CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1679 | CVE-2000-0101 | Candidate | The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | Proposed (20000208) | ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(1) Christey | RECAST(1) Cole | REVIEWING(1) Wall | Cole> I would combine all of these shopping cart applications into one listing, | since they all have the same vulnerability being able to modify sensitive | purchase information via hidden form fields. My concern is in cases like | this we used over 10 entries for basically the same vulnerability. I could | think of cases were there could be 20+ applications with the same | vulnerability and in my opinion it could start to weaken the value of CVE | where there are 30 entries all referring to the same thing. It is almost | like we are playing the vendor game where more is better. I think we | should go after the quality over quantity aspect. | Christey> I disagree with Eric here. This vulnerability is a "type" of | problem in the same way that a buffer overflow is a "type" of | problem. While the shopping cart application bugs were | proposed mostly at the same time, they are all by different | vendors. | | The raw numbers of applications with this problem can make it | appear that CVE is artificially inflating the number of | entries. However, content decisions such as CD:SF-LOC | (different lines of code) dictate that these should be | separated. It"s not a "numbers game" but rather a principled | and consistent approach to resolving problems with | selecting a level of abstraction. | Frech> XF:shopping-cart-form-tampering | View |
| 658 | CVE-1999-0677 | Candidate | The WebRamp web administration utility has a default password. | Modified (19991228-01) | ACCEPT(3) Baker, Blake, Stracener | MODIFY(2) Cole, Frech | NOOP(2) Armstrong, Christey | Cole> I would add that is is not forced to be changed. | Frech> XF:webramp-default-password | Christey> This problem may have been detected in January 1999: | BUGTRAQ:19990121 Re: WebRamp M3 remote network access bug | http://marc.theaimsgroup.com/?l=bugtraq&m=91702375402055&w=2 | View |
| 820 | CVE-1999-0840 | Candidate | Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option. | Modified (20071022) | ACCEPT(4) Armstrong, Baker, Dik, Stracener | MODIFY(1) Frech | NOOP(1) Cole | REVIEWING(1) Prosser | Cole> I went to 1129 and it looks like a reference for a different | vulnerability. | Frech> In the description, should dtmailptr be dtmailpr? | XF:solaris-dtmailpr-overflow | XF:solaris-dtmail-overflow | Dik> sun bug: 4166321 | View |
| 809 | CVE-1999-0829 | Candidate | HP Secure Web Console uses weak encryption. | Proposed (19991208) | ACCEPT(2) Armstrong, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Cole | REVIEWING(1) Prosser | Cole> I could not find details on this using the above references. | Frech> XF:hp-secure-console | View |
| 964 | CVE-1999-0984 | Candidate | Matt"s Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. | Proposed (19991214) | ACCEPT(2) Blake, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Cole | REVIEWING(1) Christey | Cole> How is this different than the previous? | Christey> More examination is required to determine if CVE-1999-0983, | CVE-1999-0984, or CVE-1999-0985 are the same codebase. | Frech> XF:matts-whois-meta | Christey> ADDREF BID:2000 | Christey> XF reference is gone. Replace with http-cgi-matts-whois-meta(3799) ? | View |
Page 264 of 20943, showing 5 records out of 104715 total, starting on record 1316, ending on 1320
