CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
240 | CVE-1999-0241 | Candidate | Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. | Modified (19990925-01) | ACCEPT(3) Hill, Northcutt, Proctor | MODIFY(2) Frech, Prosser | NOOP(1) Baker | REVIEWING(1) Christey | Frech> Also add to references: | XF:sol-mkcookie | Prosser> additional source | Bugtraq | "X11 cookie hijacker" | http://www.securityfocus.com | Christey> The cookie hijacker thread has to do with stealing cookies | through a file with bad permissions. I"m not sure the | X-Force reference identifies this problem either. | Christey> CIAC:G-04 | URL:http://ciac.llnl.gov/ciac/bulletins/g-04.shtml | SGI:19960601-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19960601-01-I | CERT:VB-95:08 | View |
496 | CVE-1999-0498 | Candidate | TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. | Modified (19990925-01) | ACCEPT(3) Blake, Hill, Northcutt | MODIFY(1) Frech | NOOP(1) Baker | REVIEWING(1) Christey | Frech> XF:linux-tftp | Christey> XF:linux-tftp refers to CVE-1999-0183 | View |
553 | CVE-1999-0569 | Candidate | A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. | Modified (19991130-01) | ACCEPT(1) Wall | NOOP(2) Baker, Christey | REJECT(1) Northcutt | Northcutt> I do this intentionally somethings in high content directories | Christey> XF:http-noindex(90) ? | View |
195 | CVE-1999-0195 | Candidate | Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | Modified (19991130-01) | ACCEPT(2) Balinsky, Shostack | MODIFY(1) Frech | NOOP(3) Baker, Northcutt, Wall | REVIEWING(2) Christey, Levy | Frech> XF:rpcbind-spoof | Christey> CVE-1999-0195 = CVE-1999-0461 ? | If this is approved over CVE-1999-0461, make sure it gets | XF:pmap-sset | View |
199 | CVE-1999-0200 | Candidate | Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. | Modified (19991130-01) | ACCEPT(1) Baker | MODIFY(2) Frech, Shostack | NOOP(2) Northcutt, Wall | REJECT(1) Christey | REVIEWING(1) Levy | Shostack> WFTP is not sufficient; is this wu-, ws-, war-, or another? | Frech> Other have mentioned this before, but it may be WU-FTP. | POSSIBLY XF:ftp-exec; does this have to do with the Site Exec allowing root | access without anon FTP or a regular account? | POSSIBLY XF:wu-ftpd-exec;same as above conditions, but instead from a | non-anon FTP account and gain root privs. | Christey> added MSKB reference | CHANGE> [Christey changed vote from REVOTE to REJECT] | Christey> The MSKB article may have confused things even more. There | were reports of problems in a Windows-based FTP server called | WFTP (http://www.wftpd.com/) that is not a Microsft FTP | server. It"s best to just kill this candidate where it | stands and start fresh. | View |
Page 20369 of 20943, showing 5 records out of 104715 total, starting on record 101841, ending on 101845