CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5331 | CVE-2002-0943 | Candidate | MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. | Proposed (20020830) | ACCEPT(1) Frech | NOOP(5) Cole, Cox, Foat, Green, Wall | Frech> XF:shopping-cart-database-access(9816) | View |
| 3565 | CVE-2001-0758 | Candidate | Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. | Proposed (20011012) | MODIFY(1) Frech | NOOP(5) Armstrong, Christey, Cole, Foat, Wall | Frech> XF:shambala-ftp-cwd-directory-traversal(7418) | Christey> Other .. problems were found in 4.5 as described in: | BUGTRAQ:20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS | URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html | CD:SF-LOC might suggest merging these two. (I"m working | on creating a CAN for the newer discovery). | View |
| 2154 | CVE-2000-0578 | Candidate | SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. | Proposed (20000719) | ACCEPT(4) Baker, Blake, Cole, Levy | MODIFY(1) Frech | NOOP(7) Armstrong, Christey, LeBlanc, Magdych, Oliver, Ozancin, Wall | Frech> XF:sgi-mipspro-modify-files(5007) | CHANGE> [Cole changed vote from NOOP to ACCEPT] | CHANGE> [Magdych changed vote from REVIEWING to NOOP] | Christey> SGI:20030605-01-A | URL:ftp://patches.sgi.com/support/free/security/advisories/20030605-01-A | View |
| 2122 | CVE-2000-0545 | Candidate | Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter. | Proposed (20000712) | ACCEPT(2) Levy, Ozancin | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | REVIEWING(1) Christey | Frech> XF:sgi-mailx-bo(1371) | CVE-2000-0545 seems to be a dupe of CVE-1999-0125 (Buffer overflow in SGI | IRIX mailx program) since they both allow "mail" group privileges. There was | no exploit for SGI"s vuln to compare. | Christey> Since we are taking a split-by-default approach when | there are insufficient details, we should keep this | separate from CVE-1999-0125. The difference in the | time of discovery is also a factor, even if these wind | up being the same problem. However, there just aren"t | enough details to be sure if this is the same problem or not. | Christey> On June 25, 1998, a buffer overflow in mailx via the HOME | environmental variable was posted at: | BUGTRAQ:19980625 security hole in mailx | http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125955&w=2 | | This affected multiple OSes. | | SGI:19980605-01-PX (CVE-1999-0125) was published on September | 29, 1998; while the advisory is short on details, it does | mention a buffer overflow. | | So, there"s enough distinction here (time and what gets | exploited) to say that these should remain split; but | CVE-1999-0125 likely needs to be RECAST to mention other | affected OSes. | View |
| 1163 | CVE-1999-1183 | Candidate | System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user"s Mailcap entry supports the x-sgi-task or x-sgi-exec type. | Modified (20060705) | ACCEPT(3) Cole, Foat, Stracener | MODIFY(1) Frech | Frech> XF:sgi-mailcap(809) | View |
Page 88 of 20943, showing 5 records out of 104715 total, starting on record 436, ending on 440
