CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1961 | CVE-2000-0383 | Candidate | The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient. | Modified (20000706-01) | ACCEPT(5) Cole, Frech, Levy, Ozancin, Stracener | NOOP(3) Baker, Christey, Prosser | Christey> Normalize the Bugtraq reference! | View |
| 1606 | CVE-2000-0028 | Candidate | Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | Modified (20000626-01) | ACCEPT(2) Armstrong, Stracener | MODIFY(2) Frech, Levy | NOOP(1) Baker | RECAST(1) LeBlanc | REVIEWING(1) Christey | Frech> XF:ie-navigateandfind | Christey> May be a duplicate of CVE-2000-0465 according to my | communications with Microsoft people. CVE-2000-0266 may | also be a variant. | Levy> BID 887 | LeBlanc> duplicate | View |
| 359 | CVE-1999-0360 | Candidate | MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | Modified (20000530-01) | ACCEPT(6) Blake, Cole, Collins, Landfield, Northcutt, Wall | MODIFY(3) Baker, Frech, LeBlanc | NOOP(4) Armstrong, Christey, Ozancin, Prosser | Christey> I can"t find the original Bugtraq posting (it appears that | mnemonix discovered the problem). | LeBlanc> - if there was a fix or a KB article, I"d ACCEPT. A vuln based on a | BUGTRAQ posting we can"t find could be anything. | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/12218 Misc Defensive InfoVulnerability Reference (HTML) Reference Type | THis is the URL for the Bugtraq posting. It was cross posted to | NT Bugtraq as well, but identical text. It was Mnemonix... | Christey> BID:1811 | URL:http://www.securityfocus.com/bid/1811 | Christey> CHANGEREF BUGTRAQ add "Server 2." to the subject. | Also standardize NTBUGTRAQ reference title. | Christey> Add "uploadn.asp" to the description. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:siteserver-user-dir-permissions(5384) | View |
| 297 | CVE-1999-0298 | Candidate | ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. | Modified (20000524-01) | ACCEPT(4) Cole, Dik, Levy, Northcutt | MODIFY(1) Frech | NOOP(3) Baker, Christey, Shostack | Christey> ADDREF BID:1441 | URL:http://www.securityfocus.com/bid/1441 | Dik> If you run with "-ypset", then you"re always insecure. | With ypsetme, only root on the local host | can run ypset in Solaris 2.x+. | Probably true for SunOS 4, hence my vote. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> ADDREF XF:ypbind-ypset-root | CHANGE> [Dik changed vote from REVIEWING to ACCEPT] | Dik> This vulnerability does exist in SunOS 4.x in non default configurations. | In Solaris 2.x, the vulnerability only applies to files named "cache_binding" | and not all files ending in .2 | Both releases are not vulnerable in the default configuration (both | disabllow ypset by default which prevents this problem from occurring) | View |
| 363 | CVE-1999-0364 | Candidate | Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | Modified (20000426-01) | ACCEPT(2) Baker, LeBlanc | MODIFY(1) Frech | NOOP(2) Northcutt, Wall | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:access-weak-passwords(1774) | An older published reference (from our own Adam) would be | better: | ailab.coderpunks Newsgroup, 1998/06/23 "Re: MS Access 2.0" | http://x15.dejanews.com/[ST_rn=ps]/getdoc.xp?AN=365308578&CONTEXT=9192 | 07028.1462108427&hitnum=1 | View |
Page 565 of 20943, showing 5 records out of 104715 total, starting on record 2821, ending on 2825
