CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3063 | CVE-2001-0242 | Candidate | Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090. | Modified (20050509) | ACCEPT(6) Baker, Cole, Magdych, Wall, Williams, Ziese | MODIFY(1) Frech | NOOP(1) Renaud | Frech> XF:mediaplayer-asx-bo(5574) | View |
| 2011 | CVE-2000-0433 | Candidate | The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles. | Proposed (20000615) | ACCEPT(6) Baker, Cole, Frech, Levy, Ozancin, Stracener | MODIFY(1) Prosser | Prosser> add source: | SecurityFocus | BID1357 | SuSE Linux aaabase User Account with /tmp Home Vulnerability | http://www.securityfocus.com/bid/1357 | CHANGE> [Levy changed vote from REVIEWING to ACCEPT] | View |
| 3482 | CVE-2001-0674 | Candidate | Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request. | Proposed (20010829) | ACCEPT(6) Baker, Cole, Foat, Frech, Stracener, Ziese | NOOP(1) Wall | View | |
| 1777 | CVE-2000-0199 | Candidate | When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | Proposed (20000322) | ACCEPT(6) Baker, Blake, Cole, Levy, Ozancin, Wall | MODIFY(1) Frech | REVIEWING(2) Christey, LeBlanc | LeBlanc> I think this may just be user error - I"d like more information. | Frech> XF:mssql-weak-encryption | ISS:Vulnerability in Microsoft SQL Server 7.0 Encryption Used to Store | Administrative Login ID | URL:http://xforce.iss.net/alerts/advise45.php3 | Christey> According to Scott Culp, this can only be reproduced if the | SQL server is running in an unsafe mode that is not | recommended by Microsoft: "To securely use SQL Server, | Microsoft recommends using Windows Integrated Security. In | Windows Integrated Security mode passwords are never stored, | as your Windows Domain sign-on is used as the security | identifier to the database server." | | We still must consider approving this candidate, however, as a | user configuration error instead of a software flaw. | CD:DESIGN-WEAK-ENCRYPTION applies in this case, so if we | decide to include configuration problems in which a user | intentionally selects weak encryption, then we might still | approve this candidate. | View |
| 493 | CVE-1999-0495 | Candidate | A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. | Proposed (19990728) | ACCEPT(6) Baker, Blake, Cole, Collins, Northcutt, Ozancin | MODIFY(1) Frech | NOOP(4) Armstrong, Bishop, Landfield, Wall | REVIEWING(2) Christey, Levy | Frech> XF:nb-dotdotknown(837) | References would be appreciated. We"ve got no reference for this issue; | confidence rating is consequently low. | Levy> Some refernces: | http://www.securityfocus.com/archive/1/3894 | http://www.securityfocus.com/archive/1/3533 | http://www.securityfocus.com/archive/1/3535 | View |
Page 19855 of 20943, showing 5 records out of 104715 total, starting on record 99271, ending on 99275
