CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 4021 | CVE-2001-1217 | Candidate | Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | Proposed (20020315) | ACCEPT(6) Cole, Foat, Frech, Green, Wall, Ziese | NOOP(1) Christey | Christey> CERT:CA-2002-08 | View |
| 212 | CVE-1999-0213 | Candidate | libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. | Modified (20001009-01) | ACCEPT(6) Blake, Cole, Dik, Hill, Landfield, Ozancin | MODIFY(3) Baker, Frech, Levy | NOOP(4) Armstrong, Bishop, Meunier, Wall | REVIEWING(1) Christey | Frech> XF:sun-libnsl | Dik> Sun bug #4305859 | Baker> http://xforce.iss.net/static/1204.php Misc Defensive Info | http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172&type=0&nav=sec.sba Vendor Info | http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/A1050E354364BF498525680F0077E414/$file/ERS-OAR-E01-1998_074_1.txt Vendor Info | http://www.securityfocus.com/archive/1/9749 Misc Defensive Info | Christey> I don"t think this is the bug that everyone thinks it is. | This candidate came from CyberCop Scanner 2.4/2.5, which | only reports this as a DoS problem. If SUN:00172 is an | advisory for this, then it may be a duplicate of | CVE-1999-0055. There appears to be overlap with other | references as well. HOWEVER, this particular one deals with a | DoS in rpcbind - which isn"t mentioned in the sources for | CVE-1999-0055. | Levy> BID 148 | View |
| 359 | CVE-1999-0360 | Candidate | MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | Modified (20000530-01) | ACCEPT(6) Blake, Cole, Collins, Landfield, Northcutt, Wall | MODIFY(3) Baker, Frech, LeBlanc | NOOP(4) Armstrong, Christey, Ozancin, Prosser | Christey> I can"t find the original Bugtraq posting (it appears that | mnemonix discovered the problem). | LeBlanc> - if there was a fix or a KB article, I"d ACCEPT. A vuln based on a | BUGTRAQ posting we can"t find could be anything. | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/12218 Misc Defensive InfoVulnerability Reference (HTML) Reference Type | THis is the URL for the Bugtraq posting. It was cross posted to | NT Bugtraq as well, but identical text. It was Mnemonix... | Christey> BID:1811 | URL:http://www.securityfocus.com/bid/1811 | Christey> CHANGEREF BUGTRAQ add "Server 2." to the subject. | Also standardize NTBUGTRAQ reference title. | Christey> Add "uploadn.asp" to the description. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:siteserver-user-dir-permissions(5384) | View |
| 1962 | CVE-2000-0384 | Candidate | NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure"s MAC address, which could allow remote attackers to gain root access. | Proposed (20000615) | ACCEPT(6) Baker, Frech, Levy, Ozancin, Prosser, Stracener | NOOP(1) Cole | View | |
| 3158 | CVE-2001-0337 | Candidate | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. | Proposed (20010524) | ACCEPT(6) Baker, Cole, Renaud, Wall, Williams, Ziese | MODIFY(1) Frech | REVIEWING(1) Christey | Frech> XF:iis-webdav-lock-dos(6549) | Christey> ADDREF? BID:2736 | URL:http://www.securityfocus.com/bid/2736 | ADDREF? BUGTRAQ:20010517 def-2001-26: IIS WebDav Lock Method Memory Leak DoS | URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0170.html | CHANGE> [Christey changed vote from NOOP to REVIEWING] | View |
Page 19854 of 20943, showing 5 records out of 104715 total, starting on record 99266, ending on 99270
