CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 2769 | CVE-2000-1202 | Candidate | ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user"s own CLASSPATH directories before the system"s directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | Proposed (20010912) | ACCEPT(2) Frech, Williams | NOOP(4) Cole, Foat, Stracener, Wall | Williams> :%s/IBMHSSSB/IBMHSSB | View |
| 248 | CVE-1999-0249 | Candidate | Windows NT RSHSVC program allows remote users to execute arbitrary commands. | Proposed (19990714) | ACCEPT(1) Baker | MODIFY(2) Frech, Wall | NOOP(2) Northcutt, Shostack | RECAST(1) Christey | REVIEWING(1) Levy | Wall> Windows NT Rshsvc.exe from the Windows NT Resource Kit allows | remote | users to execute arbitrary commands. | Source: rshsvc.txt from the Windows NT Resource Kit. | Frech> XF:rsh-svc | Christey> MSKB:Q158320, last reviewed in January 1999, refers to a case | where remote users coming from authorized machines are | allowed access regardless of what .rhosts says. XF:rsh-svc | refers to a bug circa 1997 where any remote entity could | execute commands as system. | View |
| 2080 | CVE-2000-0503 | Candidate | The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. | Proposed (20000712) | ACCEPT(1) Levy | MODIFY(2) Frech, Wall | NOOP(2) LeBlanc, Ozancin | REVIEWING(1) Christey | Wall> This affects more than IE 5.01. See http://www.securityfocus.com/bid/1311 for | all versions of IE that this affects. Works on Windows 98, IE 5.01 and IE 5.5. | LeBlanc> If this is the one I was discussing offline with Steve, ACCEPT | Frech> XF:ie-cross-frame(4610) | Christey> Make sure this is the one I was discussing offline with David :-) | Frech> CVE-2000-0503 was reassigned to ie-frame-domain-file-access(5504) from | ie-cross-frame(4610), which was obsoleted and redirected to this | issue. Since these are the same issues but just described differently, | CVE-2000-0503 appears to be a dupe of CVE-2000-0768. | View |
| 636 | CVE-1999-0654 | Candidate | The OS/2 or POSIX subsystem in NT is enabled. | Proposed (19990728) | ACCEPT(1) Wall | MODIFY(1) Frech | NOOP(2) Baker, Christey | REJECT(1) Northcutt | Wall> These subsystems could still allow a process to persist across logins. | Frech> XF:nt-posix(217) | XF:nt-posix-sub-c2(2397) | XF:nt-posix-sub-onceonly(2478) | XF:nt-os2-sub(218) | XF:nt-os2-sub-c2(2396) | XF:nt-os2-sub-onceonly(2477) | XF:nt-os2-registry(2550) | Christey> s2-file-os2(1865) | View |
| 5033 | CVE-2002-0643 | Candidate | The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." | Modified (20050510) | ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox | Wall> There may be a 4th type - clear-text passwords, which may be found in | other setup.iss files. | Christey> XF:mssql-insecure-password-storage(9524) | URL:http://www.iss.net/security_center/static/9524.php | BID:5203 | URL:http://www.securityfocus.com/bid/5203 | Frech> XF:mssql-insecure-password-storage(9524) | View |
Page 6 of 20943, showing 5 records out of 104715 total, starting on record 26, ending on 30
