CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 2190 | CVE-2000-0614 | Candidate | Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. | Proposed (20000719) | ACCEPT(1) Levy | MODIFY(1) Frech | NOOP(4) Cole, LeBlanc, Magdych, Wall | REVIEWING(1) Christey | Christey> This problem appears in AMaViS as well, so they may be the | same codebase. If so, then CD:SF-CODEBASE says to merge the | two (thus ADDREF BID:1461). If they are not the same | codebase, then create a separate candidate for BID:1461. | Frech> XF:linux-tnef-email-overwrite(4915) | CHANGE> [Magdych changed vote from REVIEWING to NOOP] | View |
| 154 | CVE-1999-0154 | Candidate | IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | Proposed (20010912) | ACCEPT(4) Foat, Frech, Stracener, Wall | NOOP(3) Baker, Christey, Cole | Christey> This is the precursor to the problem that is identified in | CVE-1999-0253. | Christey> CIAC:H-48 | URL:http://ciac.llnl.gov/ciac/bulletins/h-48.shtml | CHANGE> [Foat changed vote from NOOP to ACCEPT] | View |
| 2659 | CVE-2000-1092 | Candidate | loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter. | Modified (20020327-01) | ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(4) Christey, Cole, Magdych, Wall | Christey> This is documented in an NSFOCUS security advisory released | sometime around December 11. Also, it"s BID:2109. | Christey> BUGTRAQ:20001213 NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List | http://marc.theaimsgroup.com/?l=bugtraq&m=97676270729984&w=2 | XF:ezshopper-cgi-file-disclosure | URL:http://xforce.iss.net/static/5740.php | Frech> XF:ezshopper-cgi-file-disclosure(5740) | Christey> Followup posts indicate that this problem may have been | discovered earlier than 20001213. | View |
| 1046 | CVE-1999-1066 | Candidate | Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. | Proposed (20010912) | MODIFY(1) Frech | NOOP(4) Christey, Cole, Foat, Wall | Christey> This is apparently a problem with the connection protocol. | See BUGTRAQ:19980522 NetQuake Protocol problem resulting in smurf like effect. | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925989&w=2 | Frech> XF:quake-udp-connection-dos(7862) | View |
| 252 | CVE-1999-0253 | Candidate | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | Modified (20000106-01) | ACCEPT(9) Armstrong, Baker, Bishop, Blake, Cole, Collins, Frech, Landfield, Northcutt | MODIFY(1) LeBlanc | NOOP(3) Ozancin, Prosser, Wall | REVIEWING(1) Christey | Christey> This is a problem that was introduced after patching a | previous dot bug with the iis-fix hotfix (see CVE-1999-0154). | Since the hotfix introduced the problem, this should be | treated as a seaprate issue. | Wall> Agree with the comment. | LeBlanc> - this one is so old, I don"t remember it at all and can"t verify or | deny the issue. If you can find some documentation that says we fixed it (KB | article, hotfix, something), then I would change this to ACCEPT | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> BID:1814 | URL:http://www.securityfocus.com/bid/1814 | View |
Page 282 of 20943, showing 5 records out of 104715 total, starting on record 1406, ending on 1410
