CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 2150 | CVE-2000-0574 | Candidate | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. | Proposed (20000719) | ACCEPT(3) Cole, Levy, Magdych | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | REVIEWING(1) Christey | Christey> CD:SF-CODEBASE applies here. There are many ftpd"s that | have this setproctitle() problem, but it might be traced | back to the same codebase. See if the HP problem is the | same here as well, and if so, ADDREF HP:HPSBUX0007-117 | URL:http://www.securityfocus.com/templates/advisory.html?id=2404 | Frech> XF:ftp-setproctitle-format-string(4908) | BID:1438 does not exist. | Christey> ADDREF HP:HPSBUX0007-117?? | http://archives.neohapsis.com/archives/hp/2000-q4/0020.html | Christey> ADDREF BID:650 ? | View |
| 1858 | CVE-2000-0280 | Candidate | Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL. | Proposed (20000426) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | NOOP(1) Baker | Frech> XF:realserver-ramgen-dos | View |
| 2286 | CVE-2000-0710 | Candidate | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. | Proposed (20000921) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | NOOP(1) Christey | Christey> [note to self: review comments by Mark Burnett] | Frech> XF:frontpage-ext-device-name-dos(5124) | View |
| 1731 | CVE-2000-0153 | Candidate | FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | Proposed (20000223) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | NOOP(2) Baker, Christey | REJECT(1) LeBlanc | LeBlanc> I think this is the same as | http://www.microsoft.com/technet/security/bulletin/ms99-010.asp | If that is true, and you already have it logged, we don"t want to have an | entry for the same bug. | Christey> MS:MS99-010 describes CVE-1999-0386. Are there sufficient | details to ensure that this is the same problem? | | See http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f@nordnode | | Frech> XF:pws-file-access | (We currently have this issue assigned to this CAN and to CVE-1999-0386. I | see that others have similar concerns that this is a duplicate; please | confirm on current status of this candidate.) | Christey> [note to self: review comments by Mark Burnett] | View |
| 2322 | CVE-2000-0746 | Candidate | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | Proposed (20000921) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | REVIEWING(1) Christey | Christey> Make sure both BID"s are appropriate | XF:iis-cross-site-scripting | http://xforce.iss.net/static/5156.php | Frech> XF: iis-cross-site-scripting(5156) | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> A re-release of MS:MS00-060 indicates that a new variant of | this problem was discovered, but the advisory does not | provide sufficient details to distinguish it from this | candidate. A new candidate is being created, but the | description can"t be written without mentioning this CAN. | View |
Page 984 of 20943, showing 5 records out of 104715 total, starting on record 4916, ending on 4920
