[CLOSE] OSVDB ID : 5884 - Disclosed: 1999-01-30

Description:

(Description Provided by CVE) : MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.

[CLOSE] OSVDB ID : 11469 - Disclosed: 1999-01-30

Description:

(Description Provided by CVE) : An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

[CLOSE] OSVDB ID : 931 - Disclosed: 1999-01-29

Description:

(Description Provided by CVE) : GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

[CLOSE] OSVDB ID : 8046 - Disclosed: 1999-01-29

Description:

Caldera OpenLinux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when submitting a UUCP job which includes the rmail command specifying a debug file to be overwritten. This flaw may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 5885 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information are available for any user to read. The data inside those tables is not encrypted, which exposes the passwords in plaintext to any user. Included in the tables is the password for the administrative account. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 5986 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information do not require administrative privileges for write access. Additionally, any operations directly on the tables are not logged. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 5852 - Disclosed: 1999-01-28

Description:

Multiple vendor implementations of RPCBIND contains a flaw that may allow a remote denial of service. It is possible for a remote attacker to arbitrary register or unregister RPC services or manipulate these services using a spoofed source IP address, resulting in a loss of availability.

[CLOSE] OSVDB ID : 5875 - Disclosed: 1999-01-27

Description:

(Description Provided by CVE) : Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

[CLOSE] OSVDB ID : 930 - Disclosed: 1999-01-27

Description:

Microsoft Corporation IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when two servers are configured to use the same virtual disk and physical directory, which will disclose ASP cache data from one server to users on the other resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 5877 - Disclosed: 1999-01-27

Description:

ptylogin contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user caused to modem to quit accepting incomming calles, and will result in loss of availability for the modem.

[CLOSE] OSVDB ID : 5878 - Disclosed: 1999-01-27

Description:

(Description Provided by CVE) : ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords.

[CLOSE] OSVDB ID : 5879 - Disclosed: 1999-01-27

Description:

UNIX modem tty contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to passwords when has access to the modem tty when dialing into a UNIX system, which may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 8226 - Disclosed: 1999-01-27

Description:

SCO OpenServer and Unixware contain a flaw that may allow a malicious user to gain unauthorized privileges. The issue is due to a flaw in the remote login daemon "rshd". No further details have been provided.

[CLOSE] OSVDB ID : 8227 - Disclosed: 1999-01-27

Description:

SCO OpenServer and Unixware contain a flaw that may allow a malicious user to gain unauthorized privileges. The issue is due to a flaw in the remote login binary "scheme". No further details have been provided.

[CLOSE] OSVDB ID : 2 - Disclosed: 1999-01-26

Description:

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (search.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

[CLOSE] OSVDB ID : 5918 - Disclosed: 1999-01-26

Description:

(Description Provided by CVE) : Denial of service in Linux 2.2.0 running the ldd command on a core file.

[CLOSE] OSVDB ID : 3 - Disclosed: 1999-01-26

Description:

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (query.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

[CLOSE] OSVDB ID : 4 - Disclosed: 1999-01-26

Description:

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (advsearch.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

[CLOSE] OSVDB ID : 8667 - Disclosed: 1999-01-26

Description:

(Description Provided by CVE) : Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.

[CLOSE] OSVDB ID : 5870 - Disclosed: 1999-01-25

Description:

(Description Provided by CVE) : ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.

[CLOSE] OSVDB ID : 5876 - Disclosed: 1999-01-25

Description:

Computer Associates Control IT contains a flaw that may lead to an unauthorized password exposure. Control IT address book function allows users to save usernames and passwords with weak encryption in a file. It is possible for a local attacker to read and decrypt the file and gain access to passwords, which may lead to a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 11453 - Disclosed: 1999-01-25

Description:

(Description Provided by CVE) : Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

[CLOSE] OSVDB ID : 11493 - Disclosed: 1999-01-25

Description:

ControlIT (also known as Remotely Possible/32) contains a flaw that may allow a malicious user to reboot the system and/or force all users to log out. The issue is triggered when an authenticated user issues a particular command, or if properly configured, when an unauthenicated user does the same. It is possible that the flaw may allow users to be forced off the system, resulting in a loss of availability.

[CLOSE] OSVDB ID : 5928 - Disclosed: 1999-01-24

Description:

mIRC contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to the DCC Server command, which doesn't properly filter charachters (such as . and \) from file names. It is possible that the flaw may allow a remote attacker to place arbitrary code in a different location, such as the autostart directory, and then require the victim to execute those code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 929 - Disclosed: 1999-01-24

Description:

(Description Provided by CVE) : A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

[CLOSE] OSVDB ID : 5927 - Disclosed: 1999-01-23

Description:

SSH contains a flaw that may allow a user with a expired account to login. Most remote access protocols honor accounts that have been locked via /etc/shadow, but SSH does not. This may allow a user to continue logging in even after the administrator has locked the account.

[CLOSE] OSVDB ID : 53020 - Disclosed: 1999-01-22

Description:

The util-linux distribution available on ftp.win.tue.nl was found to contain a backdoor. Any system that installed this package would become vulnerable to an unspecified backdoor. During the software installation, a mail would be sent to a hard-coded Hotmail address, presumably to warn the attacker a system was vulnerable.

[CLOSE] OSVDB ID : 98 - Disclosed: 1999-01-22

Description:

(Description Provided by CVE) : In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

[CLOSE] OSVDB ID : 53019 - Disclosed: 1999-01-21

Description:

For a brief period on January 21, 1999, the source copy of TCP Wrappers (tcp_wrappers) on ftp.win.tue.nl was replaced with a copy containing a backdoor. This backdoor would allow a remote attacker to gain root access to the system via a privileged shell.

[CLOSE] OSVDB ID : 928 - Disclosed: 1999-01-21

Description:

(Description Provided by CVE) : IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

[CLOSE] OSVDB ID : 3267 - Disclosed: 1999-01-21

Description:

Password Appraiser contains a flaw that exposes every internal Windows NT password to the Internet, regardless of the presence of a firewall. The issue is due to PA sending the encrypted NT passwords to a remote host on the Quackenbush network. If the encrypted password matches an entry in their dictionary, the unencrypted password is returned to the PA client. Any attacker that has set up a sniffer between the client and Quackenbush server can obtain these passwords.

[CLOSE] OSVDB ID : 7933 - Disclosed: 1999-01-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7934 - Disclosed: 1999-01-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10059 - Disclosed: 1999-01-21

Description:

(Description Provided by CVE) : WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been expliticly disabled.

[CLOSE] OSVDB ID : 10993 - Disclosed: 1999-01-21

Description:

(Description Provided by CVE) : The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

[CLOSE] OSVDB ID : 9310 - Disclosed: 1999-01-20

Description:

(Description Provided by CVE) : Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

[CLOSE] OSVDB ID : 9311 - Disclosed: 1999-01-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5994 - Disclosed: 1999-01-19

Description:

The Linux kernel contains a flaw that may allow a local denial of service. The problem is that a malicious user can permanently close any non-priviliged port, rendering the port unvavailable, resulting in a loss of availability for the machine.

[CLOSE] OSVDB ID : 6014 - Disclosed: 1999-01-18

Description:

The Cisco Discovery Protocol (CDP) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered, when sending a SYN packet to port 1999 on a Cisco router, which will return a RST packet containing "cisco" in the data payload, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 45583 - Disclosed: 1999-01-18

Description:

(Description Provided by CVE) : Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.