diff options
| author | Alec Berryman <alec@thened.net> | 2006-05-22 20:47:05 +0000 |
|---|---|---|
| committer | Alec Berryman <alec@thened.net> | 2006-05-22 20:47:05 +0000 |
| commit | 6b57371d4b01374b4326232286887e67b0c9c43e (patch) | |
| tree | 311dc39523930f8cac9ee1113870e4284f51715f /data | |
| parent | fa5e8a9066a5f8d2e81fde0ce0c460a028170680 (diff) | |
NOT-FOR-US
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4049 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/1999.list | 128 | ||||
| -rw-r--r-- | data/CVE/2000.list | 200 | ||||
| -rw-r--r-- | data/CVE/2001.list | 212 | ||||
| -rw-r--r-- | data/CVE/2002.list | 70 | ||||
| -rw-r--r-- | data/CVE/2005.list | 4 |
5 files changed, 307 insertions, 307 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 1291738da9..3828c549e9 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -38,7 +38,7 @@ CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remot CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...) TODO: check CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...) TODO: check CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...) @@ -74,7 +74,7 @@ CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...) TODO: check CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...) TODO: check CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...) @@ -191,7 +191,7 @@ CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmb CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...) TODO: check CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...) TODO: check CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...) @@ -199,13 +199,13 @@ CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbi CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...) TODO: check CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...) TODO: check CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...) TODO: check CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...) TODO: check CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...) @@ -341,13 +341,13 @@ CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive informatio CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...) TODO: check CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...) TODO: check CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...) TODO: check CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number ("dotless IP address") in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...) TODO: check CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...) @@ -359,7 +359,7 @@ CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...) TODO: check CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...) TODO: check CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...) @@ -387,7 +387,7 @@ CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 instal CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...) TODO: check CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the "none" cipher, even if ...) TODO: check CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...) @@ -403,7 +403,7 @@ CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...) TODO: check CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...) TODO: check CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...) @@ -420,7 +420,7 @@ CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ... CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...) TODO: check CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...) TODO: check CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...) @@ -428,7 +428,7 @@ CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a de CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...) TODO: check CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...) TODO: check CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...) @@ -454,7 +454,7 @@ CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a d CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...) TODO: check CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...) TODO: check CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...) @@ -492,7 +492,7 @@ CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2 CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...) TODO: check CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...) TODO: check CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...) @@ -534,7 +534,7 @@ CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allo CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...) TODO: check CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...) TODO: check CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...) @@ -580,7 +580,7 @@ CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...) TODO: check CVE-1999-0891 (The "download behavior" in Internet Explorer 5 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...) TODO: check CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...) @@ -604,9 +604,9 @@ CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...) TODO: check CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...) TODO: check CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...) @@ -614,11 +614,11 @@ CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a den CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...) TODO: check CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...) TODO: check CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...) @@ -634,7 +634,7 @@ CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers m CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...) TODO: check CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...) TODO: check CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...) @@ -652,7 +652,7 @@ CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xbo CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...) TODO: check CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...) TODO: check CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...) @@ -704,7 +704,7 @@ CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packe CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...) TODO: check CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...) TODO: check CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...) @@ -716,9 +716,9 @@ CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...) TODO: check CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...) TODO: check CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...) @@ -764,7 +764,7 @@ CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...) TODO: check CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...) TODO: check CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...) @@ -794,7 +794,7 @@ CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer over CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...) TODO: check CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...) TODO: check CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...) @@ -846,7 +846,7 @@ CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows atta CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...) TODO: check CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...) TODO: check CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...) @@ -873,11 +873,11 @@ CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging faci CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...) TODO: check CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...) TODO: check CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...) TODO: check CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...) @@ -909,9 +909,9 @@ CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the .. CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...) TODO: check CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...) TODO: check CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...) @@ -959,7 +959,7 @@ CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the loc CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...) TODO: check CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...) TODO: check CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...) @@ -987,7 +987,7 @@ CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to . CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...) TODO: check CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...) TODO: check CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...) @@ -1089,7 +1089,7 @@ CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...) TODO: check CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...) TODO: check CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...) @@ -1101,7 +1101,7 @@ CVE-1999-0382 (The screen saver in Windows NT does not verify that its security CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...) TODO: check CVE-1999-0379 (Microsoft Taskpads feature allows remote web sites to execute commands ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...) TODO: check CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...) @@ -1249,7 +1249,7 @@ CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIO CVE-1999-0281 (Denial of service in IIS using long URLs. ...) TODO: check CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...) TODO: check CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...) @@ -1627,7 +1627,7 @@ CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x ...) CVE-1999-0032 (Buffer overflow in BSD-based lpr package allows local users to gain ...) TODO: check CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...) TODO: check CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...) @@ -1659,7 +1659,7 @@ CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgath CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...) TODO: check CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...) TODO: check CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...) @@ -1728,7 +1728,7 @@ CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio N CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) TODO: check CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) TODO: check CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) @@ -1870,7 +1870,7 @@ CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remot CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) TODO: check CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) TODO: check CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) @@ -1880,9 +1880,9 @@ CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a d CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) TODO: check CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) TODO: check CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) @@ -2000,13 +2000,13 @@ CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) TODO: check CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) TODO: check CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) TODO: check CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) TODO: check CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) @@ -2092,7 +2092,7 @@ CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) TODO: check CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) TODO: check CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) @@ -2168,7 +2168,7 @@ CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitr CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) TODO: check CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) TODO: check CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) @@ -2180,7 +2180,7 @@ CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication . CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) TODO: check CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) TODO: check CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...) @@ -2270,7 +2270,7 @@ CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, w CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) TODO: check CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) TODO: check CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) @@ -2300,7 +2300,7 @@ CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) TODO: check CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) TODO: check CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) @@ -2314,7 +2314,7 @@ CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and ea CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) TODO: check CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1108 REJECTED CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) @@ -2324,7 +2324,7 @@ CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root ac CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) TODO: check CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) TODO: check CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) @@ -2394,7 +2394,7 @@ CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and pos CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) TODO: check CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) TODO: check CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) @@ -2404,7 +2404,7 @@ CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) TODO: check CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) TODO: check CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) @@ -2418,7 +2418,7 @@ CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) TODO: check CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) TODO: check CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) @@ -2442,7 +2442,7 @@ CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) TODO: check CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) TODO: check CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) @@ -2458,7 +2458,7 @@ CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) TODO: check CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) TODO: check CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) @@ -2496,7 +2496,7 @@ CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execut CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) TODO: check CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) TODO: check CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) @@ -2536,7 +2536,7 @@ CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...) CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) TODO: check CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) TODO: check CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) @@ -2810,7 +2810,7 @@ CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...) CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...) TODO: check CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) TODO: check CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) @@ -2886,11 +2886,11 @@ CVE-1999-0495 (A remote attacker can gain access to a file system using .. (dot CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) TODO: check CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) TODO: check CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 688a45bd22..8e5e4a2d67 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -59,7 +59,7 @@ CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to ...) TODO: check CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows ...) TODO: check CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before ...) @@ -105,7 +105,7 @@ CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmenta CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ...) TODO: check CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable ...) TODO: check CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...) @@ -123,7 +123,7 @@ CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that ".." d CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers, ...) TODO: check CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...) TODO: check CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux ...) @@ -149,11 +149,11 @@ CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier a CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) ...) TODO: check CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process ...) TODO: check CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not ...) @@ -175,7 +175,7 @@ CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows ...) TODO: check CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers ...) TODO: check CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web ...) @@ -197,7 +197,7 @@ CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...) TODO: check CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...) TODO: check CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 ...) @@ -237,7 +237,7 @@ CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows r CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows ...) TODO: check CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...) TODO: check CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain ...) @@ -265,13 +265,13 @@ CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly othe CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in ...) TODO: check CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and ...) TODO: check CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...) TODO: check CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...) TODO: check CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to ...) @@ -291,7 +291,7 @@ CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a - openssh <unfixed> (low; bug #270770) NOTE: Rediscoved as CVE-2004-0175, see there. CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...) TODO: check CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...) @@ -299,15 +299,15 @@ CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP ser CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...) TODO: check CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks ...) TODO: check CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 ...) TODO: check CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to ...) @@ -371,7 +371,7 @@ CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers ...) TODO: check CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to ...) TODO: check CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a ...) @@ -391,7 +391,7 @@ CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA ... CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via ...) TODO: check CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by ...) TODO: check CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ...) @@ -495,21 +495,21 @@ CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote ...) TODO: check CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause ...) TODO: check CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...) TODO: check CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes ...) TODO: check CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows local ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass ...) TODO: check CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows ...) TODO: check CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by ...) @@ -525,9 +525,9 @@ CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service ...) TODO: check CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each ...) TODO: check CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of ...) @@ -569,9 +569,9 @@ CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict ...) TODO: check CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...) TODO: check CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor ...) @@ -589,23 +589,23 @@ CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows r CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...) TODO: check CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...) TODO: check CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary ...) TODO: check CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...) TODO: check CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to ...) TODO: check CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a ...) TODO: check CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format ...) @@ -619,7 +619,7 @@ CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list ...) CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 ...) TODO: check CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...) TODO: check CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader ...) @@ -635,7 +635,7 @@ CVE-2000-0744 (DEPRECATED. This entry has been deprecated. It is a duplicate o CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows ...) TODO: check CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...) TODO: check CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 ...) @@ -645,7 +645,7 @@ CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Ne CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...) TODO: check CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service ...) @@ -739,9 +739,9 @@ CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attack CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read ...) TODO: check CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to ...) @@ -749,7 +749,7 @@ CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attacker CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to ...) TODO: check CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for ...) TODO: check CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly ...) @@ -771,7 +771,7 @@ CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does n CVE-2000-0638 (Big Brother 1.4h1 and earlier allows remote attackers to read ...) TODO: check CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow ...) TODO: check CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program ...) @@ -795,7 +795,7 @@ CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attacker CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite ...) TODO: check CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service ...) TODO: check CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of ...) @@ -813,7 +813,7 @@ CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attacke CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, ...) TODO: check CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain ...) TODO: check CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial ...) @@ -825,9 +825,9 @@ CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions ...) TODO: check CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...) TODO: check CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format ...) @@ -853,7 +853,7 @@ CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly c CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a ...) TODO: check CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and ...) TODO: check CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote ...) @@ -873,7 +873,7 @@ CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of serv CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ...) TODO: check CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files ...) TODO: check CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by ...) @@ -935,9 +935,9 @@ CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of servi CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI ...) TODO: check CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a ...) TODO: check CVE-2000-0516 (When configured to store configuration information in an LDAP ...) @@ -977,7 +977,7 @@ CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source c CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...) TODO: check CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, ...) TODO: check CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows ...) @@ -991,7 +991,7 @@ CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attacke CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...) TODO: check CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...) TODO: check CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote ...) @@ -1023,9 +1023,9 @@ CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local u CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...) TODO: check CVE-2000-0465 (Internet Explorer 4.x and 5.x does properly verify the domain of a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via ...) TODO: check CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...) @@ -1069,7 +1069,7 @@ CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain wri CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the ...) TODO: check CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in ...) @@ -1125,7 +1125,7 @@ CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to caus CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote ...) TODO: check CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...) TODO: check CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...) @@ -1239,19 +1239,19 @@ CVE-2000-0334 (The Allaire Spectra container editor preview tool does not proper CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows ...) TODO: check CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote ...) TODO: check CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence ...) TODO: check CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server ...) TODO: check CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which ...) @@ -1283,11 +1283,11 @@ CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote atta CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal ...) TODO: check CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify ...) TODO: check CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to ...) TODO: check CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall ...) @@ -1317,7 +1317,7 @@ CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via ... CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of ...) TODO: check CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ...) TODO: check CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of ...) @@ -1341,7 +1341,7 @@ CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary ...) TODO: check CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...) TODO: check CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...) @@ -1381,7 +1381,7 @@ CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP ...) TODO: check CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the ...) TODO: check CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges ...) @@ -1389,7 +1389,7 @@ CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privil CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which ...) TODO: check CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...) TODO: check CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...) @@ -1423,11 +1423,11 @@ CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers t CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and ...) TODO: check CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote ...) TODO: check CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...) @@ -1473,7 +1473,7 @@ CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote ...) TODO: check CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...) TODO: check CVE-2000-0165 (The Delegate application proxy has several buffer overflows which ...) @@ -1481,15 +1481,15 @@ CVE-2000-0165 (The Delegate application proxy has several buffer overflows which CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a ...) TODO: check CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a ...) TODO: check CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...) TODO: check CVE-2000-0156 (Internet Explorer 4.x and 5.x allow a remote web server to access ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...) TODO: check CVE-2000-0150 (Firewall-1 allows remote attackers to bypass port access restrictions ...) @@ -1539,9 +1539,9 @@ CVE-2000-0100 (The SMS Remote Control program is installed with insecure permiss CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...) TODO: check CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for ...) TODO: check CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by ...) @@ -1553,7 +1553,7 @@ CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package all CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a ...) TODO: check CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and ...) TODO: check CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...) @@ -1567,7 +1567,7 @@ CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...) TODO: check CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing ...) TODO: check CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 ...) @@ -1587,7 +1587,7 @@ CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the w CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause ...) TODO: check CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users ...) TODO: check CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ...) @@ -1791,23 +1791,23 @@ CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows r CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...) TODO: check CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...) TODO: check CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...) @@ -1921,7 +1921,7 @@ CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...) TODO: check CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...) TODO: check CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...) @@ -1965,7 +1965,7 @@ CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentD CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...) TODO: check CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0812 (The administration module in Sun Java web server allows remote ...) TODO: check CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...) @@ -2003,7 +2003,7 @@ CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...) TODO: check CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...) TODO: check CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...) @@ -2035,9 +2035,9 @@ CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-write CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...) TODO: check CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...) TODO: check CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...) @@ -2075,7 +2075,7 @@ CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows r CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...) TODO: check CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) TODO: check CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) @@ -2153,13 +2153,13 @@ CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...) TODO: check CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...) TODO: check CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...) TODO: check CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...) TODO: check CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...) @@ -2201,7 +2201,7 @@ CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly res CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) TODO: check CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...) TODO: check CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...) @@ -2229,7 +2229,7 @@ CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attack CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...) TODO: check CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...) TODO: check CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...) @@ -2265,7 +2265,7 @@ CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary fi CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...) TODO: check CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...) TODO: check CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...) @@ -2289,7 +2289,7 @@ CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in clear CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...) TODO: check CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...) TODO: check CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...) @@ -2323,7 +2323,7 @@ CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) TODO: check CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...) TODO: check CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...) @@ -2353,7 +2353,7 @@ CVE-2000-0134 (The Check It Out shopping cart application allows remote users to CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...) TODO: check CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) TODO: check CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) @@ -2383,7 +2383,7 @@ CVE-2000-0108 (The Intellivend shopping cart application allows remote users to CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...) TODO: check CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...) TODO: check CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...) @@ -2425,7 +2425,7 @@ CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to mod CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...) TODO: check CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...) TODO: check CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...) @@ -2445,7 +2445,7 @@ CVE-2000-0038 (glFtpD includes a default glftpd user account with a default pass CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...) TODO: check CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...) TODO: check CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...) diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 315ed18a85..f566037b1e 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -400,7 +400,7 @@ CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local ...) TODO: check CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied ...) TODO: check CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote ...) @@ -416,7 +416,7 @@ CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which co CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 ...) TODO: check CVE-2001-1302 (The change password option in the Windows Security interface for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions ...) TODO: check CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...) @@ -468,13 +468,13 @@ CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.1 CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users ...) TODO: check CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...) TODO: check CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...) TODO: check CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...) TODO: check CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...) @@ -542,7 +542,7 @@ CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, ...) TODO: check CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Norton CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...) TODO: check CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...) @@ -552,7 +552,7 @@ CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execu CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...) TODO: check CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...) TODO: check CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier ...) @@ -588,7 +588,7 @@ CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows ...) TODO: check CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary ...) TODO: check CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to ...) @@ -672,7 +672,7 @@ CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7 CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows ...) TODO: check CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create ...) TODO: check CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point ...) @@ -696,7 +696,7 @@ CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions al CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect ...) TODO: check CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows ...) TODO: check CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a ...) @@ -704,7 +704,7 @@ CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges v CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when ...) TODO: check CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a ...) TODO: check CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before ...) @@ -732,13 +732,13 @@ CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver befo CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server ...) TODO: check CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long ...) TODO: check CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly ...) @@ -760,7 +760,7 @@ CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does n CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...) TODO: check CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...) TODO: check CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...) @@ -870,21 +870,21 @@ CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwri CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in ...) TODO: check CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0717 (Format string vulnerability in ToolTalk database server ...) TODO: check CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...) @@ -922,29 +922,29 @@ CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f ...) TODO: check CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various ...) TODO: check CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 ...) TODO: check CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on ...) TODO: check CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...) TODO: check CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...) @@ -958,7 +958,7 @@ CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote att CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...) TODO: check CVE-2001-0643 (A type-check flaw in Internet Explorer 5.5 does not display the Class ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...) TODO: check CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created ...) @@ -972,7 +972,7 @@ CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allo CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network Node ...) TODO: check CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...) TODO: check CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ...) @@ -1040,21 +1040,21 @@ CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to ...) TODO: check CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...) TODO: check CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...) TODO: check CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...) TODO: check CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...) @@ -1088,13 +1088,13 @@ CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run .. CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...) TODO: check CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and ...) TODO: check CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 ...) @@ -1204,7 +1204,7 @@ CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to cre CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...) TODO: check CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...) TODO: check CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier ...) @@ -1220,27 +1220,27 @@ CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to . CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and ...) TODO: check CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in ...) TODO: check CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...) TODO: check CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...) @@ -1314,21 +1314,21 @@ CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote ...) TODO: check CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows ...) TODO: check CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of ...) @@ -1406,7 +1406,7 @@ CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwardin CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier ...) TODO: check CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual ...) TODO: check CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...) @@ -1414,13 +1414,13 @@ CVE-2001-0152 (The password protection option for the Compressed Folders feature CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...) TODO: check CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote ...) TODO: check CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ...) @@ -1436,7 +1436,7 @@ CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a . CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to ...) TODO: check CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a ...) TODO: check CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before ...) @@ -1492,17 +1492,17 @@ CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ... CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...) TODO: check CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ...) TODO: check CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...) TODO: check CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...) @@ -1570,15 +1570,15 @@ CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to exe CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...) TODO: check CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly ...) TODO: check CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 ...) TODO: check CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive ...) @@ -1594,15 +1594,15 @@ CVE-2001-0008 (Backdoor account in Interbase database server allows remote attac CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...) TODO: check CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...) TODO: check CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...) TODO: check CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass ...) TODO: check CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...) @@ -1616,7 +1616,7 @@ CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encr CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...) TODO: check CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...) TODO: check CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...) @@ -1728,7 +1728,7 @@ CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to ga CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...) TODO: check CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...) TODO: check CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...) @@ -1738,7 +1738,7 @@ CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...) TODO: check CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...) TODO: check CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...) @@ -1856,7 +1856,7 @@ CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP heade CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...) TODO: check CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...) TODO: check CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...) @@ -1890,9 +1890,9 @@ CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...) TODO: check CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...) TODO: check CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...) @@ -2173,7 +2173,7 @@ CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...) TODO: check CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...) TODO: check CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...) @@ -2262,7 +2262,7 @@ CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to . CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...) TODO: check CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...) TODO: check CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...) @@ -2276,7 +2276,7 @@ CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass acc CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...) TODO: check CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...) TODO: check CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...) @@ -2374,7 +2374,7 @@ CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) TODO: check CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0802 RESERVED CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) @@ -2473,11 +2473,11 @@ CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabl CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...) TODO: check CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...) TODO: check CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...) TODO: check CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...) @@ -2643,7 +2643,7 @@ CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivol CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...) TODO: check CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0539 RESERVED CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...) @@ -2669,9 +2669,9 @@ CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote .. CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...) TODO: check CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...) TODO: check CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...) @@ -2839,17 +2839,17 @@ CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...) TODO: check CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0343 RESERVED CVE-2001-0342 RESERVED CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...) TODO: check CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...) @@ -2861,7 +2861,7 @@ CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers t CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...) TODO: check CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...) TODO: check CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...) @@ -2931,7 +2931,7 @@ CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...) TODO: check CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...) TODO: check CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...) @@ -2955,9 +2955,9 @@ CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...) TODO: check CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...) TODO: check CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...) @@ -3047,7 +3047,7 @@ CVE-2001-0159 CVE-2001-0158 RESERVED CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...) TODO: check CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...) @@ -3123,7 +3123,7 @@ CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...) TODO: check CVE-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...) TODO: check CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index a523facbbe..5ca4dc8b5f 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3656,7 +3656,7 @@ CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers t CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...) TODO: check CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...) TODO: check CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...) @@ -3700,13 +3700,13 @@ CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local use CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...) TODO: check CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) TODO: check CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...) @@ -3762,7 +3762,7 @@ CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgro CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...) TODO: check CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...) TODO: check CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...) @@ -3776,7 +3776,7 @@ CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and AS CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...) TODO: check CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...) TODO: check CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...) @@ -3800,19 +3800,19 @@ CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...) TODO: check CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...) TODO: check CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...) @@ -3838,23 +3838,23 @@ CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers t CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...) TODO: check CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...) TODO: check CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...) TODO: check CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...) @@ -4134,7 +4134,7 @@ CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to b CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...) TODO: check CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...) TODO: check CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...) @@ -4206,7 +4206,7 @@ CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail be CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...) TODO: check CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...) TODO: check CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...) @@ -4233,7 +4233,7 @@ CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) TODO: check CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...) TODO: check CVE-2002-0365 @@ -4383,7 +4383,7 @@ CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p al CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) TODO: check CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) TODO: check CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...) @@ -4427,7 +4427,7 @@ CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0. CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...) TODO: check CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) TODO: check CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...) @@ -4451,13 +4451,13 @@ CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.71 CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...) TODO: check CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...) TODO: check CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) TODO: check CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...) TODO: check CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...) @@ -4509,7 +4509,7 @@ CVE-2002-0194 CVE-2002-0192 REJECTED CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0182 RESERVED CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...) @@ -4526,7 +4526,7 @@ CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code CVE-2002-0161 RESERVED CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) TODO: check CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...) @@ -4542,7 +4542,7 @@ CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) TODO: check CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...) TODO: check CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...) @@ -4596,7 +4596,7 @@ CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ... CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) TODO: check CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...) TODO: check CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) @@ -4618,7 +4618,7 @@ CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to caus CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...) TODO: check CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...) TODO: check CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) @@ -4636,7 +4636,7 @@ CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypa CVE-2002-0035 RESERVED CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) TODO: check CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 2c7de412b6..6206fea6d3 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -5832,9 +5832,9 @@ CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x befor {DSA-849-1} - shorewall 2.4.1-2 (bug #318946; medium) CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...) - TODO: check + NOT-FOR-US: dnrd CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...) - TODO: check + NOT-FOR-US: dnrd CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) NOT-FOR-US: PHPsFTPd CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) |