From 6b57371d4b01374b4326232286887e67b0c9c43e Mon Sep 17 00:00:00 2001 From: Alec Berryman Date: Mon, 22 May 2006 20:47:05 +0000 Subject: NOT-FOR-US git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4049 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/1999.list | 128 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) (limited to 'data/CVE/1999.list') diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 1291738da9..3828c549e9 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -38,7 +38,7 @@ CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remot CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...) TODO: check CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...) TODO: check CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...) @@ -74,7 +74,7 @@ CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...) TODO: check CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...) TODO: check CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...) @@ -191,7 +191,7 @@ CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmb CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...) TODO: check CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...) TODO: check CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...) @@ -199,13 +199,13 @@ CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbi CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...) TODO: check CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...) TODO: check CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...) TODO: check CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...) TODO: check CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...) @@ -341,13 +341,13 @@ CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive informatio CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...) TODO: check CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...) TODO: check CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...) TODO: check CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number ("dotless IP address") in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...) TODO: check CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...) @@ -359,7 +359,7 @@ CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...) TODO: check CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...) TODO: check CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...) @@ -387,7 +387,7 @@ CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 instal CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...) TODO: check CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the "none" cipher, even if ...) TODO: check CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...) @@ -403,7 +403,7 @@ CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...) TODO: check CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...) TODO: check CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...) @@ -420,7 +420,7 @@ CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ... CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...) TODO: check CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...) TODO: check CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...) @@ -428,7 +428,7 @@ CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a de CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...) TODO: check CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...) TODO: check CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...) @@ -454,7 +454,7 @@ CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a d CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...) TODO: check CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...) TODO: check CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...) @@ -492,7 +492,7 @@ CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2 CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...) TODO: check CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...) TODO: check CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...) @@ -534,7 +534,7 @@ CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allo CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...) TODO: check CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...) TODO: check CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...) @@ -580,7 +580,7 @@ CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...) TODO: check CVE-1999-0891 (The "download behavior" in Internet Explorer 5 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...) TODO: check CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...) @@ -604,9 +604,9 @@ CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...) TODO: check CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...) TODO: check CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...) @@ -614,11 +614,11 @@ CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a den CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...) TODO: check CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...) TODO: check CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...) @@ -634,7 +634,7 @@ CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers m CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...) TODO: check CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...) TODO: check CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...) @@ -652,7 +652,7 @@ CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xbo CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...) TODO: check CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...) TODO: check CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...) @@ -704,7 +704,7 @@ CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packe CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...) TODO: check CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...) TODO: check CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...) @@ -716,9 +716,9 @@ CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...) TODO: check CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...) TODO: check CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...) @@ -764,7 +764,7 @@ CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...) TODO: check CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...) TODO: check CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...) @@ -794,7 +794,7 @@ CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer over CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...) TODO: check CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...) TODO: check CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...) @@ -846,7 +846,7 @@ CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows atta CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...) TODO: check CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...) TODO: check CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...) @@ -873,11 +873,11 @@ CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging faci CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...) TODO: check CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...) TODO: check CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...) TODO: check CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...) @@ -909,9 +909,9 @@ CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the .. CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...) TODO: check CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...) TODO: check CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...) @@ -959,7 +959,7 @@ CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the loc CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...) TODO: check CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...) TODO: check CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...) @@ -987,7 +987,7 @@ CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to . CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...) TODO: check CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...) TODO: check CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...) @@ -1089,7 +1089,7 @@ CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...) TODO: check CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...) TODO: check CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...) @@ -1101,7 +1101,7 @@ CVE-1999-0382 (The screen saver in Windows NT does not verify that its security CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...) TODO: check CVE-1999-0379 (Microsoft Taskpads feature allows remote web sites to execute commands ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...) TODO: check CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...) @@ -1249,7 +1249,7 @@ CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIO CVE-1999-0281 (Denial of service in IIS using long URLs. ...) TODO: check CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...) TODO: check CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...) @@ -1627,7 +1627,7 @@ CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x ...) CVE-1999-0032 (Buffer overflow in BSD-based lpr package allows local users to gain ...) TODO: check CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...) TODO: check CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...) @@ -1659,7 +1659,7 @@ CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgath CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...) TODO: check CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...) TODO: check CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...) @@ -1728,7 +1728,7 @@ CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio N CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...) TODO: check CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...) TODO: check CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...) @@ -1870,7 +1870,7 @@ CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remot CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...) TODO: check CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) TODO: check CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) @@ -1880,9 +1880,9 @@ CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a d CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...) TODO: check CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...) TODO: check CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...) @@ -2000,13 +2000,13 @@ CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...) TODO: check CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...) TODO: check CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...) TODO: check CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...) TODO: check CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...) @@ -2092,7 +2092,7 @@ CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...) TODO: check CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...) TODO: check CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...) @@ -2168,7 +2168,7 @@ CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitr CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...) TODO: check CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...) TODO: check CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...) @@ -2180,7 +2180,7 @@ CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication . CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...) TODO: check CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...) TODO: check CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...) @@ -2270,7 +2270,7 @@ CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, w CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...) TODO: check CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...) TODO: check CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...) @@ -2300,7 +2300,7 @@ CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...) TODO: check CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...) TODO: check CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...) @@ -2314,7 +2314,7 @@ CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and ea CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...) TODO: check CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1108 REJECTED CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...) @@ -2324,7 +2324,7 @@ CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root ac CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...) TODO: check CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...) TODO: check CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...) @@ -2394,7 +2394,7 @@ CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and pos CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...) TODO: check CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...) TODO: check CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...) @@ -2404,7 +2404,7 @@ CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...) TODO: check CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...) TODO: check CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...) @@ -2418,7 +2418,7 @@ CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...) TODO: check CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...) TODO: check CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...) @@ -2442,7 +2442,7 @@ CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...) TODO: check CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...) TODO: check CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...) @@ -2458,7 +2458,7 @@ CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...) TODO: check CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...) TODO: check CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...) @@ -2496,7 +2496,7 @@ CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execut CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...) TODO: check CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...) TODO: check CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...) @@ -2536,7 +2536,7 @@ CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...) CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...) TODO: check CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...) TODO: check CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...) @@ -2810,7 +2810,7 @@ CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...) CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...) TODO: check CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...) TODO: check CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...) @@ -2886,11 +2886,11 @@ CVE-1999-0495 (A remote attacker can gain access to a file system using .. (dot CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...) TODO: check CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...) TODO: check CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...) -- cgit v1.2.3