) : A system does not present an appropriate legal message or warning to a user who is accessing it.

[CLOSE] OSVDB ID : 9840 - Disclosed: 1999-07-28

Description:

(Description Provided by CVE) : Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.

[CLOSE] OSVDB ID : 6104 - Disclosed: 1999-07-27

Description:

(Description Provided by CVE) : IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.

[CLOSE] OSVDB ID : 83457 - Disclosed: 1999-07-26

Description:

GNU groff contains a flaw that is triggered when a user opens a man page containing macros. These macros will be run under the UID of the user opening the page. This may allow an attacker to compromise a user's account (or the system if root is targeted) by executing arbitrary commands.

[CLOSE] OSVDB ID : 10389 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

[CLOSE] OSVDB ID : 10390 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

[CLOSE] OSVDB ID : 10391 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

[CLOSE] OSVDB ID : 14465 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.

[CLOSE] OSVDB ID : 14467 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.

[CLOSE] OSVDB ID : 14470 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

[CLOSE] OSVDB ID : 14473 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

[CLOSE] OSVDB ID : 14474 - Disclosed: 1999-07-26

Description:

(Description Provided by CVE) : A network intrusion detection system (IDS) does not verify the checksum on a packet.

[CLOSE] OSVDB ID : 28 - Disclosed: 1999-07-23

Description:

This host is running the Squid Proxy server 'cachemanager' CGI. The cache manager CGI program, by default, contains no restricts or access permissions. With a malformed request, an intruder can use this script to launch port scans from the server.

[CLOSE] OSVDB ID : 8859 - Disclosed: 1999-07-23

Description:

(Description Provided by CVE) : Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

[CLOSE] OSVDB ID : 8860 - Disclosed: 1999-07-23

Description:

(Description Provided by CVE) : Denial of service in Samba NETBIOS name service daemon (nmbd).

[CLOSE] OSVDB ID : 68 - Disclosed: 1999-07-22

Description:

This server is running Microsoft FrontPage extensions. FrontPage extensions allow anyone to download the .pwd files, which contain the encrypted passwords for FrontPage authors and Administrators. An attacker could easily decrypt these passwords and possible post or overwrite information on the target web server.

[CLOSE] OSVDB ID : 11065 - Disclosed: 1999-07-22

Description:

(Description Provided by CVE) : Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

[CLOSE] OSVDB ID : 1025 - Disclosed: 1999-07-21

Description:

(Description Provided by CVE) : Buffer overflow in Samba smbd program via a malformed message command.