| OSVDB ID | Disclosure Date | Title |
|---|
|
6470
Description:
(Description Provided by CVE) : WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
|
1999-06-29
|
WebTrends Unrestricted File Credentials Disclosure
|
|
11353
Description:
(Description Provided by CVE) : The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
|
1999-06-29
|
HP Visualize Conference FTP Remote Privilege Escalation
|
|
50903
Description:
Unknown / Incomplete
|
1999-06-28
|
Cognos Powerplay WE /ppwb/Temp/ Remote Information Disclosure
|
|
50904
Description:
Unknown / Incomplete
|
1999-06-28
|
Cognos Powerplay WE Temporary File Name Prediction Weakness
|
|
50905
Description:
Unknown / Incomplete
|
1999-06-28
|
Cognos Powerplay WE ppdscgi.exe Information Disclosure
|
|
142
Description:
Unknown / Incomplete
|
1999-06-28
|
PowerPlay ppdscgi.exe Temp File Information Disclosure
|
|
10614
Description:
(Description Provided by CVE) : Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
|
1999-06-28
|
Microsoft Windows NT %systemroot% Path Inclusion
|
|
11287
Description:
(Description Provided by CVE) : Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
|
1999-06-26
|
VMware for Linux HOME Environment Variable Local Overflow
|
|
11295
Description:
(Description Provided by CVE) : Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.
|
1999-06-25
|
Xi Graphics Accelerated-X Server Multiple Parameter Local Overflow
|
|
1015
Description:
(Description Provided by CVE) : The KDE klock program allows local users to unlock a session using malformed input.
|
1999-06-25
|
KDE klock Malformed Input Arbitrary Session Unlock
|
|
10358
Description:
(Description Provided by CVE) : Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
|
1999-06-25
|
Microsoft Outlook Client Persistent X-UIDL Header DoS
|
|
11452
Description:
(Description Provided by CVE) : When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
|
1999-06-24
|
Microsoft IIS Double Byte Code Arbitrary Source Disclosure
|
|
56526
Description:
(Description Provided by CVE) : Buffer overflows in Red Hat net-tools package.
|
1999-06-24
|
Red Hat Linux net-tools Multiple Unspecified Overflows
|
|
13529
Description:
(Description Provided by CVE) : Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges.
|
1999-06-24
|
Eastman Work Management Registry Key Cleartext Password Local Disclosure
|
|
1010
Description:
(Description Provided by CVE) : Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
|
1999-06-23
|
Microsoft Windows NT Malformed LSA Request DoS
|
|
1014
Description:
(Description Provided by CVE) : The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
|
1999-06-23
|
Debian mailman Weak Authentication Privilege Escalation
|
|
1016
Description:
(Description Provided by CVE) : SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.
|
1999-06-23
|
Cabletron Spectrum Enterprise Manager Directory Permission Weakness
|
|
11474
Description:
Windows NT contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user initiates 16 user input processes at one time without providing corresponding input. The CSRSS service generates only 16 worker threads at one time, which results in a loss of availability for the platform.
|
1999-06-23
|
Microsoft Windows NT CSRSS Thread Exhaustion DoS
|
|
57532
Description:
Unknown / Incomplete
|
1999-06-22
|
BRS WebWeaver HTTP GET Request Remote Overflow
|
|
57533
Description:
Unknown / Incomplete
|
1999-06-22
|
U.S. Robotics Broadband-Router 8000A/8000-2 HTTP GET Request Remote Overflow
|
|
88540
Description:
Libxml2 contains an overflow condition in parser.c. The issue is triggered as user-supplied input is not properly validated during the handling of an overly long attribute with no entities in it. This will cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
1999-06-22
|
Libxml2 parser.c Attribute Handling Overflow
|
|
8359
Description:
KDE Kmail contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when Kmail creates unsafe temporary files to save attachments in the "/tmp" directory, which will allow a local attacker to create or overwrite files with contents they can select in any directory and/or file writable by the user running KMail. By compromising the UID of another Kmail user, a local attacker can escalate their privileges.
|
1999-06-21
|
KDE KMail Local Symlink Privilege Escalation
|
|
11270
Description:
(Description Provided by CVE) : MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Sesion Initiation Protocol (SIP) messages.
|
1999-06-21
|
MBone SDR Package SIP Message Arbitrary Command Execution
|
|
12973
Description:
(Description Provided by CVE) : Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
|
1999-06-21
|
Multiple Vendor Modems Arbitrary Dial Command Execution
|
|
3165
Description:
Tiger Security Scanner contains a flaw that allows local users to gain root privileges. The flaw is due to the check_rhosts script not performing proper checks before executing, allowing a local user to craft a custom command that will be executed under the privileges of the person running Tiger (typically root).
|
1999-06-20
|
Tiger Security Tool check_rhosts Local Root Privilege Escalation
|
|
9851
Description:
(Description Provided by CVE) : ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
|
1999-06-16
|
tcpdump ip_print Procedure Zero Length Header Packet DoS
|
|
83377
Description:
Lotus Domino contains a flaw in Lotus Notes SMTP MTA that is triggered when an attacker connects to the server via TCP port 25 and issues 'mail from' command with <> as the data. This may allow an attacker to use the program as a relay to send emails to arbitrary addresses.
|
1999-06-15
|
Lotus Domino SMTP MTA Arbitrary Mail Relay
|
|
10920
Description:
(Description Provided by CVE) : Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
|
1999-06-15
|
Novell NetWare Multiple Web Server HTTP GET Saturation DoS
|
|
83378
Description:
SCO OpenServer is prone to an overflow condition. The xterm XBase tool fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a local attacker to execute arbitrary code with root permissions.
|
1999-06-14
|
SCO OpenServer XBase /usr/bin/X11/xterm Local Overflow
|
|
8668
Description:
(Description Provided by CVE) : useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
|
1999-06-10
|
Solaris useradd -e Login Expiration Failure
|
|
8893
Description:
(Description Provided by CVE) : Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.
|
1999-06-10
|
Cisco Gigabit Switch Routers Established Keyword Packet Forwarding
|
|
8036
Description:
(Description Provided by CVE) : ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
|
1999-06-09
|
ssh Account Name Validity Disclosure
|
|
97
Description:
(Description Provided by CVE) : Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
|
1999-06-08
|
Microsoft IIS ISM.DLL HTR Request Overflow
|
|
7938
Description:
(Description Provided by CVE) : Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
|
1999-06-08
|
KDE kvt Unspecified Multiple Local Privilege Escalation
|
|
7940
Description:
Dump contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the rmt program in the dump package having serveral security problems. No further details have been provided. This flaw may allow a local attacker to obtain super user privilege, resulting in a loss of confidentiality, integrity and avaiability.
|
1999-06-08
|
Caldera Dump Package rmt Local Privilege Escalation
|
|
9052
Description:
(Description Provided by CVE) : Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
|
1999-06-08
|
sudo File Existence Information Disclosure
|
|
12989
Description:
(Description Provided by CVE) : Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
|
1999-06-08
|
KDE kvt Format String Arbitrary Local Command Execution
|
|
303
Description:
(Description Provided by CVE) : The registry in Windows NT can be accessed remotely by users who are not administrators.
|
1999-06-07
|
Microsoft Windows NetBIOS Null Session Remote Registry Access
|
|
445
Description:
Microsoft Windows LAN Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to certain SNMP queries, which will disclose LanMan accounts, LanMan services and LanMan shares resulting in a loss of confidentiality.
|
1999-06-07
|
Microsoft Windows LAN Manager SNMP LanMan Information Disclosure
|
|
11307
Description:
(Description Provided by CVE) : The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.
|
1999-06-07
|
Compaq Management Agent/Survey Utility Traversal Arbitrary File Access
|
