CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5330 | CVE-2002-0942 | Candidate | Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach. | Proposed (20020830) | ACCEPT(3) Baker, Frech, Green | NOOP(4) Cole, Cox, Foat, Wall | View | |
| 3913 | CVE-2001-1109 | Candidate | Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. | Proposed (20020315) | ACCEPT(3) Baker, Frech, Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese | Baker> Apparently vendor acknowledgement of the directory problems in the | release history, located at: | http://www.eftp.org/releasehistory.html | 2.0.8.345 2001.12.04 | Fixed a problem where the server would give a GPF whn disconnecting a single user | Added Ratios Feature | Added Statistics Feature | Modified User/Group Administration - now much more stable | Modified Startup Logo | Modifed all data files to .ini files for easy editing and to save space | Added Feature to save/load queues | Added auto reconnect feature on timeout | Fully Implemented RSA Control Port encryption, so now even commands like USER, PASS, GET, REST etc are encrypted. Total security on both data and commands. | Added Idle Timout for the Server component | Fixed some security flaws with directory listings | View |
| 3915 | CVE-2001-1111 | Candidate | EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. | Proposed (20020315) | ACCEPT(3) Baker, Frech, Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese | Baker> It looks like this issue was modified in the changelog, but the basic issue | still exists. They moved all data files into the ini file. Still a | plain text file, however. It would have been better in a registry setting | so it was harder to get to... | | 2.0.8.345 2001.12.04 | Fixed a problem where the server would give a GPF whn disconnecting a single user | Added Ratios Feature | Added Statistics Feature | Modified User/Group Administration - now much more stable | Modified Startup Logo | Modifed all data files to .ini files for easy editing and to save space | Added Feature to save/load queues | Added auto reconnect feature on timeout | Fully Implemented RSA Control Port encryption, so now even commands like USER, PASS, GET, REST etc are encrypted. Total security on both data and commands. | Added Idle Timout for the Server component | Fixed some security flaws with directory listings | View |
| 3963 | CVE-2001-1159 | Candidate | load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | Proposed (20020315) | ACCEPT(3) Baker, Frech, Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | View |
| 2658 | CVE-2000-1090 | Candidate | Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. | Proposed (20010202) | ACCEPT(3) Baker, Frech, LeBlanc | NOOP(1) Cole | REVIEWING(3) Christey, Wall, Ziese | LeBlanc> Fixed in SP2 for Win2K. NT 4.0 is not affected. bulletin | MS99-022 | Christey> Need to add the Bugtraq references for this. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Is this really the same problem addressed by MS99-022, | which is covered by CVE-1999-0725 ? | View |
Page 946 of 20943, showing 5 records out of 104715 total, starting on record 4726, ending on 4730
