CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5610 | CVE-2002-1226 | Candidate | Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). | Proposed (20030317) | ACCEPT(3) Armstrong, Cole, Green | NOOP(2) Christey, Cox | Christey> I need to look more closely at comments made in BID:5729, | which may be related to this issue. Also need to look at | NetBSD advisory 2002-018: | URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-018.txt.asc | View |
| 1134 | CVE-1999-1154 | Candidate | LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. | Proposed (20010912) | ACCEPT(2) Cole, Frech | NOOP(3) Christey, Foat, Wall | Christey> I confirmed this problem via visual inspection of the | source code in http://www.lakeweb.com/scripts/filemail.zip | Line 82 has an insufficient check for shell metacharacters | that doesn"t exclude semicolons. Line 129 is the | call where the metacharacters are injected. | | Need to add "filemail.pl" to the description. | View |
| 359 | CVE-1999-0360 | Candidate | MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | Modified (20000530-01) | ACCEPT(6) Blake, Cole, Collins, Landfield, Northcutt, Wall | MODIFY(3) Baker, Frech, LeBlanc | NOOP(4) Armstrong, Christey, Ozancin, Prosser | Christey> I can"t find the original Bugtraq posting (it appears that | mnemonix discovered the problem). | LeBlanc> - if there was a fix or a KB article, I"d ACCEPT. A vuln based on a | BUGTRAQ posting we can"t find could be anything. | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/12218 Misc Defensive InfoVulnerability Reference (HTML) Reference Type | THis is the URL for the Bugtraq posting. It was cross posted to | NT Bugtraq as well, but identical text. It was Mnemonix... | Christey> BID:1811 | URL:http://www.securityfocus.com/bid/1811 | Christey> CHANGEREF BUGTRAQ add "Server 2." to the subject. | Also standardize NTBUGTRAQ reference title. | Christey> Add "uploadn.asp" to the description. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:siteserver-user-dir-permissions(5384) | View |
| 4018 | CVE-2001-1214 | Candidate | manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters. | Modified (20050510) | ACCEPT(1) Frech | NOOP(6) Christey, Cole, Foat, Green, Wall, Ziese | Christey> I can"t find anything about "Marcus S. Xenakis" on the web at | all, except for vulnerability reports. | CHANGE> [Green changed vote from ACCEPT to NOOP] | Green> The more I looked again today the more circular the references | were getting. And there"s no single pointer to a Marcus | Xenakis site. So, I"ll have to modify the vote to a NOOP. | Christey> A similar issue is in CVE-2002-0434, but CVE-2002-0434 is for | manual.php. | View |
| 2578 | CVE-2000-1009 | Candidate | dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | Proposed (20001129) | ACCEPT(5) Baker, Cole, Frech, Mell, Renaud | NOOP(1) Christey | Christey> http://www.redhat.com/support/errata/RHSA-2000-100.html | ADDREF BUGTRAQ:20001103 Trustix Security Advisory - dump | http://archives.neohapsis.com/archives/bugtraq/2000-11/0026.html | Christey> CERT-VN:VU#153653 | URL:http://www.kb.cert.org/vuls/id/153653 | View |
Page 306 of 20943, showing 5 records out of 104715 total, starting on record 1526, ending on 1530
