JVN/CVE Demo: Cveinfos

CVE List

Id	CVE No.	Status	Description	Phase	Votes	Comments	Actions
3396	CVE-2001-0583	Candidate	Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.	Proposed (20010727)	ACCEPT(3) Baker, Frech, Williams \| NOOP(5) Bishop, Cole, Foat, Wall, Ziese	Baker> ftp1.deerfield.com/pub/mdaemon/Archive/3.5.6/ \| This is the site for downloading from Deerfield, the parent company. \| The release notes on the web site only apply to version 4.0 and higher. \| If you download the 3.5.6 version, you can then install the software, \| which will also install the release notes, named RelNotes.txt, in the \| docs sub-directory. Inside this file is a vendor confirmation \| of sorts, at least close enough for me.... \| I quote: \| "----------------------------------------------------------------------------- \| MDaemon Server v3.X Release Notes \| ----------------------------------------------------------------------------- \| \| PLEASE READ THIS ENTIRE DOCUMENT. IMPORTANT ISSUES RELATED TO THE RELEASE OF \| MDAEMON 3.X ARE LISTED TOWARD THE BOTTOM OF THIS DOCUMENT. THEY ARE \| CRITICALLY IMPORTANT! PLEASE READ THIS ENTIRE DOCUMENT. \| \| ---------------------------- \| MDaemon v3.5.6 - Mar 9, 2001 \| ---------------------------- \| \| SPECIAL CONSIDERATIONS \| ---------------------- \| \| o None (see 3.51 below) \| \| MAJOR NEW FEATURES \| ------------------ \| \| o None \| \| \| ADDITIONAL CHANGES AND NEW FEATURES \| ----------------------------------- \| \| o None \| \| FIXES \| ----- \| \| o Fix to memory leak in IMAP server. \| o Fix to crash problem in WorldClient Standard and WebConfig web server. \| o Fix to "Send As" address not being used as MAIL FROM when forwarding. \| o Fix to "local only" restriction not being applied when mail collected \| via DomainPOP. \| \| ------------------------------- \| MDaemon v3.5.4 - Feb 19th, 2001 \| ------------------------------- \| " \| This matches the described problems in the worldclient and webconfig servers \| which are part of the Mdaemon package.	View
3334	CVE-2001-0520	Candidate	Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.	Proposed (20010727)	ACCEPT(3) Baker, Cole, Frech \| NOOP(3) Foat, Wall, Ziese \| REVIEWING(1) Bishop	Baker> Found reference on their website, in the release notes, that appears \| to address the problem in this vulnerability: \| \| "15. Fixed a bug that used to cause the SmartStripping mechanism to miss some scripts in HTML pages." \| \| The release notes are available here: \| ftp://ftp.ealaddin.com/pub/manuals/ESG/ESG3.x/esg_rn.zip	View
3913	CVE-2001-1109	Candidate	Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.	Proposed (20020315)	ACCEPT(3) Baker, Frech, Green \| NOOP(5) Armstrong, Cole, Foat, Wall, Ziese	Baker> Apparently vendor acknowledgement of the directory problems in the \| release history, located at: \| http://www.eftp.org/releasehistory.html \| 2.0.8.345 2001.12.04 \| Fixed a problem where the server would give a GPF whn disconnecting a single user \| Added Ratios Feature \| Added Statistics Feature \| Modified User/Group Administration - now much more stable \| Modified Startup Logo \| Modifed all data files to .ini files for easy editing and to save space \| Added Feature to save/load queues \| Added auto reconnect feature on timeout \| Fully Implemented RSA Control Port encryption, so now even commands like USER, PASS, GET, REST etc are encrypted. Total security on both data and commands. \| Added Idle Timout for the Server component \| Fixed some security flaws with directory listings	View
2608	CVE-2000-1039	Candidate	Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.	Proposed (20001219)	ACCEPT(3) Baker, Cole, Renaud \| MODIFY(1) Frech \| NOOP(2) Magdych, Wall \| REVIEWING(1) Christey	Baker> Although this is at a high level, the fact is that it is a vulnerability, and as such we need to recognize this, even if we have to recast or modify the description at some later time. \| Christey> This needs to be commented on and reviewed by many Board \| members. \| Frech> XF:naptha-resource-starvation(5810) \| Christey> ADDREF SGI:20020304-01-A \| Christey> SGI:20020304-01-A	View
597	CVE-1999-0615	Candidate	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running."	Modified (20080731)	ACCEPT(3) Baker, Prosser, Wall \| NOOP(1) Christey \| REJECT(1) Northcutt	Baker> Although newer versions on snmp are not as vulnerable as prior versions, \| this can still be a significant risk of exploitation, as seen in recent \| attacks on snmp services via automated worms \| Christey> XF:snmp(132) ? \| Prosser> This fits the "exposure" description although we also know there are many vulnerabilities in SNMP. This is more of a policy/best practice issue for administrators. If you need SNMP lock it down as tight as you can, if you don"t need it, don"t run it.	View

Page 369 of 20943, showing 5 records out of 104715 total, starting on record 1841, ending on 1845

<<first <prev 365 | 366 | 367 | 368 | 369 | 370 | 371 | 372 | 373 next> last>>

Actions

List JVN
List NVD

History
+
Request History
4 previous requests available
====
Session
+
Session
- 0(null)
====
Request
+
Request

Cake Params
- plugin(null)
- controllercveinfos
- actionindex
- named(array)
  page369
  sortcomments
  directiondesc
- pass(empty)
- paging(array)
  Cveinfo(array)
  page369
  current5
  count104715
  prevPage(true)
  nextPage(true)
  pageCount20943
  order(array)
  Cveinfo.commentsdesc
  limit5
  options(array)
  page369
  order(array)
  Cveinfo.commentsdesc
  sortcomments
  directiondesc
  conditions(empty)
  paramTypenamed
Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route
- keys(array)
  0controller
  1action
- options(array)
  defaultRoute(true)
- defaults(array)
  plugin(null)
- template/:controller/:action/*
====
Sql Log
+

Sql Logs

default
No query logs.

====

Timer

+

Memory

Peak Memory Use 3.56 MB

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.08 MB
View render complete	2.55 MB

Timers

Total Request Time: 121 (ms)

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	4.22
Event: Controller.initialize	0.02
Event: Controller.startup	0.08
Controller action	101.43
Event: Controller.beforeRender	4.31
» Processing toolbar data	4.21
Rendering View	6.18
» Event: View.beforeRender	0.03
» Rendering APP/View/Cveinfos/index.ctp	5.11
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.59
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

====

Log
+

Logs

There were no log entries made this request

====
Variables
+
View Variables
- cveinfos(array)
  0(array)
  Cveinfo(array)
  id3396
  nameCVE-2001-0583
  statusCandidate
  descriptionAlt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
  phaseProposed (20010727)
  votesACCEPT(3) Baker, Frech, Williams | NOOP(5) Bishop, Cole, Foat, Wall, Ziese
  commentsBaker> ftp1.deerfield.com/pub/mdaemon/Archive/3.5.6/ | This is the site for downloading from Deerfield, the parent company. | The release notes on the web site only apply to version 4.0 and higher. | If you download the 3.5.6 version, you can then install the software, | which will also install the release notes, named RelNotes.txt, in the | docs sub-directory. Inside this file is a vendor confirmation | of sorts, at least close enough for me.... | I quote: | "----------------------------------------------------------------------------- | MDaemon Server v3.X Release Notes | ----------------------------------------------------------------------------- | | PLEASE READ THIS ENTIRE DOCUMENT. IMPORTANT ISSUES RELATED TO THE RELEASE OF | MDAEMON 3.X ARE LISTED TOWARD THE BOTTOM OF THIS DOCUMENT. THEY ARE | CRITICALLY IMPORTANT! PLEASE READ THIS ENTIRE DOCUMENT. | | ---------------------------- | MDaemon v3.5.6 - Mar 9, 2001 | ---------------------------- | | SPECIAL CONSIDERATIONS | ---------------------- | | o None (see 3.51 below) | | MAJOR NEW FEATURES | ------------------ | | o None | | | ADDITIONAL CHANGES AND NEW FEATURES | ----------------------------------- | | o None | | FIXES | ----- | | o Fix to memory leak in IMAP server. | o Fix to crash problem in WorldClient Standard and WebConfig web server. | o Fix to "Send As" address not being used as MAIL FROM when forwarding. | o Fix to "local only" restriction not being applied when mail collected | via DomainPOP. | | ------------------------------- | MDaemon v3.5.4 - Feb 19th, 2001 | ------------------------------- | " | This matches the described problems in the worldclient and webconfig servers | which are part of the Mdaemon package.
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  1(array)
  Cveinfo(array)
  id3334
  nameCVE-2001-0520
  statusCandidate
  descriptionAladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
  phaseProposed (20010727)
  votesACCEPT(3) Baker, Cole, Frech | NOOP(3) Foat, Wall, Ziese | REVIEWING(1) Bishop
  commentsBaker> Found reference on their website, in the release notes, that appears | to address the problem in this vulnerability: | | "15. Fixed a bug that used to cause the SmartStripping mechanism to miss some scripts in HTML pages." | | The release notes are available here: | ftp://ftp.ealaddin.com/pub/manuals/ESG/ESG3.x/esg_rn.zip
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  2(array)
  Cveinfo(array)
  id3913
  nameCVE-2001-1109
  statusCandidate
  descriptionDirectory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
  phaseProposed (20020315)
  votesACCEPT(3) Baker, Frech, Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese
  commentsBaker> Apparently vendor acknowledgement of the directory problems in the | release history, located at: | http://www.eftp.org/releasehistory.html | 2.0.8.345 2001.12.04 | Fixed a problem where the server would give a GPF whn disconnecting a single user | Added Ratios Feature | Added Statistics Feature | Modified User/Group Administration - now much more stable | Modified Startup Logo | Modifed all data files to .ini files for easy editing and to save space | Added Feature to save/load queues | Added auto reconnect feature on timeout | Fully Implemented RSA Control Port encryption, so now even commands like USER, PASS, GET, REST etc are encrypted. Total security on both data and commands. | Added Idle Timout for the Server component | Fixed some security flaws with directory listings
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  3(array)
  Cveinfo(array)
  id2608
  nameCVE-2000-1039
  statusCandidate
  descriptionVarious TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
  phaseProposed (20001219)
  votesACCEPT(3) Baker, Cole, Renaud | MODIFY(1) Frech | NOOP(2) Magdych, Wall | REVIEWING(1) Christey
  commentsBaker> Although this is at a high level, the fact is that it is a vulnerability, and as such we need to recognize this, even if we have to recast or modify the description at some later time. | Christey> This needs to be commented on and reviewed by many Board | members. | Frech> XF:naptha-resource-starvation(5810) | Christey> ADDREF SGI:20020304-01-A | Christey> SGI:20020304-01-A
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
  4(array)
  Cveinfo(array)
  id597
  nameCVE-1999-0615
  statusCandidate
  description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running."
  phaseModified (20080731)
  votesACCEPT(3) Baker, Prosser, Wall | NOOP(1) Christey | REJECT(1) Northcutt
  commentsBaker> Although newer versions on snmp are not as vulnerable as prior versions, | this can still be a significant risk of exploitation, as seen in recent | attacks on snmp services via automated worms | Christey> XF:snmp(132) ? | Prosser> This fits the "exposure" description although we also know there are many vulnerabilities in SNMP. This is more of a policy/best practice issue for administrators. If you need SNMP lock it down as tight as you can, if you don"t need it, don"t run it.
  deleted(null)
  created0000-00-00 00:00:00
  modified0000-00-00 00:00:00
- $request->data(empty)
- $this->validationErrors(array)
  Cveinfo(empty)
- Loaded Helpers(array)
  0Number
  1SimpleGraph
  2Paginator
  3DebugTimer
  4Toolbar
  5Html
  6Form
  7Session
  8HtmlToolbar
====

+

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/index/page:369/sort:comments/direction:desc
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/index/page:369/sort:comments/direction:desc
Remote Port	42074
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.148.162.188
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.148.162.188
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.148.162.188
Unique Id	aCibqgLwmai1h9cxUVdHNQAAAJc
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Checkdos	1
Redirect X Dostranslated Ip	3.148.162.188
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.148.162.188
Redirect Unique Id	aCibqgLwmai1h9cxUVdHNQAAAJc
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Checkdos	1
Redirect Redirect X Dostranslated Ip	3.148.162.188
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.148.162.188
Redirect Redirect Unique Id	aCibqgLwmai1h9cxUVdHNQAAAJc
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747491754.5639
Request Time	1747491754

====

Include
+
Included Files

Include Paths
- 0/virtual/inogo77/public_html/jvn/lib
- 2/opt/remi/php56/root/usr/share/pear
- 3/opt/remi/php56/root/usr/share/php
- 4/usr/share/pear
- 5/usr/share/php
- 6-> /virtual/inogo77/public_html/jvn/lib/Cake/
Included Files
- core(array)
  Cache(array)
  0CORE/Cache/Cache.php
  1CORE/Cache/Engine/FileEngine.php
  2CORE/Cache/CacheEngine.php
  Component(array)
  0CORE/Controller/Component/SessionComponent.php
  1CORE/Controller/Component/PaginatorComponent.php
  Config(array)
  0CORE/Config/routes.php
  1CORE/Config/config.php
  Controller(array)
  0CORE/Controller/Controller.php
  1CORE/Controller/ComponentCollection.php
  2CORE/Controller/Component.php
  Datasource(array)
  0CORE/Model/Datasource/CakeSession.php
  1CORE/Model/Datasource/Database/Mysql.php
  2CORE/Model/Datasource/DboSource.php
  3CORE/Model/Datasource/DataSource.php
  Error(array)
  0CORE/Error/exceptions.php
  1CORE/Error/ErrorHandler.php
  I18n(array)
  0CORE/I18n/I18n.php
  1CORE/I18n/L10n.php
  Log(array)
  0CORE/Log/CakeLog.php
  1CORE/Log/LogEngineCollection.php
  2CORE/Log/Engine/FileLog.php
  3CORE/Log/Engine/BaseLog.php
  4CORE/Log/CakeLogInterface.php
  Model(array)
  0CORE/Model/Model.php
  1CORE/Model/BehaviorCollection.php
  2CORE/Model/ConnectionManager.php
  Network(array)
  0CORE/Network/CakeRequest.php
  1CORE/Network/CakeResponse.php
  Other(array)
  0CORE/bootstrap.php
  1CORE/basics.php
  2CORE/Core/App.php
  3CORE/Core/Configure.php
  4CORE/Core/CakePlugin.php
  5CORE/Event/CakeEventListener.php
  6CORE/Event/CakeEvent.php
  7CORE/Event/CakeEventManager.php
  8CORE/Core/Object.php
  Routing(array)
  0CORE/Routing/Dispatcher.php
  1CORE/Routing/Filter/AssetDispatcher.php
  2CORE/Routing/DispatcherFilter.php
  3CORE/Routing/Filter/CacheDispatcher.php
  4CORE/Routing/Router.php
  5CORE/Routing/Route/CakeRoute.php
  6CORE/Routing/Route/PluginShortRoute.php
  Utility(array)
  0CORE/Utility/Hash.php
  1CORE/Utility/Inflector.php
  2CORE/Utility/ObjectCollection.php
  3CORE/Utility/Debugger.php
  4CORE/Utility/String.php
  5CORE/Utility/ClassRegistry.php
  View(array)
  0CORE/View/HelperCollection.php
- app(array)
  Component(array)
  0APP/Controller/Component/CommonComponent.php
  Config(array)
  0APP/Config/core.php
  1APP/Config/bootstrap.php
  2APP/Config/routes.php
  3APP/Config/database.php
  Controller(array)
  0APP/Controller/CveinfosController.php
  1APP/Controller/AppController.php
  Model(array)
  0APP/Model/Cveinfo.php
  1APP/Model/AppModel.php
  Other(array)
  0APP/webroot/index.php
- plugins(array)
  DebugKit(array)
  Component(array)
  0DebugKit/Controller/Component/ToolbarComponent.php
  Other(array)
  0DebugKit/Lib/DebugMemory.php
  1DebugKit/Lib/Panel/HistoryPanel.php
  2DebugKit/Lib/DebugPanel.php
  3DebugKit/Lib/Panel/SessionPanel.php
  4DebugKit/Lib/Panel/RequestPanel.php
  5DebugKit/Lib/Panel/SqlLogPanel.php
  6DebugKit/Lib/Panel/TimerPanel.php
  7DebugKit/Lib/Panel/LogPanel.php
  8DebugKit/Lib/Panel/VariablesPanel.php
  9DebugKit/Lib/Panel/EnvironmentPanel.php
  10DebugKit/Lib/Panel/IncludePanel.php
  11DebugKit/Lib/DebugTimer.php
  Log(array)
  0DebugKit/Lib/Log/Engine/DebugKitLog.php
====