CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5070 | CVE-2002-0680 | Candidate | Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. | Proposed (20020726) | ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(5) Armstrong, Cole, Cox, Foat, Wall | Frech> XF:goahead-directory-traversal(6046) | View |
| 3049 | CVE-2001-0228 | Candidate | Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. | Proposed (20010309) | MODIFY(1) Frech | NOOP(2) Lawler, Ziese | Frech> XF:goahead-directory-traversal(6046) | View |
| 3203 | CVE-2001-0385 | Candidate | GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | Modified (20060818) | ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(2) Wall, Ziese | REVIEWING(1) Williams | Frech> XF:goahead-aux-dos(6400) | View |
| 3808 | CVE-2001-1004 | Candidate | Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | Proposed (20020131) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | Frech> XF:gnut-embedded-code-execution(7071) | View |
| 1729 | CVE-2000-0151 | Candidate | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | Proposed (20000216) | ACCEPT(3) Bishop, Blake, Levy | MODIFY(1) Frech | NOOP(3) Baker, Cole, LeBlanc | REJECT(1) Christey | Frech> XF:gnu-makefile-tmp-root | (We have made assignment to two CANs. Requesting confirmation that this is | not a duplicate of CVE-2000-0092: The BSD make program allows local users to | modify files via a symlink attack when the -j option is being used.) | Christey> To confirm Andre"s question, this is being treated as | different from CVE-2000-0092, based largely on the fact | that the exploit is different. I believe there was | another reason for keeping these distinct, but that | "deeper analysis" was not recorded :-( While it"s possible | that this is the same bug from some common version of make, | in the absence of other information we should probably | keep these two split. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> Taking a fresh look at the diff"s for FreeBSD make: | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc | And Debian make: | http://security.debian.org/dists/slink/updates/source/make_3.77-5slink.diff.gz | | OK... now that I"ve hurt my brain looking at the code, while | there are major differences in the surrounding code, | ultimately both FreeBSD and Debian create an "outfile" file | descriptor for the temporary file, within main() in main.c. | In addition, child_execute_job() in job.c uses an outfile | variable - for both sources. | | Perhaps FreeBSD reported the -j problem without seeing that it | could come in from stdin as well, and/or Debian/etc. didn"t realize | that it was exploitable from job control, or maybe a combination of | the two. Regardless, the two problems are the same. | | Phew! There goes a half-hour of my life that I"ll never be | able to get back... | View |
Page 171 of 20943, showing 5 records out of 104715 total, starting on record 851, ending on 855
