CVE List

Id CVE No. Status Description Phase Votes Comments Actions
240  CVE-1999-0241  Candidate  Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.  Modified (19990925-01)  ACCEPT(3) Hill, Northcutt, Proctor | MODIFY(2) Frech, Prosser | NOOP(1) Baker | REVIEWING(1) Christey  Frech> Also add to references: | XF:sol-mkcookie | Prosser> additional source | Bugtraq | "X11 cookie hijacker" | http://www.securityfocus.com | Christey> The cookie hijacker thread has to do with stealing cookies | through a file with bad permissions. I"m not sure the | X-Force reference identifies this problem either. | Christey> CIAC:G-04 | URL:http://ciac.llnl.gov/ciac/bulletins/g-04.shtml | SGI:19960601-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19960601-01-I | CERT:VB-95:08  View
496  CVE-1999-0498  Candidate  TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.  Modified (19990925-01)  ACCEPT(3) Blake, Hill, Northcutt | MODIFY(1) Frech | NOOP(1) Baker | REVIEWING(1) Christey  Frech> XF:linux-tftp | Christey> XF:linux-tftp refers to CVE-1999-0183  View
553  CVE-1999-0569  Candidate  A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.  Modified (19991130-01)  ACCEPT(1) Wall | NOOP(2) Baker, Christey | REJECT(1) Northcutt  Northcutt> I do this intentionally somethings in high content directories | Christey> XF:http-noindex(90) ?  View
195  CVE-1999-0195  Candidate  Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.  Modified (19991130-01)  ACCEPT(2) Balinsky, Shostack | MODIFY(1) Frech | NOOP(3) Baker, Northcutt, Wall | REVIEWING(2) Christey, Levy  Frech> XF:rpcbind-spoof | Christey> CVE-1999-0195 = CVE-1999-0461 ? | If this is approved over CVE-1999-0461, make sure it gets | XF:pmap-sset  View
199  CVE-1999-0200  Candidate  Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.  Modified (19991130-01)  ACCEPT(1) Baker | MODIFY(2) Frech, Shostack | NOOP(2) Northcutt, Wall | REJECT(1) Christey | REVIEWING(1) Levy  Shostack> WFTP is not sufficient; is this wu-, ws-, war-, or another? | Frech> Other have mentioned this before, but it may be WU-FTP. | POSSIBLY XF:ftp-exec; does this have to do with the Site Exec allowing root | access without anon FTP or a regular account? | POSSIBLY XF:wu-ftpd-exec;same as above conditions, but instead from a | non-anon FTP account and gain root privs. | Christey> added MSKB reference | CHANGE> [Christey changed vote from REVOTE to REJECT] | Christey> The MSKB article may have confused things even more. There | were reports of problems in a Windows-based FTP server called | WFTP (http://www.wftpd.com/) that is not a Microsft FTP | server. It"s best to just kill this candidate where it | stands and start fresh.  View

Page 20369 of 20943, showing 5 records out of 104715 total, starting on record 101841, ending on 101845

Actions