[CLOSE] OSVDB ID : 1165 - Disclosed: 1999-12-16

Description:

(Description Provided by CVE) : Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

[CLOSE] OSVDB ID : 1166 - Disclosed: 1999-12-16

Description:

(Description Provided by CVE) : Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

[CLOSE] OSVDB ID : 8890 - Disclosed: 1999-12-16

Description:

(Description Provided by CVE) : Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

[CLOSE] OSVDB ID : 8891 - Disclosed: 1999-12-16

Description:

(Description Provided by CVE) : The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.

[CLOSE] OSVDB ID : 8892 - Disclosed: 1999-12-16

Description:

(Description Provided by CVE) : Cisco Cache Engine allows an attacker to replace content in the cache.

[CLOSE] OSVDB ID : 8023 - Disclosed: 1999-12-15

Description:

(Description Provided by CVE) : xsoldier program allows local users to gain root access via a long argument.

[CLOSE] OSVDB ID : 7693 - Disclosed: 1999-12-15

Description:

(Description Provided by CVE) : The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

[CLOSE] OSVDB ID : 83866 - Disclosed: 1999-12-14

Description:

NetKit (ntalk) contains a flaw that may allow a remote denial of service. The issue is triggered when the talkd announce message is passed as a format string containing percent signs(%). This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 83865 - Disclosed: 1999-12-14

Description:

NetKit (netkit-ftp) contains and unspecified issue related to Passive Mode (PASV). No further details have been provided.

[CLOSE] OSVDB ID : 83864 - Disclosed: 1999-12-14

Description:

NetKit (netkit-base) contains a flaw that may allow a local denial of service. The issue is triggered when a user sends a SIGPIPE signal to the inetd process, which will result in loss of availability for the program.

[CLOSE] OSVDB ID : 83863 - Disclosed: 1999-12-14

Description:

NetKit (netkit-base) contains a flaw related to the inetd service that may allow a local denial of service. This issue is triggered during the handling of a spoofed UDP packet. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 83862 - Disclosed: 1999-12-14

Description:

NetKit (netkit-base) contains a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs in inetd. This will result in a minor loss of availability for the program.

[CLOSE] OSVDB ID : 4680 - Disclosed: 1999-12-14

Description:

War FTP Daemon version 1.70 contains a flaw that may allow a remote denial of service. The issue is triggered when sixty or more connections are established when certain characters are used in the logon name. This will result in loss of availability for the service.

[CLOSE] OSVDB ID : 8024 - Disclosed: 1999-12-14

Description:

(Description Provided by CVE) : An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

[CLOSE] OSVDB ID : 11074 - Disclosed: 1999-12-14

Description:

(Description Provided by CVE) : HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

[CLOSE] OSVDB ID : 1164 - Disclosed: 1999-12-13

Description:

(Description Provided by CVE) : Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.

[CLOSE] OSVDB ID : 59258 - Disclosed: 1999-12-13

Description:

(Description Provided by CVE) : Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

[CLOSE] OSVDB ID : 90022 - Disclosed: 1999-12-12

Description:

Libxml2 contains a flaw in HTMLparser.c that may allow a denial of service. The issue is triggered during the handling of malformed input. This may allow a context-dependent attacker to crash the program.

[CLOSE] OSVDB ID : 7573 - Disclosed: 1999-12-12

Description:

NetBSD on VAX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user constructs a wrapper program using the ptrace system call that can modify the hardware privileges of a process. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 9825 - Disclosed: 1999-12-12

Description:

(Description Provided by CVE) : The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.

[CLOSE] OSVDB ID : 2558 - Disclosed: 1999-12-11

Description:

A remote overflow exists in Solaris sadmind daemon. The daemon fails to validate intput to the amsl_verify() function during a NETMGT_PROC_SERVICE request resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as root resulting in a loss of integrity and confidentiality.

[CLOSE] OSVDB ID : 1162 - Disclosed: 1999-12-10

Description:

(Description Provided by CVE) : The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

[CLOSE] OSVDB ID : 1063 - Disclosed: 1999-12-09

Description:

(Description Provided by CVE) : Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

[CLOSE] OSVDB ID : 1158 - Disclosed: 1999-12-09

Description:

A remote overflow exists in Xshipwars. The game server fails to properly check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 1163 - Disclosed: 1999-12-09

Description:

(Description Provided by CVE) : The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

[CLOSE] OSVDB ID : 1159 - Disclosed: 1999-12-09

Description:

(Description Provided by CVE) : Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

[CLOSE] OSVDB ID : 1160 - Disclosed: 1999-12-09

Description:

(Description Provided by CVE) : htdig allows remote attackers to execute commands via filenames with shell metacharacters.

[CLOSE] OSVDB ID : 8084 - Disclosed: 1999-12-08

Description:

WebSTAR Admin Application contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker intentionally fails to enter a connection password which disables menu options, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 8085 - Disclosed: 1999-12-08

Description:

WebSTAR Admin Application contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker established and then quickly cancelled a new connection, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 7832 - Disclosed: 1999-12-08

Description:

(Description Provided by CVE) : Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

[CLOSE] OSVDB ID : 1155 - Disclosed: 1999-12-07

Description:

(Description Provided by CVE) : Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

[CLOSE] OSVDB ID : 1161 - Disclosed: 1999-12-07

Description:

(Description Provided by CVE) : The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

[CLOSE] OSVDB ID : 1154 - Disclosed: 1999-12-07

Description:

(Description Provided by CVE) : Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

[CLOSE] OSVDB ID : 6267 - Disclosed: 1999-12-07

Description:

A remote overflow exists in POP3 proxy service(POProxy)of Norton Anti-Virus. The POProxy fails to validate the USER command. By sending a username containing more than 264 characters to the USER command to the proxy service, a remote attacker can overflow the buffer and crash the service, resulting in loss of availability.

[CLOSE] OSVDB ID : 1157 - Disclosed: 1999-12-06

Description:

(Description Provided by CVE) : Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

[CLOSE] OSVDB ID : 9824 - Disclosed: 1999-12-06

Description:

(Description Provided by CVE) : Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

[CLOSE] OSVDB ID : 11097 - Disclosed: 1999-12-06

Description:

(Description Provided by CVE) : Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

[CLOSE] OSVDB ID : 1156 - Disclosed: 1999-12-05

Description:

(Description Provided by CVE) : Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

[CLOSE] OSVDB ID : 6490 - Disclosed: 1999-12-05

Description:

A remote overflow exists in Infoseek Ultraseek. Infoseek Ultraseek fails to check the buffer boundary in GET command. By sending a specially crafted GET request via port 8765, a remote attacker can cause cause a buffer overflow and execute arbitrary code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11261 - Disclosed: 1999-12-05

Description:

(Description Provided by CVE) : The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.