| OSVDB ID | Disclosure Date | Title |
|---|
|
14738
Description:
By default, ViSiON-X BBS installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1993-12-25
|
ViSiON-X Default SYSOP Password
|
|
19783
Description:
(Description Provided by CVE) : The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
|
1993-12-16
|
SunOS /sbin/rcS fsck Failure Privilege Escalation
|
|
19784
Description:
(Description Provided by CVE) : The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
|
1993-12-16
|
SunOS /sbin/mountall fsck Failure Privilege Escalation
|
|
5899
Description:
SunOS contains a flaw in loadmodule that may allow a malicious local user to gain unauthorized root privileges. The issue is due to the way the loadmodule program fails to sanitize the path environment variable. Sun attempted to patch this by clearing the IFS variable but it can still be exploited by setting the IFS variable twice. This flaw may lead to a loss of Confidentiality and Integrity.
|
1993-12-15
|
SunOS loadmodule Double IFS Privilege Escalation
|
|
5860
Description:
SunOS version 4.1.x contains a flaw in loadmodule that may allow a malicious local user to gain unauthorized root privileges. The issue is due to the way the loadmodule program fails to sanitize the path environment variable. This flaw may lead to a loss of Confidentiality and Integrity.
|
1993-12-15
|
SunOS loadmodule Path Environment Privilege Escalation
|
|
16454
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.
|
1993-12-12
|
Sendmail mail from: Piped Command Execution
|
|
5861
Description:
Sun Microsystems SunOS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an error in the modload program related to environment variables occurs. This flaw may lead to an escliation of user privledges.
|
1993-12-01
|
SunOS modload Root Privilege Escalation
|
|
18725
Description:
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user places escape sequences in a file or filename, which when passed to xwsh, will remap keys to unexpected strings or to xwsh internal functions. This flaw may lead to a loss of integrity.
|
1993-11-17
|
IRIX xwsh ANSI Escape Code Arbitrary Command Execution
|
|
54284
Description:
Unknown / Incomplete
|
1993-11-12
|
Symantec Norton Diskreet DES Implementation File Encryption Compromise
|
|
11266
Description:
(Description Provided by CVE) : Race condition in xterm allows local users to modify arbitrary files via the logging option.
|
1993-11-01
|
Multiple Unix xterm Logging Option Local Privilege Escalation
|
|
7528
Description:
(Description Provided by CVE) : SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
|
1993-11-01
|
SCO UNIX System V /tmp Home Directories Permission Weakness
|
|
16738
Description:
Unknown / Incomplete
|
1993-10-05
|
Sendmail -oL Unprivileged Logging Disable
|
|
11995
Description:
Unknown / Incomplete
|
1993-10-01
|
SunOS SMI Sendmail Unspecified Remote Issue
|
|
6436
Description:
Solaris / SunOS device file /dev/audio contains a flaw that may lead to unauthorized information disclosure. The issue is triggered when a local user accesses the device, allowing the third party to listen conversations in the same room as the compromised workstation. The may result is a loss of confidentiality.
|
1993-10-01
|
Solaris /dev/audio World Read Permission
|
|
14731
Description:
By default, Remote Access BBS installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1993-09-22
|
Remote Access BBS Default SYSOP Password
|
|
7622
Description:
(Description Provided by CVE) : /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
|
1993-09-17
|
SunOS /usr/5bin/su Search Path Privilege Escalation
|
|
9988
Description:
(Description Provided by CVE) : LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
|
1993-09-01
|
Novell LOGIN.EXE Password Disclosure
|
|
10868
Description:
(Description Provided by CVE) : Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.
|
1993-08-01
|
UMN Gopher Arbitrary Privileged File Access
|
|
76
Description:
This host is running an FTP server that allows anonymous users to write to the root directory. This allows an attacker to upload files to this host to use in combination with another attack, or to use as a software distribution point.
|
1993-07-14
|
Multiple Vendor FTP Server Anonymous Writable Directory Privilege Escalation
|
|
14736
Description:
By default, TriBBS installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1993-07-12
|
TriBBS Default SYSOP Password
|
|
14737
Description:
TriBBS contains a flaw that may allow a user to bypass file download restrictions. The BBS can be configured to restrict file downloads via a "Daily Byte Limit". This option can be bypassed by any user on the system by using the Archive Menu to create a temporary archive, flag all files in it for download, and then download them. The system does not properly track these downloads and apply them to the user account.
|
1993-07-12
|
TriBBS Daily Byte Limit File Download Bypass
|
|
69
Description:
(Description Provided by CVE) : Anonymous FTP is enabled.
|
1993-07-01
|
Anonymous FTP Enabled
|
|
16737
Description:
Unknown / Incomplete
|
1993-06-27
|
Sendmail Unspecified Arbitrary Local File Access
|
|
11723
Description:
(Description Provided by CVE) : Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
|
1993-06-01
|
expreserve Race Condition Arbitrary File Overwrite Privilege Escalation
|
|
7630
Description:
(Description Provided by CVE) : Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
|
1993-05-23
|
SCO UNIX passwd Utility Login DoS
|
|
8719
Description:
wu-ftpd contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when an attacker sends a specific SITE EXEC command. It is possible that the flaw may allow the attacker to gain root privileges resulting in a loss of integrity.
|
1993-03-01
|
WU-FTPD Site EXEC Race Condition
|
|
8720
Description:
BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses the SITE EXEC command to execute an arbitrary binary in /bin that is capable of giving access to an executable outside of /bin. This flaw may lead to a loss of integrity.
|
1993-03-01
|
BSD ftpd Site EXEC Race Condition
|
|
11085
Description:
(Description Provided by CVE) : Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges.
|
1993-02-24
|
OpenVMS Unspecified Local Privilege Escalation
|
|
11017
Description:
(Description Provided by CVE) : VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
|
1993-02-13
|
OpenVMS DECwindows/MOTIF User Account Lockout Weakness
|
|
9321
Description:
urestore in UnixWare contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an unspecified flaw, which may allow a malicious user to gain access to root privileges resulting in a loss of integrity. No further details have been provided.
|
1993-02-10
|
Novell UnixWare urestore Local Privilege Escalation
|
|
895
Description:
(Description Provided by CVE) : Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
|
1993-02-01
|
SunOS System Directory Insecure Permission Privilege Escalation
|
|
12971
Description:
(Description Provided by CVE) : Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files.
|
1993-02-01
|
Commodore Amiga UNIX finger Arbitrary Local File Disclosure
|
|
7522
Description:
(Description Provided by CVE) : Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
|
1993-01-02
|
Cisco Routers Remote Bypass via Certain IP
|
|
11355
Description:
(Description Provided by CVE) : HP ypbind allows attackers with root privileges to modify NIS data.
|
1993-01-01
|
HP-UX YP ypbind Arbitrary Remote NIS Data Modification
|
|
7760
Description:
Major BBS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a designated Forum Op attaches an arbitrary file to his forum, which will disclose the contents of the file resulting in a loss of confidentiality.
|
1993-01-01
|
Major BBS Forum Op Arbitrary File Retrieval
|
|
7763
Description:
Major BBS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a designated LibOp attaches an arbitrary file to his file library, which will disclose the contents of the file resulting in a loss of confidentiality.
|
1993-01-01
|
Major BBS LibOp Arbitrary File Access
|
|
7764
Description:
Major BBS contains a flaw that may allow an arbitrary user to access restricted menu trees on the system. The issue is due to the "go" command not requiring admin authentication. Menu trees can be accessed via a command such as "go /sysop" and their presence discovered via "/find a" (which will list all menus with the letter 'a' in them).
|
1993-01-01
|
Major BBS Unauthorized Module/Menu Access
|
|
7765
Description:
Major BBS contains a flaw that may allow a designated Forum Op to bypass the credit system used for file download access. The issue is due to the ability of a Forum Op to set the value of a message post to an arbitrary amount. By changing the value to -32000, posting a message and then deleting the same message, the Forum Op can obtain as many credits as s/he wants. This violates the file credit system that controls file transfer ratios allowing for unlimited file downloads.
|
1993-01-01
|
Major BBS Forum Op File Credit Bypass
|
|
8770
Description:
(Description Provided by CVE) : The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.
|
1993-01-01
|
NeXT NetInfo _writers Property Local Privilege Escalation
|
|
14735
Description:
Renegade BBS contains a flaw that may allow an unprivileged user to access arbitrary file content. The issue is due to the BBS software allowing system commands to be executed during user/SYSOP chat. The chat routines do not properly validate which user types the commands allowing the user to type the command and display the content of any file on the system.
|
1993-01-01
|
Renegade BBS SYSOP Chat Arbitrary File Disclosure
|
