[CLOSE] OSVDB ID : 1184 - Disclosed: 1999-12-31

Description:

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to execute arbitrary code on the server. The issue is due to the web server not properly sanitizing GET requests. If an attacker sends a sepcially crafted GET request longer than 1000 bytes, they can overflow a buffer to execute arbitrary code.

[CLOSE] OSVDB ID : 1186 - Disclosed: 1999-12-31

Description:

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user appends a semicolon and arbitrary command to the end of a filename when saving a file in soundplayer. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 1183 - Disclosed: 1999-12-30

Description:

(Description Provided by CVE) : Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

[CLOSE] OSVDB ID : 1185 - Disclosed: 1999-12-30

Description:

(Description Provided by CVE) : The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

[CLOSE] OSVDB ID : 1187 - Disclosed: 1999-12-30

Description:

(Description Provided by CVE) : CascadeView TFTP server allows local users to gain privileges via a symlink attack.

[CLOSE] OSVDB ID : 1447 - Disclosed: 1999-12-30

Description:

(Description Provided by CVE) : nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

[CLOSE] OSVDB ID : 7577 - Disclosed: 1999-12-30

Description:

(Description Provided by CVE) : Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

[CLOSE] OSVDB ID : 15 - Disclosed: 1999-12-29

Description:

AltaVista Intranet Search CGI contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the "query" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "mss" variable.

[CLOSE] OSVDB ID : 43 - Disclosed: 1999-12-29

Description:

(Description Provided by CVE) : Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

[CLOSE] OSVDB ID : 1173 - Disclosed: 1999-12-29

Description:

Open Transport in Mac OS 9 contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed 29 byte long UDP packet, which will cause the machine to respond with an 1,500 byte long ICMP packet. It is possible for a remote attacker to use this behavior as an amplifier against other targets.

[CLOSE] OSVDB ID : 1585 - Disclosed: 1999-12-29

Description:

(Description Provided by CVE) : Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.

[CLOSE] OSVDB ID : 1177 - Disclosed: 1999-12-28

Description:

(Description Provided by CVE) : Denial of service in Savant web server via a null character in the requested URL.

[CLOSE] OSVDB ID : 1181 - Disclosed: 1999-12-28

Description:

(Description Provided by CVE) : Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

[CLOSE] OSVDB ID : 13626 - Disclosed: 1999-12-28

Description:

(Description Provided by CVE) : resend command in Majordomo allows local users to gain privileges via shell metacharacters.

[CLOSE] OSVDB ID : 1170 - Disclosed: 1999-12-28

Description:

(Description Provided by CVE) : IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

[CLOSE] OSVDB ID : 84754 - Disclosed: 1999-12-27

Description:

Fortech Proxy+ contains a flaw that is triggered when the program fails to properly enforce authentication on /admin. This may allow a remote unauthenticated attacker to gain administrator access.

[CLOSE] OSVDB ID : 232 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

[CLOSE] OSVDB ID : 1179 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

[CLOSE] OSVDB ID : 7581 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

[CLOSE] OSVDB ID : 1176 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

[CLOSE] OSVDB ID : 1178 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

[CLOSE] OSVDB ID : 1180 - Disclosed: 1999-12-27

Description:

(Description Provided by CVE) : UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

[CLOSE] OSVDB ID : 1174 - Disclosed: 1999-12-26

Description:

(Description Provided by CVE) : WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

[CLOSE] OSVDB ID : 13585 - Disclosed: 1999-12-26

Description:

(Description Provided by CVE) : FTPPro allows local users to read sensitive information, which is stored in plain text.

[CLOSE] OSVDB ID : 7579 - Disclosed: 1999-12-25

Description:

(Description Provided by CVE) : strace allows local users to read arbitrary files via memory mapped file names.

[CLOSE] OSVDB ID : 1172 - Disclosed: 1999-12-23

Description:

(Description Provided by CVE) : Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

[CLOSE] OSVDB ID : 7385 - Disclosed: 1999-12-23

Description:

By default, glFTPd installs with a default password. The 'gltftpd' account has a password of 'gltftpd' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 7386 - Disclosed: 1999-12-23

Description:

(Description Provided by CVE) : glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

[CLOSE] OSVDB ID : 7389 - Disclosed: 1999-12-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7578 - Disclosed: 1999-12-23

Description:

(Description Provided by CVE) : ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.

[CLOSE] OSVDB ID : 6269 - Disclosed: 1999-12-22

Description:

One "feature" of Virus scanning software permits attackers to hide malicious code in the "RECYCLED" directory. On vulnerable platforms, this means that users will not be notified of the presence of malware which is placed in this directory, in the event that their machine is compromised. However, this could allow infected machines to continue to be used for malicious purposes that should otherwise be noticed and stopped.

[CLOSE] OSVDB ID : 6310 - Disclosed: 1999-12-22

Description:

The i2odialog daemon in UnixWare contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to improper bounds checking of the i2odialog daemon, resulting in an buffer overflow. When sending a long username/password authorization string with 88 or more characters, a remote attacker could gain root access, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 1171 - Disclosed: 1999-12-22

Description:

(Description Provided by CVE) : RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

[CLOSE] OSVDB ID : 1182 - Disclosed: 1999-12-22

Description:

(Description Provided by CVE) : Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

[CLOSE] OSVDB ID : 7582 - Disclosed: 1999-12-22

Description:

Sun Microsystems Solaris dmispd contains a flaw that may allow a local denial of service. The issue is triggered when dmi_cmd is used to add a file which has more than 1024 characters in the first line to the DMI database, and will result in loss of availability for the DMI service.

[CLOSE] OSVDB ID : 7903 - Disclosed: 1999-12-22

Description:

(Description Provided by CVE) : Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

[CLOSE] OSVDB ID : 13644 - Disclosed: 1999-12-22

Description:

(Description Provided by CVE) : Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

[CLOSE] OSVDB ID : 11101 - Disclosed: 1999-12-22

Description:

A remote overflow exists in Microsoft IIS. The server fails to handle overly long URLs which contain hundreds of forward slashes, resulting in an access violation. With a specially crafted request, an attacker can cause the server to crash, resulting in a loss of availability.

[CLOSE] OSVDB ID : 11169 - Disclosed: 1999-12-22

Description:

(Description Provided by CVE) : The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service.

[CLOSE] OSVDB ID : 107 - Disclosed: 1999-12-21

Description:

A remote overflow may exists in Linuxconf. The issue is due to the handling of HTTP headers resulting in a buffer overflow. When the Web administration mode is enabled, a remote attacker could send an overly long parameter to the USER_AGENT field, which may allow arbitrary code execution reulting in a loss of integrity.