CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 4452 | CVE-2002-0058 | Candidate | Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client"s sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | Proposed (20020315) | ACCEPT(5) Cole, Foat, Green, Wall, Ziese | NOOP(1) Christey | Christey> Consider adding BID:4228 | Christey> XF:java-vm-session-hijacking(8351) | URL:http://www.iss.net/security_center/static/8351.php | HP:HPSBUX0203-186 | URL:http://online.securityfocus.com/advisories/3930 | BID:4228 | URL:http://www.securityfocus.com/bid/4228 | | Need to add "HttpURLConnection" to description (commonly used word) | Christey> ADDREF COMPAQ:SSRT0822 | Christey> COMPAQ:SSRT0822 | Christey> SGI:20020807-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20020807-01-I | Christey> BID:4228 | URL:http://www.securityfocus.com/bid/4228 | View |
| 4497 | CVE-2002-0103 | Candidate | An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | Modified (20050706) | ACCEPT(5) Cole, Foat, Green, Wall, Ziese | MODIFY(1) Frech | Frech> XF:oracle-appserver-webcached-privileges(7766) | XF:oracle-appserver-webcache-password(7768) | CHANGE> [Foat changed vote from NOOP to ACCEPT] | View |
| 4450 | CVE-2002-0056 | Candidate | Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | Modified (20061101) | ACCEPT(5) Cole, Foat, Green, Wall, Ziese | MODIFY(1) Christey | Christey> Consider adding BID:4135 | CHANGE> [Christey changed vote from NOOP to MODIFY] | Christey> ADDREF BID:4135 | XF:mssql-oledb-adhoc-bo(8243) | URL:http://www.iss.net/security_center/static/8243.php | Christey> CIAC:M-044 | URL:http://www.ciac.org/ciac/bulletins/m-044.shtml | CERT-VN:VU#619707 | URL:http://www.kb.cert.org/vuls/id/619707 | View |
| 4447 | CVE-2002-0053 | Candidate | Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | Modified (20061101) | ACCEPT(5) Cole, Foat, Green, Wall, Ziese | View | |
| 4115 | CVE-2001-1311 | Candidate | Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | Modified (20071129) | ACCEPT(5) Cole, Foat, Frech, Green, Wall | NOOP(1) Cox | REVIEWING(1) Christey | Christey> Need to decide if regression errors should get their own CVE"s | or not. A regression error was introduced as explained in: | | VULNWATCH:20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression | URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0127.html | | This affects Domino R5.0.7 and earlier, and R6 pre-release/beta | View |
Page 19869 of 20943, showing 5 records out of 104715 total, starting on record 99341, ending on 99345
