CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 503 | CVE-1999-0506 | Candidate | A Windows NT domain user or administrator account has a default, null, blank, or missing password. | Proposed (19990714) | ACCEPT(4) Baker, Meunier, Northcutt, Shostack | MODIFY(1) Frech | Frech> XF:nt-domain-admin-blankpwd | XF:nt-domain-admin-nopwd | XF:nt-domain-guest-blankpwd | XF:nt-domain-guest-nopwd | XF:nt-domain-user-blankpwd | XF:nt-domain-user-nopwd | XF:win2k-certpub-blnkpwd | XF:win2k-dhcpadm-blnkpwd | XF:win2k-dnsadm-blnkpwd | XF:win2k-entadm-blnkpwd | XF:win2k-schema-blnkpwd | View |
| 504 | CVE-1999-0507 | Candidate | An account on a router, firewall, or other network device has a guessable password. | Proposed (19990714) | ACCEPT(4) Baker, Meunier, Northcutt, Shostack | MODIFY(1) Frech | Frech> XF:firewall-tisopen | XF:firewall-raptoropen | XF:firewall-msopen | XF:firewall-checkpointopen | XF:firewall-ciscoopen | View |
| 1990 | CVE-2000-0412 | Candidate | The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file. | Proposed (20000615) | ACCEPT(4) Baker, Levy, Ozancin, Stracener | MODIFY(1) Frech | NOOP(2) Cole, Prosser | Frech> ADDREF XF:knapster-view-files | View |
| 1738 | CVE-2000-0160 | Candidate | The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software"s manufacturer is Microsoft. | Modified (20000321-01) | ACCEPT(4) Baker, LeBlanc, Levy, Wall | MODIFY(1) Frech | NOOP(1) Cole | REVIEWING(1) Christey | Christey> In a followup to Bugtraq, Juan Carlos Cuartango makes some | clarifications, specifically that the code that is executed | *must* be signed by Microsoft. | | See BUGTRAQ:20000222 MS signed softwrare privileges | | Microsoft sends some followups, including a statement that it | will include notification. | | The question is, does this belong in CVE? There is no known | means of exploitation; on the other hand, it is related | to privacy concerns. Several posts to the Bugtraq list | indicate that some people believe that unprompted installation | is a significant concern. | Frech> XF:win-active-setup | Levy> BID 999 | | I do consider this vulnerability as it allows a malicious web page | to install *old* and *vulnerable* components signed by microsoft. | LeBlanc> Fixed in MS00-042 | Christey> BID:999 | Also add XF:ie-active-setup-download ? | View |
| 346 | CVE-1999-0347 | Candidate | Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. | Modified (20051028) | ACCEPT(4) Baker, LeBlanc, Levy, Northcutt | MODIFY(2) Frech, Prosser | REVIEWING(1) Christey | Prosser> this is a modified Cross-Frame vulnerability that circumvents | the original Cross-Frame Patch. Addressed in MS Bulletin MS99.012 | http://www.microsoft.com/security/bulletins/ms99-012.asp | Christey> Duplicate of CVE-1999-0490? | LeBlanc> If Prosser is correct that this is MS99-012, accept | Christey> BUGTRAQ:19990126 Javascript ecurity bug in Internet Explorer | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91745430007021&w=2 | NTBUGTRAQ:19990128 Javascript %01 bug in Internet Explorer | URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91756771207719&w=2 | BID:197 | URL:http://www.securityfocus.com/bid/197 | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:ie-window-spoof(2069) | View |
Page 19911 of 20943, showing 5 records out of 104715 total, starting on record 99551, ending on 99555
