| OSVDB ID | Disclosure Date | Title |
|---|
|
7662
Description:
(Description Provided by CVE) : Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
|
1999-11-03
|
HylaFAX faxalter -m Argument Local Overflow
|
|
13
Description:
Alibaba Web Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the alibaba.pl script not sanitizing arguments supplied to it. With a specially crafted request, an attacker can provide additional commands that will be executed.
|
1999-11-03
|
Alibaba alibaba.pl Arbitrary Command Execution
|
|
14
Description:
Alibaba Web Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tst.bat script not sanitizing arguments supplied to it. With a specially crafted request, an attacker can provide additional commands that will be executed.
|
1999-11-03
|
Alibaba tst.bat Arbitrary Command Execution
|
|
16
Description:
AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'test.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.
|
1999-11-02
|
AN HTTPD Server test.bat Arbitrary Command Execution
|
|
1131
Description:
(Description Provided by CVE) : Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.
|
1999-11-02
|
Yamaha MidiPlug EMBED Tag Handling Overflow
|
|
1132
Description:
(Description Provided by CVE) : Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.
|
1999-11-02
|
IBM HomePagePrint IMG_SRC Tag Handling Overflow
|
|
9822
Description:
(Description Provided by CVE) : Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
|
1999-11-02
|
Canna Input System uum -D Parameter Local Overflow
|
|
9823
Description:
(Description Provided by CVE) : Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
|
1999-11-02
|
Canna Input System canuum Multiple Option Local Overflow
|
|
83854
Description:
Zom-Mail is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With an overly long name of a file attachment, a remote attacker can potentially execute arbitrary code.
|
1999-11-02
|
Zom-Mail File Attachment Name Handling Remote Overflow
|
|
45122
Description:
Unknown / Incomplete
|
1999-11-02
|
TEA Algorithm Hash Function Equivalent Key Cryptanalysis Weakness
|
|
11566
Description:
AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'input.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.
|
1999-11-02
|
AN HTTPD Server input.bat Arbitrary Command Execution
|
|
11567
Description:
AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'input2.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.
|
1999-11-02
|
AN HTTPD Server input2.bat Arbitrary Command Execution
|
|
11568
Description:
AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'envout.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.
|
1999-11-02
|
AN HTTPD Server envout.bat Arbitrary Command Execution
|
|
13552
Description:
(Description Provided by CVE) : runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
|
1999-11-01
|
AMANDA Backup System runtar Arbitrary File Manipulation
|
|
11264
Description:
(Description Provided by CVE) : Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
|
1999-10-31
|
Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS
|
|
7034
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass idle user screen locking. The issue is triggered when the debugger is launched by either using the programmer's switch or cmd-pwr key combination, from which an attacker can kill the idle screen. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-31
|
Mac OS 9 Idle Lock Debugger Password Bypass
|
|
83804
Description:
Avirt Gateway Suite is prone to an overflow condition. The mail serverfails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted password that contains more than 856 characters, a remote attacker can potentially execute arbitrary code.
|
1999-10-31
|
Avirt Gateway Suite Mail Server Password Handling Remote Overflow
|
|
83803
Description:
Avirt Gateway Suite Mail Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the RCPT TO command. This directory traversal attack would allow the attacker to create an arbitrary directory.
|
1999-10-31
|
Avirt Gateway Suite Mail Server RCPT TO Command Traversal Arbitrary Directory Creation
|
|
57211
Description:
Unknown / Incomplete
|
1999-10-30
|
Xitami Web Server Administrative Port Remote Overflow DoS
|
|
1122
Description:
(Description Provided by CVE) : Buffer overflow in Skyfull mail server via MAIL FROM command.
|
1999-10-29
|
Skyfull Mail Server MAIL FROM Command Remote Overflow
|
|
13555
Description:
(Description Provided by CVE) : Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
|
1999-10-29
|
Netscape Messaging Server RCPT TO Command Saturation DoS
|
|
11100
Description:
(Description Provided by CVE) : Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
|
1999-10-29
|
Netscape Communicator Long Certificate Key Remote Overflow
|
|
13550
Description:
(Description Provided by CVE) : Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
|
1999-10-29
|
Celtech ExpressFS FTP Server Long USER Command Overflow
|
|
1129
Description:
URL Live! contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
|
1999-10-28
|
URL Live! Traversal Arbitrary File Access
|
|
1130
Description:
(Description Provided by CVE) : Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
|
1999-10-27
|
Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow
|
|
8863
Description:
(Description Provided by CVE) : Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.
|
1999-10-27
|
rpc.yppasswdd MD5 Generation Overflow
|
|
11272
Description:
(Description Provided by CVE) : ypserv allows a local user to modify the GECOS and login shells of other users.
|
1999-10-27
|
Multiple Linux ypserv Arbitrary Password Field Modification
|
|
7033
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass the idle user screen locking mechanism. The issue is triggered when the attacker selects "logout" from the password dialog, and a running application prompts for confirmation, which will allow the attacker to click cancel and return to the desktop. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-26
|
Mac OS 9 Idle Lock Password Bypass
|
|
81102
Description:
libmikmod on Unix contains an unspecified flaw related to multiple drivers. No further information is currently available.
|
1999-10-25
|
MikMod libmikmod on Unix Multiple Drivers Unspecified Issue
|
|
1043
Description:
(Description Provided by CVE) : Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
|
1999-10-25
|
hybrid-6 IRC Server m_invite Option Remote Overflow
|
|
1125
Description:
(Description Provided by CVE) : Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
|
1999-10-25
|
Squid Web Proxy Newline Cross-User Authentication Bypass
|
|
1126
Description:
Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.
|
1999-10-25
|
Zeus Technologies Zeus Web Server Arbitrary File Retrieval
|
|
1128
Description:
(Description Provided by CVE) : genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
|
1999-10-25
|
IBM AIX Packet Filtering Module genfilt Port Restriction Bypass
|
|
8186
Description:
Zeus Web Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to MD5 hashed passwords in the default file '/usr/local/zeus/admin/website' as they are base64 encoded, which may lead to a loss of confidentiality.
|
1999-10-25
|
Zeus Technologies Zeus Web Server Weak Encryption
|
|
9666
Description:
(Description Provided by CVE) : IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
|
1999-10-24
|
IBM WebSphere ikeyman Database Password Storage Encryption Weakness
|
|
1127
Description:
Falcon Web Server contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
|
1999-10-24
|
Falcon Web Server Arbitrary File Access
|
|
9782
Description:
Falcon Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the handling of long file name requests, which will reveal the installation path resulting in a loss of confidentiality.
|
1999-10-24
|
Falcon Web Server Long Filename Path Disclosure
|
|
47680
Description:
Unknown / Incomplete
|
1999-10-23
|
FROG Algorithm Weak Key Chosen-plaintext Attack Cryptanalysis Weakness
|
|
47681
Description:
Unknown / Incomplete
|
1999-10-23
|
FROG Algorithm Decryption Function Diffusion Rate Cryptanalysis Weakness
|
|
3380
Description:
OmniHTTPd contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the "imagemap.exe" program (installed by default) not sanitizing input. By passing overly long arguments to the program, the attacker can overflow a strcpy() call and execute remote code.
|
1999-10-22
|
OmniHTTPd imagemap.exe Remote Overflow
|
