"CVE Version 20061101" "Name","Status","Description","References" CVE-1999-0002,Entry,"Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.","SGI:19981006-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I | CERT:CA-98.12.mountd | CIAC:J-006 | URL:http://www.ciac.org/ciac/bulletins/j-006.shtml | BID:121 | URL:http://www.securityfocus.com/bid/121 | XF:linux-mountd-bo" CVE-1999-0003,Entry,"Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).","NAI:NAI-29 | CERT:CA-98.11.tooltalk | SGI:19981101-01-A | URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A | SGI:19981101-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX | XF:aix-ttdbserver | XF:tooltalk | BID:122 | URL:http://www.securityfocus.com/bid/122" CVE-1999-0005,Entry,"Arbitrary command execution via IMAP buffer overflow in authenticate command.","CERT:CA-98.09.imapd | SUN:00177 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177 | BID:130 | URL:http://www.securityfocus.com/bid/130 | XF:imap-authenticate-bo" CVE-1999-0006,Entry,"Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.","CERT:CA-98.08.qpopper_vul | SGI:19980801-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I | AUSCERT:AA-98.01 | XF:qpopper-pass-overflow | BID:133 | URL:http://www.securityfocus.com/bid/133" CVE-1999-0007,Entry,"Information from SSL-encrypted sessions via PKCS #1.","CERT:CA-98.07.PKCS | MS:MS98-002 | URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx | XF:nt-ssl-fix" CVE-1999-0008,Entry,"Buffer overflow in NIS+, in Sun's rpc.nisd program.","CERT:CA-98.06.nisd | SUN:00170 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170 | ISS:June10,1998 | XF:nisd-bo-check" CVE-1999-0009,Entry,"Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.","SGI:19980603-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX | HP:HPSBUX9808-083 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 | SUN:00180 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 | CERT:CA-98.05.bind_problems | XF:bind-bo | BID:134 | URL:http://www.securityfocus.com/bid/134" CVE-1999-0010,Entry,"Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.","CERT:CA-98.05.bind_problems | SGI:19980603-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX | HP:HPSBUX9808-083 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 | XF:bind-dos" CVE-1999-0011,Entry,"Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.","CERT:CA-98.05.bind_problems | SGI:19980603-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX | HP:HPSBUX9808-083 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 | SUN:00180 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 | XF:bind-axfr-dos" CVE-1999-0012,Entry,"Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.","CERT:CA-98.04.Win32.WebServers | XF:nt-web8.3" CVE-1999-0013,Entry,"Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.","CERT:CA-98.03.ssh-agent | NAI:NAI-24 | XF:ssh-agent" CVE-1999-0014,Entry,"Unauthorized privileged access or denial of service via dtappgather program in CDE.","HP:HPSBUX9801-075 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075 | SUN:00185 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185 | CERT:CA-98.02.CDE" CVE-1999-0016,Entry,"Land IP denial of service.","CERT:CA-97.28.Teardrop_Land | FREEBSD:FreeBSD-SA-98:01 | HP:HPSBUX9801-076 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076 | CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml | XF:cisco-land | XF:land | XF:95-verv-tcp | XF:land-patch | XF:ver-tcpip-sys" CVE-1999-0017,Entry,"FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.","CERT:CA-97.27.FTP_bounce | XF:ftp-bounce | XF:ftp-privileged-port" CVE-1999-0018,Entry,"Buffer overflow in statd allows root privileges.","CERT:CA-97.26.statd | AUSCERT:AA-97.29 | XF:statd | BID:127 | URL:http://www.securityfocus.com/bid/127" CVE-1999-0019,Entry,"Delete or create a file via rpc.statd, due to invalid information.","CERT:CA-96.09.rpc.statd | XF:rpc-stat | SUN:00135 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135" CVE-1999-0021,Entry,"Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.","BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount) | CERT:CA-97.24.Count_cgi | XF:http-cgi-count | BID:128 | URL:http://www.securityfocus.com/bid/128" CVE-1999-0022,Entry,"Local user gains root privileges via buffer overflow in rdist, via expstr() function.","CERT:CA-97.23.rdist | SUN:00179 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179 | XF:rdist-bo3 | XF:rdist-sept97" CVE-1999-0023,Entry,"Local user gains root privileges via buffer overflow in rdist, via lookup() function.","CERT:CA-96.14.rdist_vul | XF:rdist-bo | XF:rdist-bo2" CVE-1999-0024,Entry,"DNS cache poisoning via BIND, by predictable query IDs.","CERT:CA-97.22.bind | XF:bind | NAI:NAI-11" CVE-1999-0025,Entry,"root privileges via buffer overflow in df command on SGI IRIX systems.","CERT:CA-1997-21 | URL:http://www.cert.org/advisories/CA-1997-21.html | AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul | SGI:SGI:19970505-01-A | SGI:SGI:19970505-02-PX | CERT-VN:VU#20851 | URL:http://www.kb.cert.org/vuls/id/20851 | BID:346 | URL:http://www.securityfocus.com/bid/346 | XF:df-bo(440) | URL:http://xforce.iss.net/xforce/xfdb/440" CVE-1999-0026,Entry,"root privileges via buffer overflow in pset command on SGI IRIX systems.","CERT:CA-97.21.sgi_buffer_overflow | AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul | XF:pset-bo" CVE-1999-0027,Entry,"root privileges via buffer overflow in eject command on SGI IRIX systems.","CERT:CA-97.21.sgi_buffer_overflow | AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul | XF:eject-bo" CVE-1999-0028,Entry,"root privileges via buffer overflow in login/scheme command on SGI IRIX systems.","CERT:CA-97.21.sgi_buffer_overflow | AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul | XF:sgi-schemebo" CVE-1999-0029,Entry,"root privileges via buffer overflow in ordist command on SGI IRIX systems.","CERT:CA-97.21.sgi_buffer_overflow | AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul | XF:ordist-bo" CVE-1999-0031,Entry,"JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.","CERT:CA-97.20.javascript | HP:HPSBUX9707-065 | URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html" CVE-1999-0032,Entry,"Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.","BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload | BUGTRAQ:19961025 Linux & BSD's lpr exploit | MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit | MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program. | CERT:CA-97.19.bsdlp | AUSCERT:AA-96.12 | CIAC:H-08 | CIAC:I-042 | URL:http://www.ciac.org/ciac/bulletins/i-042.shtml | SGI:19980402-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX | BID:707 | URL:http://www.securityfocus.com/bid/707 | XF:bsd-lprbo2 | XF:bsd-lprbo | XF:lpr-bo" CVE-1999-0034,Entry,"Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.","CERT:CA-97.17.sperl | XF:perl-suid" CVE-1999-0035,Entry,"Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.","XF:ftp-ftpd | CERT:CA-97.16.ftpd | AUSCERT:AA-97.03" CVE-1999-0036,Entry,"IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.","CERT:CA-97.15.sgi_login | AUSCERT:AA-97.12 | CIAC:H-106 | URL:http://www.ciac.org/ciac/bulletins/h-106.shtml | SGI:19970508-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX | OSVDB:990 | URL:http://www.osvdb.org/990 | XF:sgi-lockout(557) | URL:http://xforce.iss.net/xforce/xfdb/557" CVE-1999-0037,Entry,"Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.","CERT:CA-97.14.metamail | XF:metamail-header-commands" CVE-1999-0038,Entry,"Buffer overflow in xlock program allows local users to execute commands as root.","CERT:CA-97.13.xlock | XF:xlock-bo" CVE-1999-0039,Entry,"webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.","BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in | BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi | CERT:CA-1997-12 | URL:http://www.cert.org/advisories/CA-1997-12.html | AUSCERT:AA-97.14 | SGI:19970501-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX | BID:374 | URL:http://www.securityfocus.com/bid/374 | OSVDB:235 | URL:http://www.osvdb.org/235 | XF:http-sgi-webdist(333) | URL:http://xforce.iss.net/xforce/xfdb/333" CVE-1999-0040,Entry,"Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.","CERT:CA-97.11.libXt | XF:libXt-bo" CVE-1999-0041,Entry,"Buffer overflow in NLS (Natural Language Service).","CERT:CA-97.10.nls | XF:nls-bo" CVE-1999-0042,Entry,"Buffer overflow in University of Washington's implementation of IMAP and POP servers.","NAI:NAI-21 | CERT:CA-97.09.imap_pop | XF:popimap-bo" CVE-1999-0043,Entry,"Command execution via shell metachars in INN daemon (innd) 1.5 using ""newgroup"" and ""rmgroup"" control messages, and others.","CERT:CA-97.08.innd | XF:inn-controlmsg" CVE-1999-0044,Entry,"fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.","SGI:19970301-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P | XF:sgi-fsdump" CVE-1999-0045,Entry,"List of arbitrary files on Web host via nph-test-cgi script.","CERT:CA-97.07.nph-test-cgi_script | XF:http-cgi-nph" CVE-1999-0046,Entry,"Buffer overflow of rlogin program using TERM environmental variable.","CERT:CA-97.06.rlogin-term | XF:rlogin-termbo" CVE-1999-0047,Entry,"MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.","CERT:CA-97.05.sendmail | BID:685 | URL:http://www.securityfocus.com/bid/685 | XF:sendmail-mime-bo2" CVE-1999-0048,Entry,"Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.","CERT:CA-97.04.talkd | FREEBSD:FreeBSD-SA-96:21 | AUSCERT:AA-97.01 | SUN:00147 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147 | XF:talkd-bo | XF:netkit-talkd" CVE-1999-0049,Entry,"Csetup under IRIX allows arbitrary file creation or overwriting.","XF:sgi-csetup | CERT:CA-97.03.csetup" CVE-1999-0050,Entry,"Buffer overflow in HP-UX newgrp program.","CERT:CA-97.02.hp_newgrp | AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability | XF:hp-newgrpbo" CVE-1999-0051,Entry,"Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.","XF:sgi-licensemanager | CERT:CA-97.01.flex_lm | AUSCERT:AA-96.03" CVE-1999-0052,Entry,"IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.","FREEBSD:FreeBSD-SA-98:08 | OSVDB:908 | URL:http://www.osvdb.org/908 | XF:freebsd-ip-frag-dos(1389) | URL:http://xforce.iss.net/xforce/xfdb/1389" CVE-1999-0053,Entry,"TCP RST denial of service in FreeBSD.","FREEBSD:FreeBSD-SA-98:07 | OSVDB:6094 | URL:http://www.osvdb.org/6094" CVE-1999-0054,Entry,"Sun's ftpd daemon can be subjected to a denial of service.","SUN:00171 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171 | XF:sun-ftpd" CVE-1999-0055,Entry,"Buffer overflows in Sun libnsl allow root access.","SUN:00172 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172 | AIXAPAR:IX80543 | URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only | RSI:RSI.0005.05-14-98.SUN.LIBNSL | XF:sun-libnsl" CVE-1999-0056,Entry,"Buffer overflow in Sun's ping program can give root access to local users.","SUN:00174 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174 | XF:sun-ping" CVE-1999-0057,Entry,"Vacation program allows command execution by remote users through a sendmail command.","NAI:NAI-19 | XF:vacation | HP:HPSBUX9811-087 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087" CVE-1999-0058,Entry,"Buffer overflow in PHP cgi program, php.cgi allows shell access.","NAI:NAI-12 | BID:712 | URL:http://www.securityfocus.com/bid/712 | XF:http-cgi-phpbo" CVE-1999-0059,Entry,"IRIX fam service allows an attacker to obtain a list of all files on the server.","NAI:NAI-16 | BID:353 | URL:http://www.securityfocus.com/bid/353 | OSVDB:164 | URL:http://www.osvdb.org/164 | XF:irix-fam(325) | URL:http://xforce.iss.net/xforce/xfdb/325" CVE-1999-0060,Entry,"Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.","NAI:NAI-26 | XF:ascend-config-kill | ASCEND:http://www.ascend.com/2695.html" CVE-1999-0062,Entry,"The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.","XF:openbsd-chpass | NAI:NAI-28 | OSVDB:7559 | URL:http://www.osvdb.org/7559" CVE-1999-0063,Entry,"Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.","AUSCERT:ESB-98.197 | CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml | XF:cisco-syslog-crash" CVE-1999-0064,Entry,"Buffer overflow in AIX lquerylv program gives root access to local users.","BUGTRAQ:May28,1997 | XF:lquerylv-bo" CVE-1999-0065,Entry,"Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.","SUN:00181 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181 | XF:hp-dtmail" CVE-1999-0066,Entry,"AnyForm CGI remote execution.","BUGTRAQ:19950731 SECURITY HOLE: ""AnyForm"" CGI | BID:719 | URL:http://www.securityfocus.com/bid/719 | XF:http-cgi-anyform" CVE-1999-0067,Entry,"phf CGI program allows remote command execution through shell metacharacters.","BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family | CERT:CA-1996-06 | URL:http://www.cert.org/advisories/CA-1996-06.html | AUSCERT:AA-96.01 | BID:629 | URL:http://www.securityfocus.com/bid/629 | OSVDB:136 | URL:http://www.osvdb.org/136 | XF:http-cgi-phf" CVE-1999-0068,Entry,"CGI PHP mylog script allows an attacker to read any file on the target server.","BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts | XF:http-cgi-php-mylog | BID:713 | URL:http://www.securityfocus.com/bid/713 | OSVDB:3396 | URL:http://www.osvdb.org/3396" CVE-1999-0069,Entry,"Solaris ufsrestore buffer overflow.","SUN:00169 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169 | XF:sun-ufsrestore | OSVDB:8158 | URL:http://www.osvdb.org/8158" CVE-1999-0070,Entry,"test-cgi program allows an attacker to list files on the server.","XF:http-cgi-test" CVE-1999-0071,Entry,"Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.","XF:http-apache-cookie | NAI:NAI-2" CVE-1999-0072,Entry,"Buffer overflow in AIX xdat gives root access to local users.","ERS:ERS-SVA-E01-1997:004.1 | XF:ibm-xdat" CVE-1999-0073,Entry,"Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.","CERT:CA-95:14.Telnetd_Environment_Vulnerability | XF:linkerbug" CVE-1999-0074,Entry,"Listening TCP ports are sequentially allocated, allowing spoofing attacks.","XF:seqport" CVE-1999-0075,Entry,"PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.","BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd | XF:ftp-pasvcore | OSVDB:5742 | URL:http://www.osvdb.org/5742" CVE-1999-0077,Entry,"Predictable TCP sequence numbers allow spoofing.","XF:tcp-seq-predict(139) | URL:http://xforce.iss.net/static/139.php" CVE-1999-0079,Entry,"Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.","XF:ftp-pasv-dos | XF:ftp-pasvdos" CVE-1999-0080,Entry,"Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the ""site exec"" command.","BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd) | CERT:CA-95:16.wu-ftpd.vul | XF:ftp-execdotdot" CVE-1999-0081,Entry,"wu-ftp allows files to be overwritten via the rnfr command.","XF:ftp-rnfr" CVE-1999-0082,Entry,"CWD ~root command in ftpd allows root access.","XF:ftp-cwd | FarmerVenema:Improving the Security of Your Site by Breaking Into it | URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html" CVE-1999-0083,Entry,"getcwd() file descriptor leak in FTP.","XF:cwdleak" CVE-1999-0084,Entry,"Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.","XF:nfs-mknod(78) | URL:http://xforce.iss.net/xforce/xfdb/78" CVE-1999-0085,Entry,"Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.","BUGTRAQ:19960821 rwhod buffer overflow | XF:rwhod(119) | URL:http://xforce.iss.net/xforce/xfdb/119 | XF:rwhod-vuln(118) | URL:http://xforce.iss.net/xforce/xfdb/118" CVE-1999-0087,Entry,"Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.","XF:ibm-telnetdos | ERS:ERS-SVA-E01-1998:003.1 | OSVDB:7992 | URL:http://www.osvdb.org/7992" CVE-1999-0090,Entry,"Buffer overflow in AIX rcp command allows local users to obtain root access.","ERS:ERS-SVA-E01-1997:005.1 | XF:ibm-rcp" CVE-1999-0091,Entry,"Buffer overflow in AIX writesrv command allows local users to obtain root access.","ERS:ERS-SVA-E01-1997:005.1 | XF:ibm-writesrv" CVE-1999-0093,Entry,"AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.","ERS:ERS-SVA-E01-1997:008.1 | XF:ibm-nslookup" CVE-1999-0094,Entry,"AIX piodmgrsu command allows local users to gain additional group privileges.","ERS:ERS-SVA-E01-1997:007.1 | XF:ibm-piodmgrsu" CVE-1999-0095,Entry,"The debug command in Sendmail is enabled, allowing attackers to execute commands as root.","CERT:CA-88.01 | CERT:CA-93.14 | BID:1 | URL:http://www.securityfocus.com/bid/1 | OSVDB:195 | URL:http://www.osvdb.org/195 | XF:smtp-debug" CVE-1999-0096,Entry,"Sendmail decode alias can be used to overwrite sensitive files.","CERT:CA-93.16 | CERT:CA-95.05 | CIAC:A-13 | CIAC:A-14 | SUN:00122 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba | XF:smtp-dcod" CVE-1999-0097,Entry,"The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).","ERS:ERS-SVA-E01-1997:009.1 | XF:ibm-ftp" CVE-1999-0099,Entry,"Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.","CERT:CA-95.13.syslog.vul | XF:smtp-syslog" CVE-1999-0100,Entry,"Remote access in AIX innd 1.5.1, using control messages.","ERS:ERS-SVA-E01-1997:002.1 | XF:inn-controlmsg" CVE-1999-0101,Entry,"Buffer overflow in AIX and Solaris ""gethostbyname"" library call allows root access through corrupt DNS host names.","ERS:ERS-SVA-E01-1997:001.1 | ERS:ERS-SVA-E01-1996:007.1 | SUN:00137a | CIAC:H-13 | URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml | NAI:NAI-1 | XF:ghbn-bo" CVE-1999-0102,Entry,"Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.","XF:slmail-fromheader-overflow" CVE-1999-0103,Entry,"Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.","CERT:CA-96.01.UDP_service_denial | XF:echo | XF:chargen | XF:chargen-patch" CVE-1999-0108,Entry,"The printers program in IRIX has a buffer overflow that gives root access to local users.","BUGTRAQ:another day, another buffer overflow... | XF:printers-bo" CVE-1999-0109,Entry,"Buffer overflow in ffbconfig in Solaris 2.5.1.","SUN:00140 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140 | AUSCERT:AA-97.06 | XF:ffbconfig-bo" CVE-1999-0111,Entry,"RIP v1 is susceptible to spoofing.","XF:rip" CVE-1999-0112,Entry,"Buffer overflow in AIX dtterm program for the CDE.","BUGTRAQ:19970520 AIX 4.2 dtterm exploit | XF:dtterm-bo(878) | URL:http://xforce.iss.net/xforce/xfdb/878" CVE-1999-0113,Entry,"Some implementations of rlogin allow root access if given a -froot parameter.","BUGTRAQ:19940729 -froot??? (AIX rlogin bug) | CERT:CA-94.09.bin.login.vulnerability | CIAC:E-26 | BID:458 | URL:http://www.securityfocus.com/bid/458 | XF:rlogin-froot" CVE-1999-0115,Entry,"AIX bugfiler program allows local users to gain root access.","BUGTRAQ:19970909 AIX bugfiler | XF:ibm-bugfiler | BID:1800 | URL:http://www.securityfocus.com/bid/1800" CVE-1999-0116,Entry,"Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.","CERT:CA-96.21.tcp_syn.flooding | SGI:19961202-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX | SUN:00136 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136" CVE-1999-0117,Entry,"AIX passwd allows local users to gain root access.","XF:ibm-passwd | CERT:CA-92:07.AIX.passwd.vulnerability" CVE-1999-0118,Entry,"AIX infod allows local users to gain root access through an X display.","BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2 | XF:aix-infod" CVE-1999-0120,Entry,"Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.","SUN:00126 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126 | CERT:CA-94.06.utmp.vulnerability | XF:utmp-write" CVE-1999-0122,Entry,"Buffer overflow in AIX lchangelv gives root access.","BUGTRAQ:Jul21,1999 | XF:lchangelv-bo" CVE-1999-0124,Entry,"Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.","CERT:CA-93:11.UMN.UNIX.gopher.vulnerability | XF:gopher-vuln" CVE-1999-0125,Entry,"Buffer overflow in SGI IRIX mailx program.","XF:sgi-mailx-bo | SGI:19980605-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX" CVE-1999-0126,Entry,"SGI IRIX buffer overflow in xterm and Xaw allows root access.","CERT:VB-98.04.xterm.Xaw | CIAC:J-010 | URL:http://www.ciac.org/ciac/bulletins/j-010.shtml | XF:xfree86-xterm-xaw | XF:xfree86-xaw" CVE-1999-0128,Entry,"Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.","XF:ping-death | CERT:CA-96.26.ping" CVE-1999-0129,Entry,"Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.","CERT:CA-96.25.sendmail_groups" CVE-1999-0130,Entry,"Local users can start Sendmail in daemon mode and gain root privileges.","CERT:CA-96.24.sendmail.daemon.mode | BID:716 | URL:http://www.securityfocus.com/bid/716 | XF:sendmail-daemon-mode" CVE-1999-0131,Entry,"Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.","CERT:CA-96.20.sendmail_vul | XF:smtp-875bo | BID:717 | URL:http://www.securityfocus.com/bid/717" CVE-1999-0132,Entry,"Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.","CERT:CA-1996-19 | URL:http://www.cert.org/advisories/CA-1996-19.html | OSVDB:11723 | URL:http://www.osvdb.org/11723 | XF:expreserve(401) | URL:http://xforce.iss.net/xforce/xfdb/401" CVE-1999-0133,Entry,"fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.","CERT:CA-96.18.fm_fls | XF:fmaker-logfile" CVE-1999-0134,Entry,"vold in Solaris 2.x allows local users to gain root access.","XF:sol-voldtmp | CERT:CA-96.17.Solaris_vold_vul | AUSCERT:AL-96.04 | OSVDB:8159 | URL:http://www.osvdb.org/8159" CVE-1999-0135,Entry,"admintool in Solaris allows a local user to write to arbitrary files and gain root access.","XF:sun-admintool | CERT:CA-96.16.Solaris_admintool_vul | AUSCERT:AL-96.03" CVE-1999-0136,Entry,"Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.","XF:sol-KCMSvuln | AUSCERT:AL-96.02 | CERT:CA-96.15.Solaris_KCMS_vul" CVE-1999-0137,Entry,"The dip program on many Linux systems allows local users to gain root access via a buffer overflow.","XF:linux-dipbo | CERT:CA-96.13.dip_vul | XF:dip-bo" CVE-1999-0138,Entry,"The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.","CERT:CA-96.12.suidperl_vul | XF:sperl-suid" CVE-1999-0139,Entry,"Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.","XF:sol-mkcookie | RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE | OSVDB:8205 | URL:http://www.osvdb.org/8205" CVE-1999-0141,Entry,"Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.","XF:http-java-applet | CERT:CA-96.07.java_bytecode_verifier | SUN:00134 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134" CVE-1999-0142,Entry,"The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.","CERT:CA-96.05.java_applet_security_mgr | XF:http-java-appletsecmgr" CVE-1999-0143,Entry,"Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.","CERT:CA-96.03.kerberos_4_key_server | XF:kerberos-bf" CVE-1999-0145,Entry,"Sendmail WIZ command enabled, allowing root access.","CERT:CA-1990-11 | URL:http://www.cert.org/advisories/CA-1990-11.html | CERT:CA-1993-14 | URL:http://www.cert.org/advisories/CA-1993-14.html | BUGTRAQ:19950206 sendmail wizard thing... | URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html | FarmerVenema:Improving the Security of Your Site by Breaking Into it | URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html" CVE-1999-0146,Entry,"The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.","BUGTRAQ:19970715 Bug CGI campas | BID:1975 | URL:http://www.securityfocus.com/bid/1975 | XF:http-cgi-campas(298) | URL:http://xforce.iss.net/xforce/xfdb/298" CVE-1999-0147,Entry,"The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.","XF:http-cgi-glimpse | AUSCERT:AA-97.28" CVE-1999-0148,Entry,"The handler CGI program in IRIX allows arbitrary command execution.","SGI:19970501-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX | BID:380 | URL:http://www.securityfocus.com/bid/380 | XF:http-sgi-handler" CVE-1999-0149,Entry,"The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.","BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug | SGI:19970501-02-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX | BID:373 | URL:http://www.securityfocus.com/bid/373 | OSVDB:247 | URL:http://www.osvdb.org/247 | XF:http-sgi-wrap(290) | URL:http://xforce.iss.net/xforce/xfdb/290" CVE-1999-0150,Entry,"The Perl fingerd program allows arbitrary command execution from remote users.","XF:perl-fingerd" CVE-1999-0151,Entry,"The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.","CERT:CA-95.07a.REVISED.satan.vul | CERT:CA-95.06.satan.vul" CVE-1999-0152,Entry,"The DG/UX finger daemon allows remote command execution through shell metacharacters.","BUGTRAQ:19970811 dgux in.fingerd vulnerability | XF:dgux-fingerd" CVE-1999-0153,Entry,"Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.","XF:win-oob | OSVDB:1666 | URL:http://www.osvdb.org/1666" CVE-1999-0155,Entry,"The ghostscript command with the -dSAFER option allows remote attackers to execute commands.","XF:gscript-dsafer | CERT:CA-95.10.ghostscript" CVE-1999-0157,Entry,"Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.","CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml | XF:cisco-fragmented-attacks | OSVDB:1097 | URL:http://www.osvdb.org/1097" CVE-1999-0158,Entry,"Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.","CISCO:20010913 Cisco PIX Firewall Manager File Exposure | URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml | XF:cisco-pix-file-exposure | OSVDB:685 | URL:http://www.osvdb.org/685" CVE-1999-0159,Entry,"Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.","CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml | XF:cisco-ios-crash" CVE-1999-0160,Entry,"Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.","CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication | CIAC:I-002A | OSVDB:1099 | URL:http://www.osvdb.org/1099 | XF:cisco-chap" CVE-1999-0161,Entry,"In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.","CISCO:http://www.cisco.com/warp/public/707/1.html | XF:cisco-acl-tacacs | OSVDB:797 | URL:http://www.osvdb.org/797" CVE-1999-0162,Entry,"The ""established"" keyword in some Cisco IOS software allowed an attacker to bypass filtering.","CISCO:19950601 ""Established"" Keyword May Allow Packets to Bypass Filter | XF:cisco-acl-established" CVE-1999-0164,Entry,"A race condition in the Solaris ps command allows an attacker to overwrite critical files.","XF:sol-pstmprace | AUSCERT:AA-95.07 | CERT:CA-95.09.Solaris.ps.vul | OSVDB:8346 | URL:http://www.osvdb.org/8346" CVE-1999-0166,Entry,"NFS allows users to use a ""cd .."" command to access other directories besides the exported file system.","XF:nfs-cd" CVE-1999-0167,Entry,"In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.","XF:nfs-guess | CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand" CVE-1999-0168,Entry,"The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.","XF:nfs-portmap" CVE-1999-0170,Entry,"Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.","XF:nfs-ultrix" CVE-1999-0172,Entry,"FormMail CGI program allows remote execution of commands.","XF:http-cgi-formmail-exe | BUGTRAQ:Aug02,1995" CVE-1999-0173,Entry,"FormMail CGI program can be used by web servers other than the host server that the program resides on.","XF:http-cgi-formmail-use" CVE-1999-0174,Entry,"The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.","BUGTRAQ:19970208 view-source | XF:http-cgi-viewsrc" CVE-1999-0175,Entry,"The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.","XF:http-nov-convert" CVE-1999-0176,Entry,"The Webgais program allows a remote user to execute arbitrary commands.","BUGTRAQ:Jul10,1997 | XF:http-webgais-query" CVE-1999-0177,Entry,"The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.","NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable | NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable | BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable | XF:http-website-uploader" CVE-1999-0178,Entry,"Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.","BUGTRAQ:19970106 Re: signal handling | URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html | BID:2078 | URL:http://www.securityfocus.com/bid/2078 | OSVDB:8 | URL:http://www.osvdb.org/8 | XF:http-website-winsample(295) | URL:http://xforce.iss.net/xforce/xfdb/295" CVE-1999-0179,Entry,"Windows NT crashes or locks up when a Samba client executes a ""cd .."" command on a file share.","MSKB:Q140818 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818 | XF:nt-samba-dotdot | XF:nt-351 | XF:nt-35" CVE-1999-0180,Entry,"in.rshd allows users to login with a NULL username and execute commands.","XF:rsh-null" CVE-1999-0181,Entry,"The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.","XF:walld" CVE-1999-0182,Entry,"Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.","CIAC:H-110 | URL:http://www.ciac.org/ciac/bulletins/h-110.shtml | CERT:VB-97.10.samba | XF:nt-samba-bo" CVE-1999-0183,Entry,"Linux implementations of TFTP would allow access to files outside the restricted directory.","XF:linux-tftp" CVE-1999-0184,Entry,"When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.","XF:dns-updates" CVE-1999-0185,Entry,"In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.","SUN:00156 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156 | XF:sun-ftpd/logind" CVE-1999-0188,Entry,"The passwd command in Solaris can be subjected to a denial of service.","SUN:00182 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182 | XF:sun-passwd-dos" CVE-1999-0189,Entry,"Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.","NAI:NAI-15 | SUN:00142 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142 | XF:rpc-32771" CVE-1999-0190,Entry,"Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.","SUN:00167 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167 | XF:sun-rpcbind" CVE-1999-0191,Entry,"IIS newdsn.exe CGI script allows remote users to overwrite files.","XF:http-cgi-newdsn | OSVDB:275 | URL:http://www.osvdb.org/275" CVE-1999-0192,Entry,"Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.","SNI:SNI-20 | XF:bsd-tel-tgetent" CVE-1999-0194,Entry,"Denial of service in in.comsat allows attackers to generate messages.","XF:comsat" CVE-1999-0196,Entry,"websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).","BUGTRAQ:19970704 Vulnerability in websendmail | BID:2077 | URL:http://www.securityfocus.com/bid/2077 | OSVDB:237 | URL:http://www.osvdb.org/237 | XF:http-webgais-smail" CVE-1999-0201,Entry,"A quote cwd command on FTP servers can reveal the full path of the home directory of the ""ftp"" user.","XF:ftp-home" CVE-1999-0202,Entry,"The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.","XF:ftp-exectar" CVE-1999-0203,Entry,"In Sendmail, attackers can gain root privileges via SMTP by specifying an improper ""mail from"" address and an invalid ""rcpt to"" address that would cause the mail to bounce to a program.","CERT:CA-95.08 | CIAC:E-03 | XF:smtp-sendmail-version5" CVE-1999-0204,Entry,"Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.","XF:ident-bo | CIAC:F-13" CVE-1999-0206,Entry,"MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.","XF:sendmail-mime-bo | AUSCERT:AA-96.06a" CVE-1999-0207,Entry,"Remote attacker can execute commands through Majordomo using the Reply-To field and a ""lists"" command.","XF:majordomo-exe | CERT:CA-94.11.majordomo.vulnerabilities" CVE-1999-0208,Entry,"rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.","XF:rpc-update | CERT:CA-95.17.rpc.ypupdated.vul" CVE-1999-0209,Entry,"The SunView (SunTools) selection_svc facility allows remote users to read files.","CERT:CA-90.05.sunselection.vulnerability | BID:8 | URL:http://www.securityfocus.com/bid/8 | XF:selsvc" CVE-1999-0210,Entry,"Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.","BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2 | BUGTRAQ:19990103 SUN almost has a clue! (automountd) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 | HP:HPSBUX9910-104 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104 | CERT:CA-99-05 | URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html | BID:235 | URL:http://www.securityfocus.com/bid/235" CVE-1999-0211,Entry,"Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.","CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability | BID:24 | URL:http://www.securityfocus.com/bid/24" CVE-1999-0212,Entry,"Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.","SUN:00168 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168 | CIAC:I-048 | URL:http://www.ciac.org/ciac/bulletins/i-048.shtml | XF:sun-mountd" CVE-1999-0214,Entry,"Denial of service by sending forged ICMP unreachable packets.","XF:icmp-unreachable" CVE-1999-0215,Entry,"Routed allows attackers to append data to files.","SGI:19981004-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX | CIAC:J-012 | URL:http://www.ciac.org/ciac/bulletins/j-012.shtml | XF:ripapp" CVE-1999-0217,Entry,"Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.","XF:udp-bomb" CVE-1999-0218,Entry,"Livingston portmaster machines could be rebooted via a series of commands.","XF:portmaster-reboot" CVE-1999-0219,Entry,"Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.","NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5 | URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2 | NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5 | URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2 | BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT | BID:269 | URL:http://www.securityfocus.com/bid/269 | XF:ftp-servu(205) | URL:http://xforce.iss.net/xforce/xfdb/205" CVE-1999-0221,Entry,"Denial of service of Ascend routers through port 150 (remote administration).","XF:ascend-150-kill" CVE-1999-0223,Entry,"Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.","BUGTRAQ:19961109 Syslogd and Solaris 2.4 | SUNBUG:1249320 | CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches | XF:sol-syslogd-crash | BID:1878 | URL:http://www.securityfocus.com/bid/1878" CVE-1999-0224,Entry,"Denial of service in Windows NT messenger service through a long username.","XF:nt-messenger" CVE-1999-0225,Entry,"Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.","NAI:19980214 Windows NT Logon Denial of Service | URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp | MSKB:Q180963 | URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963 | XF:nt-logondos" CVE-1999-0227,Entry,"Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.","MSKB:Q154087 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087 | XF:nt-lsass-crash" CVE-1999-0228,Entry,"Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.","XF:nt-rpc-ver | MSKB:Q162567 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567" CVE-1999-0230,Entry,"Buffer overflow in Cisco 7xx routers through the telnet service.","CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml | OSVDB:1102 | URL:http://www.osvdb.org/1102" CVE-1999-0233,Entry,"IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.","MSKB:Q148188 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188 | MSKB:Q155056 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056 | XF:http-iis-cmd" CVE-1999-0234,Entry,"Bash treats any character with a value of 255 as a command separator.","XF:bash-cmd | CERT:CA-96.22.bash_vuls" CVE-1999-0236,Entry,"ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.","XF:http-scriptalias" CVE-1999-0237,Entry,"Remote execution of arbitrary commands through Guestbook CGI program.","XF:http-cgi-guestbook | CERT:VB-97.02" CVE-1999-0239,Entry,"Netscape FastTrack Web server lists files when a lowercase ""get"" command is used instead of an uppercase GET.","XF:fastrack-get-directory-list | OSVDB:122 | URL:http://www.osvdb.org/122" CVE-1999-0244,Entry,"Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.","NAI:NAI-23 | XF:radius-accounting-overflow" CVE-1999-0245,Entry,"Some configurations of NIS+ in Linux allowed attackers to log in as the user ""+"".","BUGTRAQ:19950907 Linux NIS security problem hole and fix | XF:linux-plus" CVE-1999-0247,Entry,"Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.","NAI:19970721 INN news server vulnerabilities | URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp | BID:1443 | URL:http://www.securityfocus.com/bid/1443 | XF:inn-bo" CVE-1999-0248,Entry,"A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.","MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html | CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1" CVE-1999-0251,Entry,"Denial of service in talk program allows remote attackers to disrupt a user's display.","XF:talkd-flash" CVE-1999-0252,Entry,"Buffer overflow in listserv allows arbitrary command execution.","XF:smtp-listserv" CVE-1999-0256,Entry,"Buffer overflow in War FTP allows remote execution of commands.","XF:war-ftpd | OSVDB:875 | URL:http://www.osvdb.org/875" CVE-1999-0259,Entry,"cfingerd lists all users on a system via search.**@target.","BUGTRAQ:19970523 cfingerd vulnerability | XF:cfinger-user-enumeration" CVE-1999-0260,Entry,"The jj CGI program allows command execution via shell metacharacters.","BUGTRAQ:19961224 jj cgi | XF:http-cgi-jj" CVE-1999-0262,Entry,"Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.","BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script | BUGTRAQ:19980804 PATCH: faxsurvey | BID:2056 | URL:http://www.securityfocus.com/bid/2056 | XF:http-cgi-faxsurvey(1532) | URL:http://xforce.iss.net/xforce/xfdb/1532" CVE-1999-0263,Entry,"Solaris SUNWadmap can be exploited to obtain root access.","SUN:00173 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173 | XF:sun-sunwadmap" CVE-1999-0264,Entry,"htmlscript CGI program allows remote read access to files.","XF:http-htmlscript-file-access | BUGTRAQ:Jan27,1998" CVE-1999-0265,Entry,"ICMP redirect messages may crash or lock up a host.","MSKB:Q154174 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174 | ISS:ICMP Redirects Against Embedded Controllers | XF:icmp-redirect" CVE-1999-0266,Entry,"The info2www CGI script allows remote file access or remote command execution.","BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI | BID:1995 | URL:http://www.securityfocus.com/bid/1995 | XF:http-cgi-info2www" CVE-1999-0267,Entry,"Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.","XF:http-port | CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability" CVE-1999-0268,Entry,"MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.","BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products | BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities | OSVDB:110 | URL:http://www.osvdb.org/110 | OSVDB:3969 | URL:http://www.osvdb.org/3969 | XF:metaweb-server-dot-attack" CVE-1999-0269,Entry,"Netscape Enterprise servers may list files through the PageServices query.","XF:netscape-server-pageservices" CVE-1999-0270,Entry,"Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as ""pfdisplay"") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.","BUGTRAQ:19980317 IRIX performer_tools bug | SGI:19980401-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P | CIAC:I-041 | URL:http://www.ciac.org/ciac/bulletins/i-041.shtml | BID:64 | URL:http://www.securityfocus.com/bid/64 | OSVDB:134 | URL:http://www.osvdb.org/134 | XF:sgi-pfdispaly(810) | URL:http://xforce.iss.net/xforce/xfdb/810" CVE-1999-0272,Entry,"Denial of service in Slmail v2.5 through the POP3 port.","XF:slmail-username-bo" CVE-1999-0273,Entry,"Denial of service through Solaris 2.5.1 telnet by sending ^D characters.","XF:sun-telnet-kill" CVE-1999-0274,Entry,"Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.","NAI:NAI-5 | XF:nt-dns-dos" CVE-1999-0275,Entry,"Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.","XF:nt-dnscrash | XF:nt-dnsver | MS:Q169461" CVE-1999-0276,Entry,"mSQL v2.0.1 and below allows remote execution through a buffer overflow.","XF:msql-debug-bo | SEKURE:sekure.01-99.msql" CVE-1999-0277,Entry,"The WorkMan program can be used to overwrite any file to get root access.","XF:workman | CERT:CA-96.23.workman_vul" CVE-1999-0278,Entry,"In IIS, remote attackers can obtain source code for ASP files by appending ""::$DATA"" to the URL.","MS:MS98-003 | URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx | XF:iis-asp-data-check | OVAL:oval:org.mitre.oval:def:913 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913" CVE-1999-0279,Entry,"Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.","BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers) | BUGTRAQ:19980115 Excite announcement | CERT:VB-98.01.excite | XF:excite-cgi-search-vuln" CVE-1999-0280,Entry,"Remote command execution in Microsoft Internet Explorer using .lnk and .url files.","NTBUGTRAQ:19970317 Internet Explorer Bug #4 | CIAC:H-38 | XF:http-ie-lnkurl" CVE-1999-0281,Entry,"Denial of service in IIS using long URLs.","XF:http-iis-longurl" CVE-1999-0288,Entry,"The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.","NTBUGTRAQ:19970801 WINS flooding | BUGTRAQ:19970801 WINS flooding | BUGTRAQ:19970815 Re: WINS flooding | MISC:http://safenetworks.com/Windows/wins.html | MSKB:155701 | XF:nt-winsupd-fix(1233) | URL:http://xforce.iss.net/xforce/xfdb/1233" CVE-1999-0289,Entry,"The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.","" CVE-1999-0290,Entry,"The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.","BUGTRAQ:19980221 WinGate DoS | BUGTRAQ:19980326 WinGate Intermediary Fix/Update | XF:wingate-dos" CVE-1999-0291,Entry,"The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.","XF:wingate-unpassworded" CVE-1999-0292,Entry,"Denial of service through Winpopup using large user names.","XF:nt-winpopup" CVE-1999-0293,Entry,"AAA authentication on Cisco systems allows attackers to execute commands without authorization.","CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml | XF:cisco-ios-aaa-auth" CVE-1999-0294,Entry,"All records in a WINS database can be deleted through SNMP for a denial of service.","XF:nt-wins-snmp2" CVE-1999-0295,Entry,"Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.","XF:sun-sysdef | SUN:00157 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157" CVE-1999-0296,Entry,"Solaris volrmmount program allows attackers to read any file.","SUN:00162 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162 | XF:sun-volrmmount" CVE-1999-0297,Entry,"Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.","NAI:NAI-3 | AUSCERT:AA-96.21 | CIAC:H-17 | XF:vixie-cron" CVE-1999-0299,Entry,"Buffer overflow in FreeBSD lpd through long DNS hostnames.","NAI:NAI-9 | OSVDB:6093 | URL:http://www.osvdb.org/6093" CVE-1999-0300,Entry,"nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.","SUN:00155 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155 | XF:sun-niscache" CVE-1999-0301,Entry,"Buffer overflow in SunOS/Solaris ps command.","SUN:00149 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149 | AUSCERT:AUSCERT-97.17 | XF:sun-ps2bo" CVE-1999-0302,Entry,"SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.","SUN:00176 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176 | XF:sun-ftp-server" CVE-1999-0303,Entry,"Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.","XF:bnu-uucpd-bo | RSI:RSI.0002.05-18-98.BNU.UUCPD" CVE-1999-0304,Entry,"mmap function in BSD allows local attackers in the kmem group to modify memory through devices.","XF:bsd-mmap | FREEBSD:FreeBSD-SA-98:02" CVE-1999-0305,Entry,"The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.","OPENBSD:Feb15,1998 ""IP Source Routing Problem"" | MISC:http://www.openbsd.org/advisories/sourceroute.txt | OSVDB:11502 | URL:http://www.osvdb.org/11502 | XF:bsd-sourceroute(736) | URL:http://xforce.iss.net/xforce/xfdb/736" CVE-1999-0308,Entry,"HP-UX gwind program allows users to modify arbitrary files.","HP:HPSBUX9410-018 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018 | XF:hpux-gwind-overwrite | CIAC:H-03: HP-UX suid Vulnerabilities" CVE-1999-0309,Entry,"HP-UX vgdisplay program gives root access to local users.","HP:HPSBUX9702-056 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056 | XF:hpux-vgdisplay | CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability" CVE-1999-0310,Entry,"SSH 1.2.25 on HP-UX allows access to new user accounts.","XF:ssh-1225" CVE-1999-0311,Entry,"fpkg2swpk in HP-UX allows local users to gain root access.","XF:hpux-fpkg2swpk | HP:HPSBUX9612-042 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042" CVE-1999-0312,Entry,"HP ypbind allows attackers with root privileges to modify NIS data.","XF:nis-ypbind | CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability" CVE-1999-0313,Entry,"disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.","MISC:http://www.securityfocus.com/bid/213/exploit | SGI:19980701-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P | BID:214 | URL:http://www.securityfocus.com/bid/214 | OSVDB:936 | URL:http://www.osvdb.org/936 | XF:sgi-disk-bandwidth(1441) | URL:http://xforce.iss.net/xforce/xfdb/1441" CVE-1999-0314,Entry,"ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.","MISC:http://www.securityfocus.com/bid/213/exploit | SGI:19980701-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P | BID:213 | URL:http://www.securityfocus.com/bid/213 | OSVDB:6788 | URL:http://www.osvdb.org/6788 | XF:sgi-ioconfig(1199) | URL:http://xforce.iss.net/xforce/xfdb/1199" CVE-1999-0315,Entry,"Buffer overflow in Solaris fdformat command gives root access to local users.","XF:fdformat-bo | SUN:00138 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138" CVE-1999-0316,Entry,"Buffer overflow in Linux splitvt command gives root access to local users.","XF:linux-splitvt | CIAC:G-08" CVE-1999-0318,Entry,"Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.","BUGTRAQ:19961125 Security Problems in XMCD | BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) | XF:xmcd-envbo" CVE-1999-0320,Entry,"SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.","SUN:00166 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166 | XF:sun-rpc.cmsd" CVE-1999-0321,Entry,"Buffer overflow in Solaris kcms_configure command allows local users to gain root access.","XF:sun-kcms-configure-bo" CVE-1999-0322,Entry,"The open() function in FreeBSD allows local attackers to write to arbitrary files.","FREEBSD:FreeBSD-SA-97:05 | XF:freebsd-open | OSVDB:6092 | URL:http://www.osvdb.org/6092" CVE-1999-0323,Entry,"FreeBSD mmap function allows users to modify append-only or immutable files.","FREEBSD:FreeBSD-SA-98:04 | NETBSD:1998-003 | URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc | XF:bsd-mmap" CVE-1999-0324,Entry,"ppl program in HP-UX allows local users to create root files through symlinks.","HP:HPSBUX9702-053 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053 | CIAC:H-31 | XF:hp-ppllog" CVE-1999-0325,Entry,"vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.","XF:hp-vhe | HP:HPSBUX9406-013 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013" CVE-1999-0326,Entry,"Vulnerability in HP-UX mediainit program.","HP:HPSBUX9710-071 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071 | XF:hp-mediainit" CVE-1999-0327,Entry,"SGI syserr program allows local users to corrupt files.","SGI:19971103-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX | XF:sgi-syserr" CVE-1999-0328,Entry,"SGI permissions program allows local users to gain root privileges.","SGI:19971103-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX | XF:sgi-permtool" CVE-1999-0329,Entry,"SGI mediad program allows local users to gain root access.","SGI:19980602-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX | XF:sgi-mediad" CVE-1999-0332,Entry,"Buffer overflow in NetMeeting allows denial of service and remote command execution.","XF:nt-netmeeting | MSKB:Q184346 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346" CVE-1999-0334,Entry,"In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.","XF:sol-startup | CERT:CA-93.19.Solaris.Startup.vulnerability" CVE-1999-0335,Entry,"DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032.","" CVE-1999-0337,Entry,"AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.","CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html | XF:ibm-bsh" CVE-1999-0338,Entry,"AIX Licensed Program Product performance tools allow local users to gain root access.","XF:ibm-perf-tools | CERT:CA-94.03.AIX.performance.tools" CVE-1999-0339,Entry,"Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.","XF:sol-sun-libauth | RSI:RSI.0007.05-26-98" CVE-1999-0340,Entry,"Buffer overflow in Linux Slackware crond program allows local users to gain root access.","KSRT:005 | XF:linux-crond" CVE-1999-0341,Entry,"Buffer overflow in the Linux mail program ""deliver"" allows local users to gain root access.","KSRT:006 | XF:linux-deliver" CVE-1999-0342,Entry,"Linux PAM modules allow local users to gain root access using temporary files.","REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam | XF:linux-pam-passwd-tmprace" CVE-1999-0343,Entry,"A malicious Palace server can force a client to execute arbitrary programs.","BUGTRAQ:19981002 Announcements from The Palace (fwd) | XF:palace-malicious-servers-vuln" CVE-1999-0344,Entry,"NT users can gain debug-level access on a system process using the Sechole exploit.","MS:MS98-009 | URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx | MSKB:Q190288 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288 | XF:nt-priv-fix" CVE-1999-0346,Entry,"CGI PHP mlog script allows an attacker to read any file on the target server.","BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts | BID:713 | URL:http://www.securityfocus.com/bid/713 | XF:http-cgi-php-mlog | OSVDB:3397 | URL:http://www.osvdb.org/3397" CVE-1999-0348,Entry,"IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.","NTBUGTRAQ:Jan27,1999 | MSKB:Q197003 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003 | OSVDB:930 | URL:http://www.osvdb.org/930" CVE-1999-0349,Entry,"A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.","EEYE:IIS Remote FTP Exploit/DoS Attack | URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html | MS:MS99-003 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx | MSKB:Q188348 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348 | BUGTRAQ:Jan27,1999 | XF:iis-remote-ftp" CVE-1999-0350,Entry,"Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.","L0PHT:Feb8,1999 | XF:clearcase-temp-race" CVE-1999-0351,Entry,"FTP PASV ""Pizza Thief"" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.","INFOWAR:01 | MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt | XF:pasv-pizza-thief-dos(3389) | URL:http://xforce.iss.net/xforce/xfdb/3389" CVE-1999-0353,Entry,"rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.","HP:HPSBUX9902-091 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091 | CIAC:J-026 | URL:http://www.ciac.org/ciac/bulletins/j-026.shtml | XF:pcnfsd-world-write" CVE-1999-0355,Entry,"Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.","ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software | XF:controlit-reboot" CVE-1999-0357,Entry,"Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted ""oshare"" packets, possibly involving invalid fragmentation offsets.","BUGTRAQ:19990125 Win98 crash? | XF:win98-oshare-dos" CVE-1999-0358,Entry,"Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.","BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows | URL:http://www.securityfocus.com/archive/1/12121 | COMPAQ:SSRT0583U | XF:du-inc | CIAC:J-027 | URL:http://www.ciac.org/ciac/bulletins/j-027.shtml" CVE-1999-0362,Entry,"WS_FTP server remote denial of service through cwd command.","EEYE:AD02021999 | URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html | XF:wsftp-remote-dos | BID:217 | URL:http://www.securityfocus.com/bid/217" CVE-1999-0363,Entry,"SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.","BUGTRAQ:Feb02,1999 | XF:plp-lpc-bo | BID:328 | URL:http://www.securityfocus.com/bid/328" CVE-1999-0365,Entry,"The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.","BUGTRAQ:Feb04,1999 | XF:metamail-header-commands" CVE-1999-0366,Entry,"In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.","MS:MS99-004 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx | MSKB:Q214840 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840 | XF:nt-sp4-auth-error" CVE-1999-0367,Entry,"NetBSD netstat command allows local users to access kernel memory.","NETBSD:1999-002 | OSVDB:7571 | URL:http://www.osvdb.org/7571" CVE-1999-0368,Entry,"Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.","NETECT:palmetto.ftpd | CERT:CA-99.03 | XF:palmetto-ftpd-bo" CVE-1999-0369,Entry,"The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.","SUN:00183 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183 | XF:sun-sdtcm-convert-bo" CVE-1999-0371,Entry,"Lynx allows a local user to overwrite sensitive files through /tmp symlinks.","BUGTRAQ:19990211 Lynx /tmp problem | CERT:VB-97.05.lynx | XF:lynx-temp-files-race" CVE-1999-0372,Entry,"The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.","MS:MS99-005 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx | XF:nt-backoffice-setup | MSKB:Q217004 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004" CVE-1999-0373,Entry,"Buffer overflow in the ""Super"" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.","ISS:Buffer Overflow in ""Super"" package in Debian Linux | XF:linux-super-bo | XF:linux-super-logging-bo" CVE-1999-0374,Entry,"Debian GNU/Linux cfengine package is susceptible to a symlink attack.","DEBIAN:19990215 | BUGTRAQ:Feb16,1999 | XF:linux-cfengine-symlinks" CVE-1999-0375,Entry,"Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.","NAI:February 16, 1999 | BUGTRAQ:Feb16,1999 | XF:nfr-webd-overflow" CVE-1999-0376,Entry,"Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.","MS:MS99-006 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx | BUGTRAQ:Feb20,1999 | L0PHT:Feb18,1999 | XF:nt-knowndlls-list" CVE-1999-0377,Entry,"Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.","BUGTRAQ:Feb22,1999" CVE-1999-0378,Entry,"InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.","BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall | BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available | XF:viruswall-http-request | OSVDB:6167 | URL:http://www.osvdb.org/6167" CVE-1999-0379,Entry,"Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.","MS:MS99-007 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx | BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007) | BID:498 | URL:http://www.securityfocus.com/bid/498 | OSVDB:1019 | URL:http://www.osvdb.org/1019 | XF:win-resourcekit-taskpads" CVE-1999-0380,Entry,"SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.","NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service | URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 | BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 | NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) | URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 | BID:497 | URL:http://www.securityfocus.com/bid/497 | XF:slmail-ras-ntfs-bypass(5392) | URL:http://xforce.iss.net/static/5392.php" CVE-1999-0382,Entry,"The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.","MS:MS99-008 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx | XF:nt-screen-saver" CVE-1999-0383,Entry,"ACC Tigris allows public access without a login.","BUGTRAQ:19990103 Tigris vulnerability | BID:183 | URL:http://www.securityfocus.com/bid/183 | OSVDB:267 | URL:http://www.osvdb.org/267 | XF:acc-tigris-login" CVE-1999-0384,Entry,"The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.","XF:forms-vuln-patch | MS:MS99-001 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx" CVE-1999-0385,Entry,"The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.","MS:MS99-009 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx | ISS:LDAP Buffer overflow against Microsoft Directory Services | XF:ldap-exchange-overflow | XF:ldap-mds-dos" CVE-1999-0386,Entry,"Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.","MS:MS99-010 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx | XF:pws-file-access | OSVDB:111 | URL:http://www.osvdb.org/111" CVE-1999-0387,Entry,"A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.","MS:MS99-052 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp | MSKB:Q168115 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115 | BID:829 | URL:http://www.securityfocus.com/bid/829 | XF:9x-plaintext-pwd" CVE-1999-0388,Entry,"DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.","XF:datalynx-suguard-relative-paths | L0PHT:Jan3,1999 | OSVDB:3186 | URL:http://www.osvdb.org/3186" CVE-1999-0390,Entry,"Buffer overflow in Dosemu Slang library in Linux.","BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit | CALDERA:CSSA-1999-006.1 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt | BID:187 | URL:http://www.securityfocus.com/bid/187" CVE-1999-0391,Entry,"The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.","L0PHT:Jan. 5, 1999" CVE-1999-0392,Entry,"Buffer overflow in Thomas Boutell's cgic library version up to 1.05.","BUGTRAQ:Jan10,1999 | XF:http-cgic-library-bo" CVE-1999-0393,Entry,"Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.","BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want! | BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 | XF:sendmail-parsing-redirection" CVE-1999-0395,Entry,"A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.","ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol | URL:http://xforce.iss.net/alerts/advise17.php | XF:backweb-polite-agent-protocol" CVE-1999-0396,Entry,"A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.","NETBSD:1999-001 | OPENBSD:Feb17,1999 | XF:netbsd-tcp-race" CVE-1999-0402,Entry,"wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.","BUGTRAQ:Feb2,1999 | XF:wget-permissions | DEBIAN:19990220" CVE-1999-0403,Entry,"A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.","BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2 | XF:cyrix-hang" CVE-1999-0404,Entry,"Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.","BUGTRAQ:Feb14,1999 | XF:mailmax-bo" CVE-1999-0405,Entry,"A buffer overflow in lsof allows local users to obtain root privilege.","HERT:002 | BUGTRAQ:Feb18,1999 | DEBIAN:19990220a | XF:lsof-bo | OSVDB:3163 | URL:http://www.osvdb.org/3163" CVE-1999-0407,Entry,"By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.","BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2 | BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2 | XF:iis-iisadmpwd" CVE-1999-0408,Entry,"Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.","BUGTRAQ:19990225 Cobalt root exploit | XF:cobalt-raq-history-exposure | BID:337 | URL:http://www.securityfocus.com/bid/337" CVE-1999-0409,Entry,"Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.","BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow | XF:gnuplot-home-overflow | BID:319 | URL:http://www.securityfocus.com/bid/319" CVE-1999-0410,Entry,"The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.","BUGTRAQ:Mar5,1999 | XF:sol-cancel | BID:293 | URL:http://www.securityfocus.com/bid/293" CVE-1999-0412,Entry,"In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.","BUGTRAQ:Feb19,1999 | XF:iis-isapi-execute | BID:501 | URL:http://www.securityfocus.com/bid/501" CVE-1999-0413,Entry,"A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.","SGI:19990301-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX | XF:irix-font-path-overflow" CVE-1999-0414,Entry,"In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.","NAI:Linux Blind TCP Spoofing | XF:linux-blind-spoof" CVE-1999-0415,Entry,"The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.","ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers | CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities | URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml | CIAC:J-034 | URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml | XF:cisco-router-commands | XF:cisco-web-config" CVE-1999-0416,Entry,"Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.","ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers | CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities | URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml | CIAC:J-034 | URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml | XF:cisco-web-crash" CVE-1999-0417,Entry,"64 bit Solaris 7 procfs allows local users to perform a denial of service.","BUGTRAQ:Mar9,1999 | XF:solaris-psinfo-crash | BID:448 | URL:http://www.securityfocus.com/bid/448 | OSVDB:1001 | URL:http://www.osvdb.org/1001" CVE-1999-0420,Entry,"umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.","NETBSD:1999-006" CVE-1999-0421,Entry,"During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.","ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations | XF:linux-slackware-install | BID:338 | URL:http://www.securityfocus.com/bid/338 | OSVDB:981 | URL:http://www.osvdb.org/981" CVE-1999-0422,Entry,"In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the ""noexec"" flag set.","NETBSD:1999-007" CVE-1999-0423,Entry,"Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.","HP:HPSBUX9903-093 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093 | XF:hp-hpterm-files" CVE-1999-0424,Entry,"talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.","SUSE:Mar18,1999 | XF:netscape-talkback-overwrite" CVE-1999-0425,Entry,"talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.","SUSE:Mar18,1999 | XF:netscape-talkback-kill" CVE-1999-0428,Entry,"OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.","BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert | XF:ssl-session-reuse | OSVDB:3936 | URL:http://www.osvdb.org/3936" CVE-1999-0429,Entry,"The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the ""Encrypt Saved Mail"" preference.","BUGTRAQ:19990323 | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2 | BUGTRAQ:19990324 Re: LNotes encryption | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2 | BUGTRAQ:19990326 Lotus Notes Encryption Bug | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2 | BUGTRAQ:19990326 Re: Lotus Notes security advisory | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2 | XF:lotus-client-encryption" CVE-1999-0430,Entry,"Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.","ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches | CISCO:Cisco Catalyst Supervisor Remote Reload | XF:cisco-catalyst-crash | OSVDB:1103 | URL:http://www.osvdb.org/1103" CVE-1999-0432,Entry,"ftp on HP-UX 11.00 allows local users to gain privileges.","HP:HPSBUX9903-094 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094 | XF:hp-ftp" CVE-1999-0433,Entry,"XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.","SUSE:Mar28,1999 | BUGTRAQ:19990321 X11R6 NetBSD Security Problem | XF:xfree86-temp-directories" CVE-1999-0436,Entry,"Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.","HP:HPSBUX9903-095 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095 | XF:hp-desms-servers" CVE-1999-0437,Entry,"Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.","ISS:WebRamp Denial of Service Attacks | XF:webramp-device-crash" CVE-1999-0438,Entry,"Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.","ISS:WebRamp Denial of Service Attacks | XF:webramp-ipchange" CVE-1999-0439,Entry,"Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.","BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes | DEBIAN:19990422 | CALDERA:CSSA-1999:007 | XF:procmail-overflow" CVE-1999-0440,Entry,"The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.","BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2 | CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html | BID:1939 | URL:http://www.securityfocus.com/bid/1939 | XF:java-unverified-code" CVE-1999-0441,Entry,"Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.","EEYE:AD02221999 | URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html | XF:wingate-redirector-dos | BID:509 | URL:http://www.securityfocus.com/bid/509" CVE-1999-0442,Entry,"Solaris ff.core allows local users to modify files.","BUGTRAQ:19990107 really silly ff.core exploit for Solaris | BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7 | BUGTRAQ:19990408 Solaris7 and ff.core | BID:327 | URL:http://www.securityfocus.com/bid/327" CVE-1999-0445,Entry,"In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.","CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT | XF:cisco-natacl-leakage | OSVDB:1104 | URL:http://www.osvdb.org/1104" CVE-1999-0446,Entry,"Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.","NETBSD:1999-008 | XF:netbsd-vfslocking-panic | OSVDB:7051 | URL:http://www.osvdb.org/7051" CVE-1999-0447,Entry,"Local users can gain privileges using the debug utility in the MPE/iX operating system.","HP:HPSBMP9904-006 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006 | XF:mpeix-debug" CVE-1999-0448,Entry,"IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.","BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory | XF:iis-http-request-logging" CVE-1999-0449,Entry,"The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.","BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS | NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS | BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS | BID:193 | URL:http://www.securityfocus.com/bid/193 | OSVDB:2 | URL:http://www.osvdb.org/2 | OSVDB:3 | URL:http://www.osvdb.org/3 | OSVDB:4 | URL:http://www.osvdb.org/4 | XF:iis-exair-dos" CVE-1999-0457,Entry,"Linux ftpwatch program allows local users to gain root privileges.","BUGTRAQ:Jan17,1999 | DEBIAN:19990117 | XF:ftpwatch-vuln | BID:317 | URL:http://www.securityfocus.com/bid/317" CVE-1999-0458,Entry,"L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.","BUGTRAQ:Jan6,1999 | XF:l0phtcrack-temp-files | OSVDB:915 | URL:http://www.osvdb.org/915" CVE-1999-0463,Entry,"Remote attackers can perform a denial of service using IRIX fcagent.","SGI:19981201-01-PX | URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX | XF:sgi-fcagent-dos" CVE-1999-0464,Entry,"Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.","BUGTRAQ:19990104 Tripwire mess.. | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2 | CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2 | OSVDB:6609 | URL:http://www.osvdb.org/6609" CVE-1999-0466,Entry,"The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.","NETBSD:1999-009 | OSVDB:905 | URL:http://www.osvdb.org/905" CVE-1999-0468,Entry,"Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.","MS:MS99-012 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-012.asp | XF:ie-scriplet-fileread | BUGTRAQ:Apr9,1999" CVE-1999-0470,Entry,"A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.","BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit | BID:482 | URL:http://www.securityfocus.com/bid/482 | XF:netware-remotenlm-passwords" CVE-1999-0471,Entry,"The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the ""cancel"" button.","XF:winroute-config | BUGTRAQ:Apr9,1999" CVE-1999-0472,Entry,"The SNMP default community name ""public"" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.","XF:netcache-snmp | BUGTRAQ:Apr7,1999" CVE-1999-0473,Entry,"The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.","BUGTRAQ:19990407 rsync 2.3.1 release - security fix | CALDERA:CSSA-1999:010.0 | DEBIAN:19990823 | BID:145 | URL:http://www.securityfocus.com/bid/145 | XF:rsync-permissions" CVE-1999-0474,Entry,"The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.","XF:icq-webserver-read | BUGTRAQ:Apr5,1999" CVE-1999-0475,Entry,"A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.","XF:procmail-race | BUGTRAQ:Apr5,1999" CVE-1999-0478,Entry,"Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.","HP:HPSBUX9904-097 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097 | XF:sendmail-headers-dos" CVE-1999-0479,Entry,"Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.","HP:HPSBUX9903-092 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092 | XF:netscape-server-dos" CVE-1999-0481,Entry,"Denial of service in ""poll"" in OpenBSD.","OPENBSD:Mar22,1999 | OSVDB:7556 | URL:http://www.osvdb.org/7556" CVE-1999-0482,Entry,"OpenBSD kernel crash through TSS handling, as caused by the crashme program.","OPENBSD:Mar21,1999 | OSVDB:7557 | URL:http://www.osvdb.org/7557" CVE-1999-0483,Entry,"OpenBSD crash using nlink value in FFS and EXT2FS filesystems.","OPENBSD:Feb25,1999 | OSVDB:6129 | URL:http://www.osvdb.org/6129" CVE-1999-0484,Entry,"Buffer overflow in OpenBSD ping.","OPENBSD:Feb23,1999 | OSVDB:6130 | URL:http://www.osvdb.org/6130" CVE-1999-0485,Entry,"Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.","OPENBSD:Feb19,1999 | XF:openbsd-ipintr-race | OSVDB:7558 | URL:http://www.osvdb.org/7558" CVE-1999-0487,Entry,"The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.","MS:MS99-011 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-011.mspx | XF:ie-dhtml-control" CVE-1999-0491,Entry,"The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.","BUGTRAQ:19990420 Bash Bug | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org | CALDERA:CSSA-1999-008.0 | URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt | BID:119 | URL:http://www.securityfocus.com/bid/119" CVE-1999-0493,Entry,"rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.","CERT:CA-99-05 | URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html | SUN:00186 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba | CIAC:J-045 | URL:http://www.ciac.org/ciac/bulletins/j-045.shtml | BUGTRAQ:19990103 SUN almost has a clue! (automountd) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 | BID:450 | URL:http://www.securityfocus.com/bid/450" CVE-1999-0494,Entry,"Denial of service in WinGate proxy through a buffer overflow in POP3.","XF:wingate-pop3-user-bo" CVE-1999-0496,Entry,"A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.","MSKB:Q146965 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965 | XF:nt-getadmin | XF:nt-getadmin-present" CVE-1999-0513,Entry,"ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.","CERT:CA-98.01.smurf | FREEBSD:FreeBSD-SA-98:06 | XF:smurf" CVE-1999-0514,Entry,"UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.","XF:fraggle" CVE-1999-0526,Entry,"An X server's access control is disabled (e.g. through an ""xhost +"" command) and allows anyone to connect to the server.","XF:xcheck-keystroke | CERT-VN:VU#704969 | URL:http://www.kb.cert.org/vuls/id/704969" CVE-1999-0551,Entry,"HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.","HP:HPSBUX9804-078 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078 | XF:hp-openmail" CVE-1999-0566,Entry,"An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.","XF:ibm-syslogd | XF:syslog-flood" CVE-1999-0608,Entry,"An incorrect configuration of the PDG Shopping Cart CGI program ""shopper.cgi"" could disclose private information.","BUGTRAQ:19990420 Shopping Carts exposing CC data | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92462991805485&w=2 | CONFIRM:http://www.pdgsoft.com/Security/security.html. | XF:pdgsoftcart-misconfig(3857) | URL:http://xforce.iss.net/xforce/xfdb/3857" CVE-1999-0612,Entry,"A version of finger is running that exposes valid user information to any entity on the network.","XF:finger-out | XF:finger-running" CVE-1999-0626,Entry,"A version of rusers is running that exposes valid user information to any entity on the network.","XF:rusersd | XF:ruser" CVE-1999-0627,Entry,"The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.","XF:rexd" CVE-1999-0628,Entry,"The rwho/rwhod service is running, which exposes machine status and user information.","XF:rwhod" CVE-1999-0668,Entry,"The scriptlet.typelib ActiveX control is marked as ""safe for scripting"" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.","BUGTRAQ:19990821 IE 5.0 allows executing programs | MS:MS99-032 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-032.asp | CIAC:J-064 | URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml | BID:598 | URL:http://www.securityfocus.com/bid/598 | XF:ms-scriptlet-eyedog-unsafe | MSKB:Q240308 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308" CVE-1999-0671,Entry,"Buffer overflow in ToxSoft NextFTP client through CWD command.","BID:572 | URL:http://www.securityfocus.com/bid/572 | XF:toxsoft-nextftp-cwd-bo" CVE-1999-0672,Entry,"Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.","XF:fujitsu-topic-bo | BID:573 | URL:http://www.securityfocus.com/bid/573" CVE-1999-0674,Entry,"The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.","NETBSD:1999-011 | OPENBSD:Aug 9,1999 | FREEBSD:FreeBSD-SA-99:02 | BUGTRAQ:19990809 profil(2) bug, a simple test program | BID:570 | URL:http://www.securityfocus.com/bid/570 | CIAC:J-067 | URL:http://www.ciac.org/ciac/bulletins/j-067.shtml | XF:netbsd-profil" CVE-1999-0675,Entry,"Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.","BUGTRAQ:19990809 FW1 UDP Port 0 DoS | URL:http://www.securityfocus.com/archive/1/23615 | BID:576 | URL:http://www.securityfocus.com/bid/576 | XF:checkpoint-port | OSVDB:1038 | URL:http://www.osvdb.org/1038" CVE-1999-0676,Entry,"sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.","BUGTRAQ:19990808 sdtcm_convert | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org | XF:sun-sdtcm-convert | BID:575 | URL:http://www.securityfocus.com/bid/575" CVE-1999-0678,Entry,"A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.","XF:apache-debian-usrdoc | BUGTRAQ:19990405 An issue with Apache on Debian | BID:318 | URL:http://www.securityfocus.com/bid/318" CVE-1999-0679,Entry,"Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.","BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) | CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog | BID:581 | URL:http://www.securityfocus.com/bid/581 | XF:hybrid-ircd-minvite-bo" CVE-1999-0680,Entry,"Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.","MS:MS99-028 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-028.mspx | MSKB:Q238600 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600 | CIAC:J-057 | URL:http://www.ciac.org/ciac/bulletins/j-057.shtml | BID:571 | URL:http://www.securityfocus.com/bid/571 | XF:nt-terminal-dos" CVE-1999-0681,Entry,"Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.","BUGTRAQ:19990807 Crash FrontPage Remotely... | URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html | XF:frontpage-pws-dos | URL:http://xforce.iss.net/static/3117.php | BID:568 | URL:http://www.securityfocus.com/bid/568" CVE-1999-0682,Entry,"Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.","MS:MS99-027 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-027.mspx | MSKB:Q237927 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927 | BID:567 | URL:http://www.securityfocus.com/bid/567 | CIAC:J-056 | URL:http://www.ciac.org/ciac/bulletins/j-056.shtml | XF:exchange-relay" CVE-1999-0683,Entry,"Denial of service in Gauntlet Firewall via a malformed ICMP packet.","XF:gauntlet-dos | BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 | BID:556 | URL:http://www.securityfocus.com/bid/556 | OSVDB:1029 | URL:http://www.osvdb.org/1029" CVE-1999-0685,Entry,"Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.","BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow | BID:618 | URL:http://www.securityfocus.com/bid/618" CVE-1999-0686,Entry,"Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.","BUGTRAQ:19990514 TGAD DoS | BUGTRAQ:19990610 Re: VVOS/Netscape Bug | HP:HPSBUX9906-098 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098 | CIAC:J-046 | URL:http://www.ciac.org/ciac/bulletins/j-046.shtml | XF:hp-tgad-dos" CVE-1999-0687,Entry,"The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.","BUGTRAQ:19990913 Vulnerability in ttsession | SUN:00192 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 | HP:HPSBUX9909-103 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 | COMPAQ:SSRT0617U_TTSESSION | CIAC:K-001 | URL:http://www.ciac.org/ciac/bulletins/k-001.shtml | CERT:CA-99-11 | BID:637 | URL:http://www.securityfocus.com/bid/637 | XF:cde-ttsession-rpc-auth" CVE-1999-0688,Entry,"Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.","HP:HPSBUX9907-101 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101 | BID:545 | URL:http://www.securityfocus.com/bid/545 | XF:hp-sd-bo" CVE-1999-0689,Entry,"The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.","BUGTRAQ:19990913 Vulnerability in dtspcd | SUN:00192 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 | HP:HPSBUX9909-103 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 | CERT:CA-99-11 | OVAL:oval:org.mitre.oval:def:1880 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1880 | XF:cde-dtspcd-file-auth | BID:636 | URL:http://www.securityfocus.com/bid/636" CVE-1999-0690,Entry,"HP CDE program includes the current directory in root's PATH variable.","HP:HPSBUX9907-100 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100 | CIAC:J-053 | URL:http://www.ciac.org/ciac/bulletins/j-053.shtml | XF:hp-cde-directory" CVE-1999-0691,Entry,"Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.","BUGTRAQ:19990913 Vulnerability in dtaction | SUN:00192 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 | HP:HPSBUX9909-103 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 | COMPAQ:SSRTO615U_DTACTION | CERT:CA-99-11 | BID:635 | URL:http://www.securityfocus.com/bid/635 | OVAL:oval:org.mitre.oval:def:3078 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3078 | XF:cde-dtaction-username-bo" CVE-1999-0692,Entry,"The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.","CERT:CA-99-09 | CIAC:J-052 | URL:http://www.ciac.org/ciac/bulletins/j-052.shtml | SGI:19990701-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P | XF:sgi-arrayd" CVE-1999-0693,Entry,"Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.","CERT:CA-99-11 | SUN:00192 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 | HP:HPSBUX9909-103 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 | BID:641 | URL:http://www.securityfocus.com/bid/641 | OVAL:oval:org.mitre.oval:def:4374 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4374 | XF:cde-dtsession-env-bo" CVE-1999-0694,Entry,"Denial of service in AIX ptrace system call allows local users to crash the system.","CIAC:J-055 | URL:http://www.ciac.org/ciac/bulletins/j-055.shtml | IBM:ERS-SVA-E01-1999:002.1 | XF:aix-ptrace-halt" CVE-1999-0695,Entry,"The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.","BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs | XF:http-powerdynamo-dotdotslash | BID:620 | URL:http://www.securityfocus.com/bid/620 | OSVDB:1064 | URL:http://www.osvdb.org/1064" CVE-1999-0696,Entry,"Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).","BUGTRAQ:19990709 Exploit of rpc.cmsd | SCO:SB-99.12 | SUN:00188 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188 | SUNBUG:4230754 | HP:HPSBUX9908-102 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102 | COMPAQ:SSRT0614U_RPC_CMSD | CERT:CA-99-08 | CIAC:J-051 | URL:http://www.ciac.org/ciac/bulletins/j-051.shtml | XF:sun-cmsd-bo" CVE-1999-0697,Entry,"SCO Doctor allows local users to gain root privileges through a Tools option.","BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare | BID:621 | URL:http://www.securityfocus.com/bid/621 | XF:sco-doctor-execute" CVE-1999-0699,Entry,"The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.","BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web | BID:623 | URL:http://www.securityfocus.com/bid/623" CVE-1999-0700,Entry,"Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.","MSKB:Q237185 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185 | MS:MS99-026 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-026.mspx | XF:nt-malformed-dialer" CVE-1999-0701,Entry,"After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.","MS:MS99-036 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-036.mspx | MSKB:Q173039 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039 | BID:626 | URL:http://www.securityfocus.com/bid/626 | XF:nt-install-unattend-file" CVE-1999-0702,Entry,"Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the ""ImportExportFavorites"" vulnerability.","BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs | MS:MS99-037 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-037.mspx | MSKB:Q241361 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361 | XF:ie5-import-export-favorites | BID:627 | URL:http://www.securityfocus.com/bid/627" CVE-1999-0703,Entry,"OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.","BUGTRAQ:19990805 4.4 BSD issue -- chflags | OPENBSD:Jul30,1999 | FREEBSD:FreeBSD-SA-99:01 | CIAC:J-066 | URL:http://www.ciac.org/ciac/bulletins/j-066.shtml | XF:openbsd-chflags-fchflags-permitted" CVE-1999-0704,Entry,"Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.","REDHAT:RHSA-1999:032-01 | CALDERA:CSSA-1999:024.0 | FREEBSD:SA-99:06 | DEBIAN:19991018 | BID:614 | URL:http://www.securityfocus.com/bid/614 | CERT:CA-99-12 | XF:amd-bo" CVE-1999-0705,Entry,"Buffer overflow in INN inews program.","XF:inn-inews-bo | REDHAT:RHSA1999033_01 | CALDERA:CSSA-1999-026 | SUSE:19990831 Security hole in INN | DEBIAN:19990907 | BID:616 | URL:http://www.securityfocus.com/bid/616" CVE-1999-0706,Entry,"Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.","DEBIAN:19990807 | SUSE:19990817 Security hole in i4l (xmonisdn) | BID:583 | URL:http://www.securityfocus.com/bid/583" CVE-1999-0707,Entry,"The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.","HP:HPSBUX9906-099 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099 | CIAC:J-050 | URL:http://www.ciac.org/ciac/bulletins/j-050.shtml | BID:493 | URL:http://www.securityfocus.com/bid/493 | XF:hp-visualize-conference-ftp" CVE-1999-0708,Entry,"Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.","BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow | BID:651 | URL:http://www.securityfocus.com/bid/651" CVE-1999-0710,Entry,"The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.","BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness | CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid | DEBIAN:DSA-576 | URL:http://www.debian.org/security/2004/dsa-576 | FEDORA:FEDORA-2005-373 | URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html | FEDORA:FLSA-2006:152809 | URL:http://fedoranews.org/updates/FEDORA--.shtml | REDHAT:RHSA-1999:025 | URL:http://www.redhat.com/support/errata/RHSA-1999-025.html | REDHAT:RHSA-2005:489 | URL:http://www.redhat.com/support/errata/RHSA-2005-489.html | BID:2059 | URL:http://www.securityfocus.com/bid/2059 | XF:http-cgi-cachemgr(2385) | URL:http://xforce.iss.net/xforce/xfdb/2385" CVE-1999-0711,Entry,"The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.","BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed | URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1 | BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2 | XF:oracle-oratclsh" CVE-1999-0713,Entry,"The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.","BUGTRAQ:19990404 Digital Unix 4.0E /var permission | CIAC:J-044 | URL:http://www.ciac.org/ciac/bulletins/j-044.shtml | XF:cde-dtlogin | COMPAQ:SSRT0600U" CVE-1999-0714,Entry,"Vulnerability in Compaq Tru64 UNIX edauth command.","COMPAQ:SSRT0588U | XF:du-edauth" CVE-1999-0715,Entry,"Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.","BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system | MS:MS99-016 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-016.mspx | MSKB:Q230677 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677 | XF:nt-ras-bo" CVE-1999-0716,Entry,"Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.","XF:nt-helpfile-bo | MSKB:Q231605 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605 | MS:MS99-015 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-015.asp" CVE-1999-0717,Entry,"A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.","MS:MS99-014 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-014.mspx | MSKB:Q231304 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304 | XF:excel-virus-warning" CVE-1999-0718,Entry,"IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.","NTBUGTRAQ:19990823 IBM Gina security warning | URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 | BID:608 | URL:http://www.securityfocus.com/bid/608 | XF:ibm-gina-group-add | URL:http://xforce.iss.net/static/3166.php" CVE-1999-0719,Entry,"The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.","BUGTRAQ:19990802 Gnumeric potential security hole. | REDHAT:RHSA-1999:023-01 | XF:gnu-guile-plugin-export | BID:563 | URL:http://www.securityfocus.com/bid/563" CVE-1999-0720,Entry,"The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.","BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl | BID:597 | URL:http://www.securityfocus.com/bid/597 | XF:linux-pt-chown" CVE-1999-0721,Entry,"Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.","BINDVIEW:Phantom Technical Advisory | MSKB:Q231457 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457 | MS:MS99-020 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-020.mspx | CIAC:J-049 | URL:http://www.ciac.org/ciac/bulletins/j-049.shtml | XF:msrpc-lsa-lookupnames-dos" CVE-1999-0722,Entry,"The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.","CERT:CA-99-10 | BID:558 | URL:http://www.securityfocus.com/bid/558 | XF:cobalt-raq2-default-config" CVE-1999-0723,Entry,"The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.","NTBUGTRAQ:19990411 Death by MessageBox | MS:MS99-021 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-021.mspx | MSKB:Q233323 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323 | CIAC:J-049 | URL:http://www.ciac.org/ciac/bulletins/j-049.shtml | BID:478 | URL:http://www.securityfocus.com/bid/478 | XF:nt-csrss-dos" CVE-1999-0724,Entry,"Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.","OPENBSD:Aug12,1999 | XF:openbsd-uio_offset-bo | OSVDB:6128 | URL:http://www.osvdb.org/6128" CVE-1999-0725,Entry,"When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. ""Double Byte Code Page"".","MSKB:Q233335 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335 | MS:MS99-022 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-022.mspx | BID:477 | URL:http://www.securityfocus.com/bid/477 | XF:iis-double-byte-code-page(2302) | URL:http://xforce.iss.net/xforce/xfdb/2302" CVE-1999-0726,Entry,"An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.","MS:MS99-023 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-023.mspx | MSKB:Q234557 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557 | BID:499 | URL:http://www.securityfocus.com/bid/499 | XF:nt-malformed-image-header" CVE-1999-0727,Entry,"A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.","OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext | XF:openbsd-ipsec-cleartext | OSVDB:6127 | URL:http://www.osvdb.org/6127" CVE-1999-0728,Entry,"A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.","MS:MS99-024 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-024.mspx | MSKB:Q236359 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359 | XF:nt-ioctl-dos" CVE-1999-0729,Entry,"Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.","ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6 | URL:http://xforce.iss.net/alerts/advise34.php | CIAC:J-061 | URL:http://www.ciac.org/ciac/bulletins/j-061.shtml | BID:601 | URL:http://www.securityfocus.com/bid/601 | XF:lotus-ldap-bo | OSVDB:1057 | URL:http://www.osvdb.org/1057" CVE-1999-0730,Entry,"The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.","DEBIAN:19990612" CVE-1999-0731,Entry,"The KDE klock program allows local users to unlock a session using malformed input.","BUGTRAQ:19990623 Security flaw in klock | CALDERA:CSSA-1999:017 | SUSE:19990629 Security hole in Klock | BID:489 | URL:http://www.securityfocus.com/bid/489" CVE-1999-0732,Entry,"The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.","DEBIAN:19990823b | XF:smtp-refuser-tmp" CVE-1999-0733,Entry,"Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.","BUGTRAQ:19990626 VMWare Advisory - buffer overflows | BUGTRAQ:19990626 VMware Security Alert | BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit | BID:490 | URL:http://www.securityfocus.com/bid/490 | XF:vmware-bo" CVE-1999-0734,Entry,"A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.","CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability | XF:ciscosecure-read-write" CVE-1999-0735,Entry,"KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.","ISS:KDE K-Mail File Creation Vulnerability | CALDERA:CSSA-1999:016 | REDHAT:RHSA-1999:015-01 | URL:http://www.redhat.com/support/errata/RHSA1999015_01.html | BID:300 | URL:http://www.securityfocus.com/bid/300" CVE-1999-0740,Entry,"Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.","BID:594 | URL:http://www.securityfocus.com/bid/594 | XF:linux-telnetd-term | CALDERA:CSSA-1999:022 | REDHAT:RHSA1999029_01" CVE-1999-0742,Entry,"The Debian mailman package uses weak authentication, which allows attackers to gain privileges.","DEBIAN:19990623 | BID:480 | URL:http://www.securityfocus.com/bid/480" CVE-1999-0743,Entry,"Trn allows local users to overwrite other users' files via symlinks.","BUGTRAQ:19990819 Insecure use of file in /tmp by trn | DEBIAN:19990823c | SUSE:19990824 Security hole in trn | XF:trn-symlinks(3144) | URL:http://xforce.iss.net/xforce/xfdb/3144" CVE-1999-0744,Entry,"Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.","ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers | BID:603 | URL:http://www.securityfocus.com/bid/603" CVE-1999-0745,Entry,"Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.","IBM:ERS-SVA-E01-1999:003.1 | CIAC:J-059 | URL:http://www.ciac.org/ciac/bulletins/j-059.shtml | BID:590 | URL:http://www.securityfocus.com/bid/590 | XF:aix-pdnsd-bo" CVE-1999-0746,Entry,"A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.","BUGTRAQ:19990814 DOS against SuSE's identd | SUSE:19990824 Security hole in netcfg | BID:587 | URL:http://www.securityfocus.com/bid/587 | XF:suse-identd-dos" CVE-1999-0747,Entry,"Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.","BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net | BID:589 | URL:http://www.securityfocus.com/bid/589 | XF:bsdi-smp-dos" CVE-1999-0749,Entry,"Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.","BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable | MS:MS99-033 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-033.mspx | XF:win-ie5-telnet-heap-overflow | BID:586 | URL:http://www.securityfocus.com/bid/586" CVE-1999-0751,Entry,"Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.","BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2 | BID:631 | URL:http://www.securityfocus.com/bid/631 | XF:netscape-accept-bo(3256) | URL:http://xforce.iss.net/xforce/xfdb/3256" CVE-1999-0752,Entry,"Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.","BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug" CVE-1999-0753,Entry,"The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.","BUGTRAQ:19990817 Stupid bug in W3-msql | XF:mini-sql-w3-msql-cgi | BID:591 | URL:http://www.securityfocus.com/bid/591" CVE-1999-0754,Entry,"The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.","BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential | CALDERA:CSSA-1999-011.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt | SUSE:19990518 Security hole in INN | MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html | BID:255 | URL:http://www.securityfocus.com/bid/255 | XF:inn-innconf-env" CVE-1999-0755,Entry,"Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the ""Save password"" option.","XF:nt-ras-pwcache | MSKB:Q230681 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681 | MS:MS99-017 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-017.mspx" CVE-1999-0756,Entry,"ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.","ALLAIRE:ASB99-07 | URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full | XF:coldfusion-admin-dos(2207) | URL:http://xforce.iss.net/static/2207.php" CVE-1999-0758,Entry,"Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.","ALLAIRE:ASB99-06 | XF:netscape-space-view" CVE-1999-0759,Entry,"Buffer overflow in FuseMAIL POP service via long USER and PASS commands.","BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug | CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 | BID:634 | URL:http://www.securityfocus.com/bid/634 | XF:fuseware-popmail-bo" CVE-1999-0760,Entry,"Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.","ALLAIRE:ASB99-10 | URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full | BID:550 | URL:http://www.securityfocus.com/bid/550 | XF:coldfusion-server-cfml-tags | URL:http://xforce.iss.net/static/3288.php" CVE-1999-0761,Entry,"Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.","FREEBSD:FreeBSD-SA-99:05 | XF:freebsd-fts-lib-bo | BID:644 | URL:http://www.securityfocus.com/bid/644 | OSVDB:1074 | URL:http://www.osvdb.org/1074" CVE-1999-0762,Entry,"When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the ""about"" protocol to gain access to browser information.","XF:netscape-title | BUGTRAQ:19990524 Netscape Communicator JavaScript in security vulnerability" CVE-1999-0763,Entry,"NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.","NETBSD:1999-010 | XF:netbsd-arp | OSVDB:6540 | URL:http://www.osvdb.org/6540" CVE-1999-0764,Entry,"NetBSD allows ARP packets to overwrite static ARP entries.","NETBSD:1999-010 | XF:netbsd-arp | OSVDB:6539 | URL:http://www.osvdb.org/6539" CVE-1999-0765,Entry,"SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.","BUGTRAQ:19990619 IRIX midikeys root exploit. | SGI:19990501-01-A | URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A | BID:262 | URL:http://www.securityfocus.com/bid/262 | XF:irix-midikeys" CVE-1999-0766,Entry,"The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.","MS:MS99-031 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx | MSKB:Q240346 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346 | BID:600 | URL:http://www.securityfocus.com/bid/600 | XF:msvm-verifier-java" CVE-1999-0768,Entry,"Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.","BID:602 | URL:http://www.securityfocus.com/bid/602 | REDHAT:RHSA-1999:030-02 | SUSE:19990829 Security hole in cron" CVE-1999-0769,Entry,"Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.","REDHAT:RHSA-1999:030-02 | CALDERA:CSSA-1999:023.0 | SUSE:19990829 Security hole in cron | DEBIAN:19990830 cron | BID:611 | URL:http://www.securityfocus.com/bid/611" CVE-1999-0770,Entry,"Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.","BUGTRAQ:19990729 Simple DOS attack on FW-1 | BID:549 | URL:http://www.securityfocus.com/bid/549 | CHECKPOINT:ACK DOS ATTACK | OSVDB:1027 | URL:http://www.osvdb.org/1027" CVE-1999-0771,Entry,"The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.","BUGTRAQ:19990526 Infosec.19990526.compaq-im.a | COMPAQ:SSRT0612U | XF:management-agent-file-read" CVE-1999-0772,Entry,"Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.","BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post) | COMPAQ:SSRT0612U | XF:management-agent-dos" CVE-1999-0773,Entry,"Buffer overflow in Solaris lpset program allows local users to gain root access.","BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow | URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017 | XF:sol-lpset-bo" CVE-1999-0774,Entry,"Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.","BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf | REDHAT:RHSA1999037_01 | SUSE:19990916 Security hole in mars nwe | BID:617 | URL:http://www.securityfocus.com/bid/617" CVE-1999-0775,Entry,"Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the ""established"" keyword in an access list.","CISCO:19990610 Cisco IOS Software established Access List Keyword Error | XF:cisco-gigaswitch" CVE-1999-0777,Entry,"IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have ""No Access"" permissions.","MS:MS99-039 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp | MSKB:Q241407 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407 | MSKB:Q242559 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559 | XF:iis-ftp-no-access-files | BID:658 | URL:http://www.securityfocus.com/bid/658" CVE-1999-0778,Entry,"Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.","BUGTRAQ:19990626 KSR[T] #011: Accelerated-X | KSRT:011 | BID:488 | URL:http://www.securityfocus.com/bid/488 | XF:accelx-display-bo" CVE-1999-0779,Entry,"Denial of service in HP-UX SharedX recserv program.","HP:HPSBUX9810-086 | URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086 | XF:hp-sharedx" CVE-1999-0780,Entry,"KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.","BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 | XF:kde-klock-process-kill" CVE-1999-0781,Entry,"KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.","BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 | XF:kde-klock-bindir-trojans" CVE-1999-0782,Entry,"KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.","BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 | XF:kde-kppp-directory-create" CVE-1999-0783,Entry,"FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","FREEBSD:FreeBSD-SA-98:05 | CIAC:I-057 | URL:http://www.ciac.org/ciac/bulletins/i-057.shtml | XF:freebsd-nfs-link-dos | OSVDB:6090 | URL:http://www.osvdb.org/6090" CVE-1999-0785,Entry,"The INN inndstart program allows local users to gain root privileges via the ""pathrun"" parameter in the inn.conf file.","BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential | SUSE:19990518 Security hole in INN | XF:inn-pathrun | BID:254 | URL:http://www.securityfocus.com/bid/254" CVE-1999-0786,Entry,"The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.","BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 | BID:659 | URL:http://www.securityfocus.com/bid/659" CVE-1999-0787,Entry,"The SSH authentication agent follows symlinks via a UNIX domain socket.","BUGTRAQ:19990917 A few bugs... | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2 | BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2 | XF:ssh-socket-auth-symlink-dos | BID:660 | URL:http://www.securityfocus.com/bid/660" CVE-1999-0788,Entry,"Arkiea nlservd allows remote attackers to conduct a denial of service.","BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2 | BID:662 | URL:http://www.securityfocus.com/bid/662 | XF:arkiea-backup-nlserverd-remote-dos" CVE-1999-0789,Entry,"Buffer overflow in AIX ftpd in the libc library.","BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000 | IBM:ERS-SVA-E01-1999:004.1 | CIAC:J-072 | URL:http://www.ciac.org/ciac/bulletins/j-072.shtml | XF:aix-ftpd-bo | BID:679 | URL:http://www.securityfocus.com/bid/679" CVE-1999-0790,Entry,"A remote attacker can read information from a Netscape user's cache via JavaScript.","MISC:http://home.netscape.com/security/notes/jscachebrowsing.html | XF:netscape-javascript" CVE-1999-0791,Entry,"Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.","BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems | KSRT:012 | BID:695 | URL:http://www.securityfocus.com/bid/695 | XF:hybrid-anon-cable-modem-reconfig" CVE-1999-0793,Entry,"Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.","MS:MS99-043 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx | XF:ie-java-redirect" CVE-1999-0794,Entry,"Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.","MS:MS99-044 | URL:http://www.microsoft.com/technet/security/bulletin/ms99-044.mspx | XF:excel-sylk | MSKB:Q241900 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900 | MSKB:Q241901 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901 | MSKB:Q241902 | URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902" CVE-1999-0796,Entry,"FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.","FREEBSD:SA-98.03 | XF:freebsd-ttcp-spoof | OSVDB:6089 | URL:http://www.osvdb.org/6089" CVE-1999-0797,Entry,"NIS finger allows an attacker to conduct a