CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
3816 | CVE-2001-1012 | Candidate | Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. | Modified (20020817-01) | ACCEPT(2) Frech, Green | NOOP(4) Christey, Cole, Foat, Wall | Christey> Typo: "toa" | View |
5118 | CVE-2002-0728 | Candidate | Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. | Modified (20020817-01) | ACCEPT(4) Armstrong, Baker, Cole, Cox | MODIFY(1) Frech | NOOP(3) Christey, Foat, Wall | Christey> CONECTIVA:CLA-2002:512 | Christey> DEBIAN:DSA-140 | Add libpng2, libpng3 | Christey> REDHAT:RHSA-2002:152 (per Mark Cox) | Christey> Change desc: these are versions *before* 1.2.4, and *before* 1.0.14. | REDHAT:RHSA-2002:151 | Christey> XF:libpng-datastream-bo(9744) | URL:http://www.iss.net/security_center/static/9744.php | BID:5059 | URL:http://www.securityfocus.com/bid/5059 | Christey> CALDERA:CSSA-2002-042.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt | Frech> XF:libpng-progressive-reader-bo(9744) | Christey> CALDERA:CSSA-2002-042.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-042.0.txt | View |
905 | CVE-1999-0925 | Candidate | UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. | Modified (20020829-01) | ACCEPT(2) Baker, Stracener | MODIFY(1) Frech | NOOP(1) Christey | REVIEWING(1) Levy | Frech> XF:unitymail-web-dos(1630) | Christey> BID:1760 | URL:http://www.securityfocus.com/bid/1760 | Christey> Affected version is 2.0 | Change date of Bugtraq post - it was 1998. | View |
4493 | CVE-2002-0099 | Candidate | Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters. | Modified (20020911-01) | ACCEPT(2) Frech, Green | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Christey | Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with | CVE-2000-0641? All describe slightly different overflows | that, perhaps, should be merged according to CD:SF-LOC. | It depends on which versions are affected, which would require | some vendor acknowledgement or consultation. | | A vague changelog for version 3.1 at | http://sourceforge.net/project/shownotes.php?release_id=75333 says | "security fixes" but it"s not clear *which* security fixes | were made. | | The description for CVE-2000-0641 is slightly incorrect. The | exploit is clearly due to a large number of headers, not | arguments to the GET request itself. So, CVE-2000-0641 | clearly overlaps with CVE-2001-0433. | | The exploit for CVE-2001-0433 also doesn"t really have | anything to do with a "cgi-test.pl" program (which isn"t in | the distribution). The discloser simply used that as an | example program of a long request. | Christey> Modify description so that overflow is described as being | part of the CGI module (so it appears). | | Also, Tamer Sahin confirmed via email (9/11/02) that the | problem was explicitly exhibited using a large number of | . (dot) characters. | View |
5113 | CVE-2002-0723 | Candidate | Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | Modified (20030324-01) | ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox | Christey> Need to verify with Microsoft that this is: | BUGTRAQ:20020710 IE allows universal Cross Domain Scripting (TL#003) | URL:http://www.securityfocus.com/archive/1/281367 | MISC:http://www.PivX.com/larholm/adv/TL003/ | BUGTRAQ:20020710 Exploit: TL003/Dot Bug = Reading Non-Parsable Files | URL:http://www.securityfocus.com/archive/1/281660 | Frech> XF:ie-object-scripting(9537) | View |
Page 20398 of 20943, showing 5 records out of 104715 total, starting on record 101986, ending on 101990