CVE No. |
Description |
SARA Test |
| CVE-1999-0002 |
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. |
rpc(mountd) check |
| CVE-1999-0003 |
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd) |
rpc(tooltalk) check |
| CVE-1999-0005 |
Arbitrary command execution via IMAP buffer overflow in authenticate command. |
imap version check |
| CVE-1999-0006 |
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. |
pop version check |
| CVE-1999-0008 |
Buffer overflow in NIS+, in Sun's rpc.nisd program |
rpc(nisd) check |
| CVE-1999-0009 |
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
dns version check |
| CVE-1999-0010 |
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
dns version check |
| CVE-1999-0011 |
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
dns version check |
| CVE-1999-0013 |
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. |
ssh version check |
| CVE-1999-0017 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
ftp bounce test |
| CVE-1999-0018 |
Buffer overflow in statd allows root privileges. |
rpc(statd) check |
| CVE-1999-0019 |
Delete or create a file via rpc.statd, due to invalid information. |
rpc(statd) check |
| CVE-1999-0021 |
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
cgi(Count.cgi) check |
| CVE-1999-0024 |
DNS cache poisoning via BIND, by predictable query IDs. |
dns version check |
| CVE-1999-0039 |
Arbitrary command execution using webdist CGI program in IRIX. |
cgi(webdist) check |
| CVE-1999-0042 |
Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
imap and pop3 version check |
| CVE-1999-0043 |
Command execution via shell metachars in INN daemon (innd) 1.5 using newgroup and rmgroup control messages, and others. |
inn version check |
| CVE-1999-0045 |
List of arbitrary files on Web host via nph-test-cgi script |
cgi(nph-test-cgi) check |
| CVE-1999-0046 |
Buffer overflow of rlogin program using TERM environmental variable. |
rlogin check |
| CVE-1999-0047 |
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
sendmail version check |
| CVE-1999-0058 |
Buffer overflow in PHP cgi program, php.cgi allows shell access. |
cgi(nph-test-cgi) test |
| CVE-1999-0059 |
IRIX fam service allows an attacker to obtain a list of all files on the server. |
rpc(sgi_fam) check |
| CVE-1999-0067 |
CGI phf program allows remote command execution through shell metacharacters. |
cgi(phf) test |
| CVE-1999-0068 |
CGI PHP mylog script allows an attacker to read any file on the target server. |
cgi(php) test |
| CVE-1999-0070 |
test-cgi program allows an attacker to list files on the server |
cgi(test-cgi) check |
| CVE-1999-0071 |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |
Apache version check |
| CVE-1999-0080 |
wu-ftp FTP server allows root access via site exec command. |
wu-ftp version check |
| CVE-1999-0081 |
wu-ftp allows files to be overwritten via the rnfr command. |
wu-ftp version check |
| CVE-1999-0082 |
CWD ~root command in ftpd allows root access. |
ftp version check |
| CVE-1999-0083 |
getcwd() file descriptor leak in FTP |
ftp version check |
| CVE-1999-0099 |
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
syslog check |
| CVE-1999-0100 |
Remote access in AIX innd 1.5.1, using control messages. |
inn version check |
| CVE-1999-0103 |
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. |
chargen check |
| CVE-1999-0131 |
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
sendmail version check |
| CVE-1999-0142 |
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. |
kerberos check |
| CVE-1999-0146 |
The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. |
cgi(campas) check |
| CVE-1999-0147 |
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands |
cgi(aglimpse) check |
| CVE-1999-0148 |
The handler CGI program in IRIX allows arbitrary command execution. |
cgi(handler) test |
| CVE-1999-0149 |
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
cgi(wrap) test |
| CVE-1999-0150 |
The Perl fingerd program allows arbitrary command execution from remote users. |
finger check |
| CVE-1999-0152 |
The DG/UX finger daemon allows remote command execution through shell metacharacters. |
finger check |
| CVE-1999-0161 |
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. |
tacacs check |
| CVE-1999-0168 |
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
portmapper test |
| CVE-1999-0170 |
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |
portmapper test |
| CVE-1999-0174 |
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
cgi(view-source) test |
| CVE-1999-0176 |
The Webgais program allows a remote user to execute arbitrary commands. |
cgi(webgais) check |
| CVE-1999-0177 |
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
cgi(uploader) check |
| CVE-1999-0178 |
The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. |
cgi(win-c) check |
| CVE-1999-0180 |
in.rshd allows users to login with a NULL username and execute commands. |
rsh check |
| CVE-1999-0183 |
Linux implementations of TFTP would allow access to files outside the restricted directory. |
tftp check |
| CVE-1999-0185 |
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
ftp bounce test |
| CVE-1999-0196 |
The websendmail program in the Webgais program allows a remote user to access arbitrary files. |
cgi(webgais) check |
| CVE-1999-0204 |
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
sendmail version check |
| CVE-1999-0206 |
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
sendmail version check |
| CVE-1999-0211 |
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
nfs check |
| CVE-1999-0233 |
IIS allows users to execute arbitrary commands using .bat or .cmd files. |
cgi(args) check |
| CVE-1999-0236 |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. |
cgi(ScriptAlias) test |
| CVE-1999-0239 |
Netscape FastTrack Web server lists files when a lowercase get command is used instead of an uppercase GET. |
FastTrack server test |
| CVE-1999-0247 |
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. |
inn version check |
| CVE-1999-0248 |
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |
ssh version check |
| CVE-1999-0260 |
The jj CGI program allows command execution via shell metacharacters. |
cgi(jj) check |
| CVE-1999-0262 |
faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. |
cgi(faxsurvey) test |
| CVE-1999-0264 |
htmlscript CGI program allows remote read access to files. |
cgi(htmlscript) test |
| CVE-1999-0266 |
The info2www CGI script allows remote file access or remote command execution. |
cgi(info2www) check |
| CVE-1999-0270 |
pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. |
cgi(pfdispaly) test |
| CVE-1999-0289 |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
Apache version test |
| CVE-1999-0304 |
mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
_no_check.html |
| CVE-1999-0310 |
SSH 1.2.25 on HP-UX allows access to new user accounts. |
ssh version check |
| CVE-1999-0320 |
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
rpc(cmsd) check |
| CVE-1999-0365 |
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. |
sendmail version check |
| CVE-1999-0366 |
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. |
open SMB shares |
| CVE-1999-0368 |
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
wu-ftp version check |
| CVE-1999-0439 |
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. |
sendmail version check |
| CVE-1999-0472 |
The SNMP default community name public is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. |
snmp test |
| CVE-1999-0493 |
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
rpc(statd) check |
| CVE-1999-0514 |
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
chargen check |
| CVE-1999-0526 |
An X server's access control is disabled (e.g. through an xhost + command) and allows anyone to connect to the server. |
X-server test |
| CVE-1999-0566 |
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
syslog check |
| CVE-1999-0612 |
A version of finger is running that exposes valid user information to any entity on the network. |
finger test |
| CVE-1999-0626 |
A version of rusers is running that exposes valid user information to any entity on the network. |
rusers check |
| CVE-1999-0627 |
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
rex check |
| CVE-1999-0685 |
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. |
Netscape version check |
| CVE-1999-0695 |
The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0696 |
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) |
rpc(cmsd) test |
| CVE-1999-0704 |
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
amd check |
| CVE-1999-0705 |
Buffer overflow in INN inews program. |
inn version check |
| CVE-1999-0722 |
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. |
Cobalt server test |
| CVE-1999-0744 |
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
Netscape version check |
| CVE-1999-0751 |
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
Netscape version check |
| CVE-1999-0752 |
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
Netscape version check |
| CVE-1999-0771 |
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
CIM version check |
| CVE-1999-0772 |
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
CIM version check |
| CVE-1999-0833 |
Buffer overflow in BIND 8.2 via NXT records. |
dns version check |
| CVE-1999-0834 |
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. |
ssh version check |
| CVE-1999-0835 |
Denial of service in BIND named via malformed SIG records. |
dns version check |
| CVE-1999-0837 |
Denial of service in BIND by improperly closing TCP sessions via so_linger. |
dns version check |
| CVE-1999-0842 |
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0848 |
Denial of service in BIND named via consuming more than fdmax file descriptors. |
dns version check |
| CVE-1999-0849 |
Denial of service in BIND named via maxdname. |
dns version check |
| CVE-1999-0853 |
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. |
Netscape version check |
| CVE-1999-0868 |
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
inn version check |
| CVE-1999-0878 |
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. |
wu-ftp version check |
| CVE-1999-0879 |
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. |
wu-ftp version check |
| CVE-1999-0880 |
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
wu-ftp version check |
| CVE-1999-0881 |
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0887 |
FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0897 |
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0915 |
URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0927 |
NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0933 |
TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-1999-0950 |
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
wu-ftp version check |
| CVE-1999-0955 |
Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. |
wu-ftp version check |
| CVE-1999-0976 |
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. |
_no_check.html |
| CVE-1999-0977 |
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. |
rpc(sadmind) checks |
| CVE-1999-0978 |
htdig allows remote attackers to execute commands via filenames with shell metacharacters. |
cgi(htdig) test |
| CVE-1999-1005 |
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. |
dot..dot server attack |
| CVE-1999-1010 |
An SSH 1.2.27 server allows a client to use the none cipher, even if it is not allowed by the server policy. |
ssh version check |
| CVE-1999-1011 |
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. |
IIS RDS Check |
| CVE-2000-0039 |
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
dot..dot server attack |
| CVE-2000-0144 |
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0159 |
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. |
password check |
| CVE-2000-0189 |
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. |
cgi(coldfusion) check |
| CVE-2000-0191 |
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0207 |
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
cgi(infosrch) check |
| CVE-2000-0208 |
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
cgi(htsearch) check |
| CVE-2000-0222 |
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. |
Account with no password |
| CVE-2000-0233 |
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. |
IMAP version check |
| CVE-2000-0234 |
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. |
cgi(cobalt raq) test |
| CVE-2000-0245 |
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. |
Objectserver check |
| CVE-2000-0260 |
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the Link View Server-Side Component vulnerability. |
cgi(interdev) test |
| CVE-2000-0261 |
The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0267 |
Cisco Catalyst 5.4.x allows a user to gain access to the enable mode without a password. |
Cisco_catalyst_check |
| CVE-2000-0282 |
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
webplus dot..dot server attack |
| CVE-2000-0303 |
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. |
dot..dot server attack |
| CVE-2000-0389 |
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
kerberos check |
| CVE-2000-0390 |
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. |
kerberos check |
| CVE-2000-0431 |
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. |
Cobalt server test |
| CVE-2000-0436 |
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0443 |
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0472 |
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. |
inn version check |
| CVE-2000-0505 |
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. |
Apache version check |
| CVE-2000-0638 |
Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0660 |
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0666 |
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. |
rpc(statd) check |
| CVE-2000-0705 |
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
| CVE-2000-0733 |
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. |
IRIX telnetd version |
| CVE-2000-0782 |
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
netauth directory traversal |
CVE No. |
References |
| CVE-1999-0002 | SGI:19981006-01-I
CERT:CA-98.12.mountd
CIAC:J-006
BID:121
XF:linux-mountd-bo |
| CVE-1999-0003 | NAI:NAI-29
CERT:CA-98.11.tooltalk
SGI:19981101-01-A
SGI:19981101-01-PX
XF:aix-ttdbserver
XF:tooltalk
BID:122 |
| CVE-1999-0005 | CERT:CA-98.09.imapd
SUN:00177
BID:130
XF:imap-authenticate-bo |
| CVE-1999-0006 | CERT:CA-98.08.qpopper_vul
SGI:19980801-01-I
AUSCERT:AA-98.01
XF:qpopper-pass-overflow
BID:133 |
| CVE-1999-0008 | CERT:CA-98.06.nisd
SUN:00170
ISS:June10
1998
XF:nisd-bo-check |
| CVE-1999-0009 | SGI:19980603-01-PX
HP:HPSBUX9808-083
SUN:00180
CERT:CA-98.05.bind_problems
XF:bind-bo
BID:134 |
| CVE-1999-0010 | CERT:CA-98.05.bind_problems
SGI:19980603-01-PX
HP:HPSBUX9808-083
XF:bind-dos |
| CVE-1999-0011 | CERT:CA-98.05.bind_problems
SGI:19980603-01-PX
HP:HPSBUX9808-083
SUN:00180
XF:bind-axfr-dos |
| CVE-1999-0013 | CERT:CA-98.03.ssh-agent
NAI:NAI-24
XF:ssh-agent |
| CVE-1999-0017 | CERT:CA-97.27.FTP_bounce
XF:ftp-bounce
XF:ftp-privileged-port |
| CVE-1999-0018 | CERT:CA-97.26.statd
AUSCERT:AA-97.29
XF:statd
BID:127 |
| CVE-1999-0019 | CERT:CA-96.09.rpc.statd
XF:rpc-stat
SUN:00135 |
| CVE-1999-0021 | BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
CERT:CA-97.24.Count_cgi
XF:http-cgi-count
BID:128 |
| CVE-1999-0024 | CERT:CA-97.22.bind
XF:bind
NAI:NAI-11 |
| CVE-1999-0039 | CERT:CA-97.12.webdist
AUSCERT:AA-97.14
SGI:19970501-02-PX
BID:374
XF:http-sgi-webdist |
| CVE-1999-0042 | NAI:NAI-21
CERT:CA-97.09.imap_pop
XF:popimap-bo |
| CVE-1999-0043 | CERT:CA-97.08.innd
XF:inn-controlmsg |
| CVE-1999-0045 | CERT:CA-97.07.nph-test-cgi_script
XF:http-cgi-nph |
| CVE-1999-0046 | CERT:CA-97.06.rlogin-term
XF:rlogin-termbo |
| CVE-1999-0047 | CERT:CA-97.05.sendmail
BID:685
XF:sendmail-mime-bo2 |
| CVE-1999-0058 | NAI:NAI-12
BID:712
XF:http-cgi-phpbo |
| CVE-1999-0059 | NAI:NAI-16
XF:irix-fam |
| CVE-1999-0067 | CERT:CA-96.06.cgi_example_code
XF:http-cgi-phf
BID:629 |
| CVE-1999-0068 | BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
XF:http-cgi-php-mylog
BID:713 |
| CVE-1999-0070 | XF:http-cgi-test |
| CVE-1999-0071 | XF:http-apache-cookie
NAI:NAI-2 |
| CVE-1999-0080 | CERT:CA-95:16.wu-ftpd.vul
XF:ftp-execdotdot |
| CVE-1999-0081 | XF:ftp-rnfr |
| CVE-1999-0082 | XF:ftp-cwd
FarmerVenema:Improving the Security of Your Site by Breaking Into it |
| CVE-1999-0083 | XF:cwdleak |
| CVE-1999-0099 | CERT:CA-95.13.syslog.vul
XF:smtp-syslog |
| CVE-1999-0100 | ERS:ERS-SVA-E01-1997:002.1
XF:inn-controlmsg |
| CVE-1999-0103 | CERT:CA-96.01.UDP_service_denial
XF:echo
XF:chargen
XF:chargen-patch |
| CVE-1999-0131 | CERT:CA-96.20.sendmail_vul
XF:smtp-875bo
BID:717 |
| CVE-1999-0142 | CERT:CA-96.05.java_applet_security_mgr
XF:http-java-appletsecmgr |
| CVE-1999-0146 | BUGTRAQ:Jul15
1997
XF:http-cgi-campas |
| CVE-1999-0147 | XF:http-cgi-glimpse
AUSCERT:AA-97.28 |
| CVE-1999-0148 | SGI:19970501-02-PX
BID:380
XF:http-sgi-handler |
| CVE-1999-0149 | BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
SGI:19970501-02-PX
XF:http-sgi-wrap
BID:373 |
| CVE-1999-0150 | XF:perl-fingerd |
| CVE-1999-0152 | BUGTRAQ:19970811 dgux in.fingerd vulnerability
XF:dgux-fingerd |
| CVE-1999-0161 | CISCO:http://www.cisco.com/warp/public/707/1.html
XF:cisco-acl-tacacs |
| CVE-1999-0168 | XF:nfs-portmap |
| CVE-1999-0170 | XF:nfs-ultrix |
| CVE-1999-0174 | BUGTRAQ:19970208 view-source
XF:http-cgi-viewsrc |
| CVE-1999-0176 | BUGTRAQ:Jul10
1997
XF:http-webgais-query |
| CVE-1999-0177 | XF:http-website-uploader |
| CVE-1999-0178 | XF:http-website-winsample |
| CVE-1999-0180 | XF:rsh-null |
| CVE-1999-0183 | XF:linux-tftp |
| CVE-1999-0185 | SUN:00156
XF:sun-ftpd/logind |
| CVE-1999-0196 | XF:http-webgais-smail
BUGTRAQ:Jul08
1997 |
| CVE-1999-0204 | XF:ident-bo
CIAC:F-13 |
| CVE-1999-0206 | XF:sendmail-mime-bo
AUSCERT:AA-96.06a |
| CVE-1999-0211 | CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability |
| CVE-1999-0233 | MSKB:Q148188
MSKB:Q155056
XF:http-iis-cmd |
| CVE-1999-0236 | XF:http-scriptalias |
| CVE-1999-0239 | XF:fastrack-get-directory-list |
| CVE-1999-0247 | NAI:19970721 INN news server vulnerabilities
BID:1443
XF:inn-bo |
| CVE-1999-0248 | MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 |
| CVE-1999-0260 | BUGTRAQ:19961224 jj cgi
XF:http-cgi-jj |
| CVE-1999-0262 | XF:http-cgi-faxsurvey
BUGTRAQ:Aug04
1998 |
| CVE-1999-0264 | XF:http-htmlscript-file-access
BUGTRAQ:Jan27
1998 |
| CVE-1999-0266 | XF:http-cgi-info2www |
| CVE-1999-0270 | SGI:19980401-01-P
CIAC:I-041
XF:sgi-pfdispaly |
| CVE-1999-0289 | |
| CVE-1999-0304 | XF:bsd-mmap
FreeBSD:FreeBSD-SA-98:02 |
| CVE-1999-0310 | XF:ssh-1225 |
| CVE-1999-0320 | SUN:00166
XF:sun-rpc.cmsd |
| CVE-1999-0365 | BUGTRAQ:Feb04
1999
XF:metamail-header-commands |
| CVE-1999-0366 | MS:MS99-004
MSKB:Q214840
XF:nt-sp4-auth-error |
| CVE-1999-0368 | NETECT:palmetto.ftpd
CERT:CA-99.03
XF:palmetto-ftpd-bo |
| CVE-1999-0439 | BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes
DEBIAN:19990422
CALDERA:CSSA-1999:007
XF:procmail-overflow |
| CVE-1999-0472 | XF:netcache-snmp
BUGTRAQ:Apr7
1999 |
| CVE-1999-0493 | CERT:CA-99-05
SUN:00186
CIAC:J-045
BUGTRAQ:19990103 SUN almost has a clue! (automountd)
BID:450 |
| CVE-1999-0514 | XF:fraggle |
| CVE-1999-0526 | XF:xcheck-keystroke |
| CVE-1999-0566 | XF:ibm-syslogd
XF:syslog-flood |
| CVE-1999-0612 | XF:finger-out
XF:finger-running |
| CVE-1999-0626 | XF:rusersd
XF:ruser |
| CVE-1999-0627 | XF:rexd |
| CVE-1999-0685 | BUGTRAQ:19991209 Netscape communicator 4.06J
4.5J-4.6J
4.61e Buffer Overflow
BID:618 |
| CVE-1999-0695 | BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
XF:http-powerdynamo-dotdotslash
BID:620 |
| CVE-1999-0696 | BUGTRAQ:19990709 Exploit of rpc.cmsd
SCO:SB-99.12
SUN:00188
SUNBUG:4230754
HP:HPSBUX9908-102
COMPAQ:SSRT0614U_RPC_CMSD
CERT:CA-99-08
CIAC:J-051
XF:sun-cmsd-bo |
| CVE-1999-0704 | REDHAT:RHSA-1999:032-01
CALDERA:CSSA-1999:024.0
FREEBSD:SA-99:06
DEBIAN:19991018
BID:614
CERT:CA-99-12
XF:amd-bo |
| CVE-1999-0705 | XF:inn-inews-bo
REDHAT:RHSA1999033_01
CALDERA:CSSA-1999-026
SUSE:19990831 Security hole in INN
DEBIAN:19990907
BID:616 |
| CVE-1999-0722 | XF:cobalt-raq2-default-config
CERT:CA-99-10 |
| CVE-1999-0744 | ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers
BID:603 |
| CVE-1999-0751 | BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
BID:631 |
| CVE-1999-0752 | BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug |
| CVE-1999-0771 | BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
COMPAQ:SSRT0612U
XF:management-agent-file-read |
| CVE-1999-0772 | BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
COMPAQ:SSRT0612U
XF:management-agent-dos |
| CVE-1999-0833 | SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
DEBIAN:19991116 Denial of service vulnerabilities in bind
CALDERA:CSSA-1999-034.1
REDHAT:RHSA-1999:054-01
CERT:CA-99-14
BID:788
XF:bind-nxt-bo |
| CVE-1999-0834 | BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
CERT:CA-99-15
BID:843
XF:rsaref-bo |
| CVE-1999-0835 | SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
DEBIAN:19991116 Denial of service vulnerabilities in bind
CALDERA:CSSA-1999-034.1
REDHAT:RHSA-1999:054-01
CERT:CA-99-14
XF:bind-sigrecord-dos
BID:788 |
| CVE-1999-0837 | SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
DEBIAN:19991116 Denial of service vulnerabilities in bind
CALDERA:CSSA-1999-034.1
REDHAT:RHSA-1999:054-01
SUN:00194
CERT:CA-99-14
XF:bind-solinger-dos
BID:788 |
| CVE-1999-0842 | NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
BID:827
XF:symantec-mail-dir-traversal |
| CVE-1999-0848 | SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
DEBIAN:19991116 Denial of service vulnerabilities in bind
CALDERA:CSSA-1999-034.1
REDHAT:RHSA-1999:054-01
SUN:00194
CERT:CA-99-14
BID:788
XF:bind-fdmax-dos |
| CVE-1999-0849 | SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
DEBIAN:19991116 Denial of service vulnerabilities in bind
CALDERA:CSSA-1999-034.1
REDHAT:RHSA-1999:054-01
SUN:00194
CERT:CA-99-14
BID:788
XF:bind-maxdname-bo |
| CVE-1999-0853 | BID:847
ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
XF:netscape-fasttrack-auth-bo |
| CVE-1999-0868 | CERT:CA-97.08
XF:inn-ucbmail-shell-meta |
| CVE-1999-0878 | AUSCERT:AA-1999.01
CERT:CA-99-13
REDHAT:RHSA1999031_01
XF:wu-ftpd-dir-name
BID:599 |
| CVE-1999-0879 | CERT:CA-99-13
XF:wuftp-message-file-root |
| CVE-1999-0880 | CERT:CA-99-13
XF:wuftp-site-newer-dos |
| CVE-1999-0881 | BUGTRAQ:19991025 Falcon Web Server
BINDVIEW:Falcon Web Server
BID:743
XF:falcon-path-parsing |
| CVE-1999-0887 | BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
EEYE:AD05261999 |
| CVE-1999-0897 | BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
XF:ichat-file-read-vuln |
| CVE-1999-0915 | BUGTRAQ:19991028 URL Live! 1.0 WebServer
BID:746 |
| CVE-1999-0927 | EEYE:AD05261999
BID:279
XF:ntmail-fileread |
| CVE-1999-0933 | BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
BID:689 |
| CVE-1999-0950 | BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
BID:747
XF:wftpd-mkd-bo |
| CVE-1999-0955 | CERT:CA-94.08
CIAC:E-17
XF:ftp-exec |
| CVE-1999-0976 | OPENBSD:19991204
BUGTRAQ:19991207 [Debian] New version of sendmail released
XF:sendmail-bi-alias
BID:857 |
| CVE-1999-0977 | SF-INCIDENTS:19991209 sadmind
BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
CERT:CA-99-16
SUN:00191
BID:866
XF:sol-sadmind-amslverify-bo |
| CVE-1999-0978 | DEBIAN:19991209
BID:867 |
| CVE-1999-1005 | BUGTRAQ:19991219 Groupewise Web Interface
XF:groupwise-web-read-files
BID:879 |
| CVE-1999-1010 | BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
XF:ssh-policy-bypass |
| CVE-1999-1011 | MS:MS98-004
MS:MS99-025
CIAC:J-054
ISS:19990809 Vulnerabilities in Microsoft Remote Data Service
BID:529
XF:nt-iis-rds |
| CVE-2000-0039 | BUGTRAQ:19991229 AltaVista
BUGTRAQ:19991230 Follow UP AltaVista
BUGTRAQ:19991229 AltaVista followup and monitor script
BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
BUGTRAQ:20000109 Altavista followup
BID:896 |
| CVE-2000-0144 | http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
BUGTRAQ:20000207 Infosec.20000207.axis700.a
BID:971 |
| CVE-2000-0159 | HP:HPSBUX0002-111 |
| CVE-2000-0189 | NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path
BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
BID:1021 |
| CVE-2000-0191 | BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
XF:axis-storpoint-auth
BID:1025 |
| CVE-2000-0207 | BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
SGI:20000501-01-P
XF:irix-infosrch-fname
BID:1031 |
| CVE-2000-0208 | BUGTRAQ:20000228 ht://Dig remote information exposure
FREEBSD:FreeBSD-SA-00:06
DEBIAN:20000226 remote users can read files with webserver uid
TURBO:TLSA200005-1
BID:1026 |
| CVE-2000-0222 | BUGTRAQ:20000215 Windows 2000 installation process weakness
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr
BID:990 |
| CVE-2000-0233 | SUSE:20000327 Security hole in SuSE Linux IMAP Server
XF:linux-imap-remote-unauthorized-access |
| CVE-2000-0234 | BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
BID:1083
XF:cobalt-raq-remote-access |
| CVE-2000-0245 | BUGTRAQ:20000328 Objectserver vulnerability
SGI:20000303-01-PX
XF:irix-objectserver-create-accounts
BID:1079 |
| CVE-2000-0260 | MS:MS00-025
BID:1109 |
| CVE-2000-0261 | BUGTRAQ:20000415 (no subject)
BUGTRAQ:20000418 AVM's Statement
XF:ken-download-files
BID:1103 |
| CVE-2000-0267 | CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
XF:cisco-catalyst-password-bypass
BID:1122 |
| CVE-2000-0282 | BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
BID:1102
XF:talentsoft-web-input |
| CVE-2000-0303 | ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
CONFIRM:http://www.quake3arena.com/news/index.html
BID:1169
XF:quake3-auto-download |
| CVE-2000-0389 | BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
CERT:CA-2000-06
FREEBSD:FreeBSD-SA-00:20
REDHAT:RHSA-2000-025
XF:kerberos-krb-rd-req-bo
BID:1220 |
| CVE-2000-0390 | BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
CERT:CA-2000-06
FREEBSD:FreeBSD-SA-00:20
REDHAT:RHSA-2000-025
BID:1220
XF:kerberos-krb425-conv-principal-bo |
| CVE-2000-0431 | BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
BID:1238
XF:cobalt-cgiwrap-bypass |
| CVE-2000-0436 | BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
CONFIRM:http://www.metaproducts.com/mpOE-HY.html
BID:1231
XF:offline-explorer-directory-traversal |
| CVE-2000-0443 | BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
XF:hp-jetadmin-directory-traversal
BID:1243 |
| CVE-2000-0472 | BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
CALDERA:CSSA-2000-016.0
BUGTRAQ:20000707 inn update
BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
BUGTRAQ:20000722 MDKSA-2000:023 inn update
BID:1316
XF:innd-cancel-overflow |
| CVE-2000-0505 | BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
BID:1284
XF:ibm-http-file-retrieve |
| CVE-2000-0638 | BUGTRAQ:20000711 BIG BROTHER EXPLOIT
BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
CONFIRM:http://bb4.com/README.CHANGES
BID:1455
XF:http-cgi-bigbrother-bbhostsvc |
| CVE-2000-0660 | BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
BID:1462
XF:worldclient-dir-traverse |
| CVE-2000-0666 | BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
DEBIAN:20000715 rpc.statd: remote root exploit
REDHAT:RHSA-2000:043-03
BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
CALDERA:CSSA-2000-025.0
CERT:CA-2000-17
BID:1480
XF:linux-rpcstatd-format-overwrite |
| CVE-2000-0705 | BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
REDHAT:RHSA-2000:049-02
BID:1550
XF:ntop-remote-file-access |
| CVE-2000-0733 | BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
SGI:20000801-02-P
BID:1572 |
| CVE-2000-0782 | BUGTRAQ:20000817 Netauth: Web Based Email Management System
CONFIRM:http://netwinsite.com/netauth/updates.htm
BID:1587 |