CVE List

Id CVE No. Status Description Phase Votes Comments Actions
3816  CVE-2001-1012  Candidate  Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.  Modified (20020817-01)  ACCEPT(2) Frech, Green | NOOP(4) Christey, Cole, Foat, Wall  Christey> Typo: "toa"  View
5118  CVE-2002-0728  Candidate  Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.  Modified (20020817-01)  ACCEPT(4) Armstrong, Baker, Cole, Cox | MODIFY(1) Frech | NOOP(3) Christey, Foat, Wall  Christey> CONECTIVA:CLA-2002:512 | Christey> DEBIAN:DSA-140 | Add libpng2, libpng3 | Christey> REDHAT:RHSA-2002:152 (per Mark Cox) | Christey> Change desc: these are versions *before* 1.2.4, and *before* 1.0.14. | REDHAT:RHSA-2002:151 | Christey> XF:libpng-datastream-bo(9744) | URL:http://www.iss.net/security_center/static/9744.php | BID:5059 | URL:http://www.securityfocus.com/bid/5059 | Christey> CALDERA:CSSA-2002-042.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt | Frech> XF:libpng-progressive-reader-bo(9744) | Christey> CALDERA:CSSA-2002-042.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt  View
905  CVE-1999-0925  Candidate  UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers.  Modified (20020829-01)  ACCEPT(2) Baker, Stracener | MODIFY(1) Frech | NOOP(1) Christey | REVIEWING(1) Levy  Frech> XF:unitymail-web-dos(1630) | Christey> BID:1760 | URL:http://www.securityfocus.com/bid/1760 | Christey> Affected version is 2.0 | Change date of Bugtraq post - it was 1998.  View
4493  CVE-2002-0099  Candidate  Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters.  Modified (20020911-01)  ACCEPT(2) Frech, Green | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Christey  Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with | CVE-2000-0641? All describe slightly different overflows | that, perhaps, should be merged according to CD:SF-LOC. | It depends on which versions are affected, which would require | some vendor acknowledgement or consultation. | | A vague changelog for version 3.1 at | http://sourceforge.net/project/shownotes.php?release_id=75333 says | "security fixes" but it"s not clear *which* security fixes | were made. | | The description for CVE-2000-0641 is slightly incorrect. The | exploit is clearly due to a large number of headers, not | arguments to the GET request itself. So, CVE-2000-0641 | clearly overlaps with CVE-2001-0433. | | The exploit for CVE-2001-0433 also doesn"t really have | anything to do with a "cgi-test.pl" program (which isn"t in | the distribution). The discloser simply used that as an | example program of a long request. | Christey> Modify description so that overflow is described as being | part of the CGI module (so it appears). | | Also, Tamer Sahin confirmed via email (9/11/02) that the | problem was explicitly exhibited using a large number of | . (dot) characters.  View
5113  CVE-2002-0723  Candidate  Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."  Modified (20030324-01)  ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox  Christey> Need to verify with Microsoft that this is: | BUGTRAQ:20020710 IE allows universal Cross Domain Scripting (TL#003) | URL:http://www.securityfocus.com/archive/1/281367 | MISC:http://www.PivX.com/larholm/adv/TL003/ | BUGTRAQ:20020710 Exploit: TL003/Dot Bug = Reading Non-Parsable Files | URL:http://www.securityfocus.com/archive/1/281660 | Frech> XF:ie-object-scripting(9537)  View

Page 20398 of 20943, showing 5 records out of 104715 total, starting on record 101986, ending on 101990

Actions