CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3315 | CVE-2001-0498 | Candidate | Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension. | Proposed (20010727) | ACCEPT(5) Armstrong, Cole, Prosser, Stracener, Ziese | MODIFY(1) Frech | NOOP(3) Christey, Foat, Wall | Frech> XF:oracle-listener-offsettodata-dos(6713) | CONFIRM:http://otn.oracle.com/deploy/security/pdf/nai_net8_dos.pdf | CVE-2001-0498 possible dupe of CVE-2001-0515, which is already | assigned to oracle-listener-offsettodata-dos(6713) | Prosser> Discover of issue (NAI) indicates that Oracle produced a patch for this issue. Oracle patch site is restricted, but taking NAI"s word as verification. | Christey> Consider adding BID:2940 | View |
| 4471 | CVE-2002-0077 | Candidate | Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | Proposed (20020502) | ACCEPT(5) Armstrong, Cole, Foat, Green, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox | Christey> Consider adding BID:3867 | Christey> According to Microsoft, the fix for this issue also addresses: | BUGTRAQ:20020227 IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496184505815&w=2 | | Need to add this reference (and/or double-check to make sure | this is the right issue) and consider modifying the | description accordingly, though on the surface there | does not appear to be any close relation, since the | GreyMagic bug deals with Data Source (DSO) | for Data Binding with the dataFormatAs attribute set to HTML, then | using innerHTML for script injection. | Frech> XF:ie-codebase-execute-programs(7941) | Christey> Add BID:3867 | View |
| 4548 | CVE-2002-0154 | Candidate | Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | Modified (20061101) | ACCEPT(5) Armstrong, Cole, Foat, Green, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox | Christey> BID:4231 | URL:http://www.securityfocus.com/bid/4231 | XF:mssql-xp-dirtree-bo(8359) | URL:http://www.iss.net/security_center/static/8359.php | | Need to specifically mention xp_dirtree. | Christey> CERT:CA-2002-22 | CERT-VN:VU#627275 | Frech> XF:mssql-multiple-xp-bo(8359) | View |
| 1106 | CVE-1999-1126 | Candidate | Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". | Proposed (20010912) | ACCEPT(5) Armstrong, Cole, Foat, Frech, Stracener | NOOP(1) Wall | REJECT(1) Balinsky | Balinsky> Duplicate of CVE-1999-1042 | View |
| 1335 | CVE-1999-1355 | Candidate | BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges. | Proposed (20010912) | ACCEPT(5) Armstrong, Cole, Foat, Frech, Stracener | NOOP(1) Wall | View |
Page 19880 of 20943, showing 5 records out of 104715 total, starting on record 99396, ending on 99400
