CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1731 | CVE-2000-0153 | Candidate | FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | Proposed (20000223) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | NOOP(2) Baker, Christey | REJECT(1) LeBlanc | LeBlanc> I think this is the same as | http://www.microsoft.com/technet/security/bulletin/ms99-010.asp | If that is true, and you already have it logged, we don"t want to have an | entry for the same bug. | Christey> MS:MS99-010 describes CVE-1999-0386. Are there sufficient | details to ensure that this is the same problem? | | See http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f@nordnode | | Frech> XF:pws-file-access | (We currently have this issue assigned to this CAN and to CVE-1999-0386. I | see that others have similar concerns that this is a duplicate; please | confirm on current status of this candidate.) | Christey> [note to self: review comments by Mark Burnett] | View |
| 2188 | CVE-2000-0612 | Candidate | Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. | Proposed (20000719) | ACCEPT(4) Cole, Frech, LeBlanc, Levy | NOOP(2) Magdych, Wall | REVIEWING(1) Christey | LeBlanc> I know we have a repro on this, but you may want to leave this in | the REVIEWING state until a fix is released. | CHANGE> [Magdych changed vote from REVIEWING to NOOP] | View |
| 2028 | CVE-2000-0450 | Candidate | Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands. | Proposed (20000615) | ACCEPT(3) Levy, Ozancin, Stracener | MODIFY(1) Frech | NOOP(3) Christey, Cole, Wall | RECAST(1) LeBlanc | LeBlanc> I have no idea what this one is talking about from the description. I also | don"t think it involves "Network Monitor", which is a component of Windows | NT/Windows 2000. This should be clarified. | Frech> XF:big-brother-bbd-bo | Christey> The original advisory, as forwarded to Bugtraq, does not | provide any details, so the description is necessarily vague. | Also, the home page at http://bb4.com has it referring to | itself as "Big Brother System and Network Monitor," so | "Network Monitor" is apparently part of the name of the product. | | Change this description to mention version 1.4g, to distinguish | from other Big Brother vulnerabilities. | View |
| 3143 | CVE-2001-0322 | Candidate | MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | Proposed (20010404) | ACCEPT(1) Frech | NOOP(2) Cole, Ziese | REJECT(1) LeBlanc | REVIEWING(2) Bishop, Wall | LeBlanc> I don"t believe that EX-CLIENT-DOS issues should be included | in CVE. | View |
| 2658 | CVE-2000-1090 | Candidate | Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. | Proposed (20010202) | ACCEPT(3) Baker, Frech, LeBlanc | NOOP(1) Cole | REVIEWING(3) Christey, Wall, Ziese | LeBlanc> Fixed in SP2 for Win2K. NT 4.0 is not affected. bulletin | MS99-022 | Christey> Need to add the Bugtraq references for this. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Is this really the same problem addressed by MS99-022, | which is covered by CVE-1999-0725 ? | View |
Page 34 of 20943, showing 5 records out of 104715 total, starting on record 166, ending on 170
