CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3150 | CVE-2001-0329 | Candidate | Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | Modified (20011130) | ACCEPT(4) Baker, Cole, Renaud, Williams | MODIFY(1) Frech | NOOP(2) Wall, Ziese | RECAST(1) Christey | Christey> CONFIRM:http://www.mozilla.org/projects/bugzilla/security2_12.html | Frech> XF:bugzilla-email-shell-characters(6488) | CHANGE> [Christey changed vote from NOOP to RECAST] | Christey> This needs to be MERGED with CVE-2000-0421. | CVE-2000-0421 documents a problem in the "who" parameter of | the process_bug.cgi program. This is a duplicate of one of the | problems being identified by CVE-2001-0329. The other problem | in CVE-2001-0329, the Bugzilla_login cookie, is fixed in | the same version as the who problem is. CD:SF-EXEC | suggests merging multiple executables in the same package | that have the same problem that is present in the same version. | Both the "who" and "Bugzilla_login" problems were fixed in | version 2.12. Therefore CVE-2000-0421 and CVE-2001-0329 | need to be MERGED. | | CHANGEREF BID:1199 | View |
| 982 | CVE-1999-1002 | Candidate | Netscape Navigator uses weak encryption for storing a user"s Netscape mail password. | Modified (20030619-01) | ACCEPT(4) Baker, Cole, Stracener, Wall | MODIFY(1) Frech | NOOP(1) Christey | Frech> XF:netscape-mail-encryption(3921) | Christey> CHANGEREF make the RCA URL a "MISC" reference | View |
| 2869 | CVE-2001-0048 | Candidate | The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | Proposed (20010202) | ACCEPT(4) Baker, Cole, Wall, Ziese | MODIFY(1) Frech | Frech> XF:win2k-directory-service-restore-password(5936) | View |
| 3153 | CVE-2001-0332 | Candidate | Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. | Proposed (20010524) | ACCEPT(4) Baker, Cole, Wall, Ziese | MODIFY(1) Frech | NOOP(1) Renaud | RECAST(1) Williams | REJECT(1) Magdych | REVIEWING(1) Christey | Magdych> Duplicate of CVE-0246 | Christey> While it may look like CVE-2001-0332 is a duplicate of | CVE-2001-0246, Microsoft specifically identifies two separate | variants of the same problem in its advisory, namely 0332 and | 0246. However, CD:SF-LOC currently suggests merging problems | of the same type that appear and are fixed in the same | software versions, and thus these 2 candidates *might* | in fact be duplicates - relative to CD:SF-LOC. Microsoft | needs to be consulted on this. | Williams> merge with CVE-0246 | Frech> XF:ie-frame-verification-read-files(6086) | XF:ie-frame-verification-variant(6748) | CVE-2001-0092 is also assigned to the | ie-frame-verification-files(6086), but shouldn"t be considered a | duplicate. | View |
| 3269 | CVE-2001-0452 | Candidate | BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command. | Proposed (20010524) | ACCEPT(4) Baker, Cole, Williams, Ziese | MODIFY(1) Frech | NOOP(1) Wall | Frech> XF:webweaver-ftp-path-disclosure(6477) | View |
Page 1030 of 20943, showing 5 records out of 104715 total, starting on record 5146, ending on 5150
