CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5113 | CVE-2002-0723 | Candidate | Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | Modified (20030324-01) | ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox | Christey> Need to verify with Microsoft that this is: | BUGTRAQ:20020710 IE allows universal Cross Domain Scripting (TL#003) | URL:http://www.securityfocus.com/archive/1/281367 | MISC:http://www.PivX.com/larholm/adv/TL003/ | BUGTRAQ:20020710 Exploit: TL003/Dot Bug = Reading Non-Parsable Files | URL:http://www.securityfocus.com/archive/1/281660 | Frech> XF:ie-object-scripting(9537) | View |
| 4493 | CVE-2002-0099 | Candidate | Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters. | Modified (20020911-01) | ACCEPT(2) Frech, Green | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Christey | Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with | CVE-2000-0641? All describe slightly different overflows | that, perhaps, should be merged according to CD:SF-LOC. | It depends on which versions are affected, which would require | some vendor acknowledgement or consultation. | | A vague changelog for version 3.1 at | http://sourceforge.net/project/shownotes.php?release_id=75333 says | "security fixes" but it"s not clear *which* security fixes | were made. | | The description for CVE-2000-0641 is slightly incorrect. The | exploit is clearly due to a large number of headers, not | arguments to the GET request itself. So, CVE-2000-0641 | clearly overlaps with CVE-2001-0433. | | The exploit for CVE-2001-0433 also doesn"t really have | anything to do with a "cgi-test.pl" program (which isn"t in | the distribution). The discloser simply used that as an | example program of a long request. | Christey> Modify description so that overflow is described as being | part of the CGI module (so it appears). | | Also, Tamer Sahin confirmed via email (9/11/02) that the | problem was explicitly exhibited using a large number of | . (dot) characters. | View |
| 905 | CVE-1999-0925 | Candidate | UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. | Modified (20020829-01) | ACCEPT(2) Baker, Stracener | MODIFY(1) Frech | NOOP(1) Christey | REVIEWING(1) Levy | Frech> XF:unitymail-web-dos(1630) | Christey> BID:1760 | URL:http://www.securityfocus.com/bid/1760 | Christey> Affected version is 2.0 | Change date of Bugtraq post - it was 1998. | View |
| 3664 | CVE-2001-0858 | Candidate | Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges. | Modified (20020817-01) | ACCEPT(5) Armstrong, Baker, Bishop, Cole, Foat | MODIFY(1) Frech | NOOP(1) Wall | Frech> XF:unixware-openunix-ppp-bo(7570) | View |
| 4724 | CVE-2002-0332 | Candidate | Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request. | Modified (20020817-01) | ACCEPT(3) Baker, Cole, Frech | NOOP(4) Christey, Cox, Foat, Wall | Christey> DELREF XF:xtell-tty-directory-traversal(8313) | ADDREF XF:xtell-bo(8312) | View |
Page 546 of 20943, showing 5 records out of 104715 total, starting on record 2726, ending on 2730
