diff options
| author | Alec Berryman <alec@thened.net> | 2006-05-22 20:59:47 +0000 |
|---|---|---|
| committer | Alec Berryman <alec@thened.net> | 2006-05-22 20:59:47 +0000 |
| commit | 29978a0f74f30949328deb800ea0fda3d675a632 (patch) | |
| tree | c575dc5bb4d6aef7f77a51b7b7396645a4b54a2f /data | |
| parent | f30fd4d0c2c006280701a48d54ce6fd3a4c26c70 (diff) | |
NOT-FOR-US
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4052 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/1999.list | 58 | ||||
| -rw-r--r-- | data/CVE/2000.list | 48 | ||||
| -rw-r--r-- | data/CVE/2001.list | 22 | ||||
| -rw-r--r-- | data/CVE/2002.list | 12 |
4 files changed, 70 insertions, 70 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 6f3bd2727c..bfe67e0d48 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -44,7 +44,7 @@ CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attacke CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...) TODO: check CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...) TODO: check CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...) @@ -104,7 +104,7 @@ CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allow CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...) TODO: check CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...) TODO: check CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...) @@ -209,11 +209,11 @@ CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user dom CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...) TODO: check CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...) TODO: check CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...) TODO: check CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...) @@ -275,7 +275,7 @@ CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...) TODO: check CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...) TODO: check CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...) @@ -371,7 +371,7 @@ CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...) TODO: check CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1034 (Vulnerability in login in AT&T System V Release 4 allows local users ...) TODO: check CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...) @@ -610,7 +610,7 @@ CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...) CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...) TODO: check CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...) TODO: check CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...) @@ -622,7 +622,7 @@ CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...) TODO: check CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...) TODO: check CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...) @@ -630,7 +630,7 @@ CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP . CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...) TODO: check CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...) TODO: check CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...) @@ -746,7 +746,7 @@ CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...) CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...) TODO: check CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...) NOT-FOR-US: Cisco CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...) @@ -830,7 +830,7 @@ CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be se CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...) TODO: check CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...) TODO: check CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...) @@ -999,9 +999,9 @@ CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...) TODO: check CVE-1999-0449 (Denial of service in IIS 4 with scripts from the ExAir sample site. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...) TODO: check CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...) @@ -1055,7 +1055,7 @@ CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...) TODO: check CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...) TODO: check CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...) @@ -1063,7 +1063,7 @@ CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local user CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...) TODO: check CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...) TODO: check CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...) @@ -1145,9 +1145,9 @@ CVE-1999-0351 (FTP PASV "Pizza Thief" denial of service and unauthoriz CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...) TODO: check CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...) TODO: check CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...) @@ -1247,13 +1247,13 @@ CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIOS ...) TODO: check CVE-1999-0281 (Denial of service in IIS using long URLs. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...) NOT-FOR-US: Microsoft CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...) TODO: check CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...) TODO: check CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...) @@ -1311,7 +1311,7 @@ CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...) TODO: check CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or .cmd ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) NOT-FOR-US: Cisco CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...) @@ -1365,7 +1365,7 @@ CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messa CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...) TODO: check CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...) TODO: check CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...) @@ -1738,7 +1738,7 @@ CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (tr CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...) TODO: check CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) TODO: check CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) @@ -1872,7 +1872,7 @@ CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) NOT-FOR-US: Microsoft CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) TODO: check CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) @@ -1988,7 +1988,7 @@ CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot .. CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...) TODO: check CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) TODO: check CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) @@ -2572,13 +2572,13 @@ CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...) CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) TODO: check CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) TODO: check CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) @@ -2784,7 +2784,7 @@ CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) TODO: check CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) TODO: check CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...) diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 21649b53d6..8da916da2e 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -323,7 +323,7 @@ CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlie CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...) TODO: check CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...) TODO: check CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...) @@ -355,7 +355,7 @@ CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...) TODO: check CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...) TODO: check CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...) @@ -453,9 +453,9 @@ CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cau CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...) TODO: check CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...) TODO: check CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...) @@ -587,7 +587,7 @@ CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote . CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...) TODO: check CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...) NOT-FOR-US: Microsoft CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...) @@ -597,7 +597,7 @@ CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbit CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...) NOT-FOR-US: Microsoft CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...) NOT-FOR-US: Microsoft CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...) @@ -783,9 +783,9 @@ CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local use CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...) TODO: check CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...) TODO: check CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...) @@ -1039,7 +1039,7 @@ CVE-2000-0459 (IMP does not remove files properly if the MSWordView application CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...) TODO: check CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...) TODO: check CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...) @@ -1113,7 +1113,7 @@ CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...) TODO: check CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...) TODO: check CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...) @@ -1343,7 +1343,7 @@ CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...) NOT-FOR-US: Microsoft CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...) TODO: check CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...) @@ -1361,7 +1361,7 @@ CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...) TODO: check CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...) TODO: check CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...) @@ -1391,7 +1391,7 @@ CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, wh CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...) TODO: check CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...) @@ -1631,9 +1631,9 @@ CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...) TODO: check CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...) TODO: check CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...) @@ -1745,7 +1745,7 @@ CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attack CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) TODO: check CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) TODO: check CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) @@ -1777,7 +1777,7 @@ CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allow CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) TODO: check CVE-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) TODO: check CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) @@ -2011,7 +2011,7 @@ CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes al CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) TODO: check CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) TODO: check CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) @@ -2077,7 +2077,7 @@ CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows r CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) NOT-FOR-US: Microsoft CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) TODO: check CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) @@ -2195,7 +2195,7 @@ CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the st CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) TODO: check CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) TODO: check CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) @@ -2319,7 +2319,7 @@ CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remot CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) TODO: check CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) TODO: check CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) @@ -2357,7 +2357,7 @@ CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read .. CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) TODO: check CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) TODO: check CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) @@ -2371,7 +2371,7 @@ CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti- CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) TODO: check CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) TODO: check CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) @@ -2415,7 +2415,7 @@ CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows loca CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) TODO: check CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) TODO: check CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 08b7773994..13a4cfc9ec 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1044,9 +1044,9 @@ CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security a CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...) NOT-FOR-US: Microsoft CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...) NOT-FOR-US: Microsoft CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...) @@ -1082,11 +1082,11 @@ CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...) TODO: check CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...) NOT-FOR-US: Microsoft CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...) @@ -1242,11 +1242,11 @@ CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digi CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...) NOT-FOR-US: Microsoft CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...) TODO: check CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...) @@ -1412,7 +1412,7 @@ CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visu CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...) TODO: check CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...) NOT-FOR-US: Microsoft CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...) @@ -1486,7 +1486,7 @@ CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...) TODO: check CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...) TODO: check CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...) @@ -1598,7 +1598,7 @@ CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...) CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...) TODO: check CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...) NOT-FOR-US: Microsoft CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 85eaf0e255..f745ac8585 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3708,9 +3708,9 @@ CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh a CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...) TODO: check CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...) @@ -3770,7 +3770,7 @@ CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Serve CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...) TODO: check CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) TODO: check CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...) @@ -4184,13 +4184,13 @@ CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allo CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) TODO: check CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) TODO: check CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0418 (Directory traversal vulnerability in the ...) TODO: check CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) |