CVE List

Id CVE No. Status Description Phase Votes Comments Actions
518  CVE-1999-0521  Candidate  An NIS domain name is easily guessable.  Proposed (19990714)  ACCEPT(4) Baker, Meunier, Northcutt, Shostack | MODIFY(1) Frech | NOOP(1) Christey  Frech> XF:nis-dom | Christey> Consider http://www.cert.org/advisories/CA-1992-13.html | as well as ftp://ciac.llnl.gov/pub/ciac/bulletin/c-fy92/c-25.ciac-sunos-nis-patch  View
535  CVE-1999-0541  Candidate  A password for accessing a WWW URL is guessable.  Proposed (19990714)  ACCEPT(4) Baker, Meunier, Northcutt, Shostack | MODIFY(1) Frech  Frech> XF:http-password  View
285  CVE-1999-0286  Candidate  In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.  Proposed (19990714)  ACCEPT(3) Armstrong, Cole, Shostack | MODIFY(3) Blake, Levy, Wall | NOOP(5) Baker, Bishop, Landfield, Northcutt, Ozancin | REJECT(1) Frech | REVIEWING(1) Christey  Wall> In some NT web servers, appending a dot at the end of a URL may | allows attackers to read source code for active pages. | Source: MS Knowledge Base Article Q163485 - "Active Server Pages Script Appears | in Browser" | Frech> In the meantime, reword description as "Windows NT" (trademark issue) | Christey> Q163485 does not refer to a space, it refers to a dot. | However, I don"t have other references. | | Reading source code with a dot appended is in CVE-1999-0154, | which will be proposed. A subsequent bug similar to the | dot bug is CVE-1999-0253. | Levy> NTBUGTRAQ: http://www.securityfocus.com/archive/2/22014 | NTBUGTRAQ: http://www.securityfocus.com/archive/2/22019 | BID 273 | Blake> Reference: http://www.allaire.com/handlers/index.cfm?ID=10967 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> BID articles)  View
286  CVE-1999-0287  Candidate  Vulnerability in the Wguest CGI program.  Proposed (19990714)  MODIFY(2) Frech, Shostack | NOOP(4) Blake, Levy, Northcutt, Wall | REJECT(2) Baker, Christey  Shostack> allows file reading | Frech> XF:http-cgi-webcom-guestbook | Christey> CVE-1999-0287 is probably a duplicate of CVE-1999-0467. In | NTBUGTRAQ:19990409 Webcom"s CGI Guestbook for Win32 web servers | Mnemonix says that he had previously reported on a similar | problem. Let"s refer to the NTBugtraq posting as | CVE-1999-0467. We will refer to the "previous report" as | CVE-1999-0287, which could be found at: | http://oliver.efri.hr/~crv/security/bugs/NT/httpd41.html | | 0287 describes an exploit via the "template" hidden variable. | The exploit describes manually editing the HTML form to | change the filename to read from the template variable. | | The exploit as described in 0467 encodes the template variable | directly into the URL. However, hidden variables are also | encoded into the URL, which would have looked the same to | the web server regardless of the exploit. Therefore 0287 | and 0467 are the same. | Christey> BID:2024  View
305  CVE-1999-0306  Candidate  buffer overflow in HP xlock program.  Proposed (19990714)  ACCEPT(3) Baker, Frech, Northcutt | MODIFY(1) Prosser | NOOP(1) Shostack | REJECT(1) Christey  Prosser> This is another of those with multiple affected OSs. | Refs: CA-97.13, http://207.237.120.45/linux/xlock-exploit.txt, | HPSBUX9711-073, SGI 19970502-02-PX, Sun Bulletin 000150 | Christey> XF:hp-xlock points to SGI:19970502-02-PX which says this is | the same problem as in CERT:CA-97.13, which is CVE-1999-0038.  View

Page 20521 of 20943, showing 5 records out of 104715 total, starting on record 102601, ending on 102605

Actions