Today's Internet Threat Level: GREEN
Handler on Duty: Marcus Sachs
Handler on Duty: Marcus Sachs
| Submitted By | Date |
|---|---|
| Comment | |
| CVE # | Description |
|---|---|
| CVE-1999-3 | "Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd)." |
| CVE-1999-3 | "Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd)." |
| CVE-1999-15 | "Teardrop IP denial of service." |
| CVE-1999-16 | "Land IP denial of service." |
| CVE-1999-16 | "Land IP denial of service." |
| CVE-1999-265 | "ICMP redirect messages may crash or lock up a host." |
| CVE-1999-345 | "Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems." |
| CVE-1999-430 | "Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload." |
| CVE-1999-619 | "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities |
| CVE-1999-626 | "A version of rusers is running that exposes valid user information to any entity on the network." |
| CVE-1999-657 | "WinGate is being used." |
| CVE-1999-671 | "Buffer overflow in ToxSoft NextFTP client through CWD command." |
| CVE-1999-675 | "Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host." |
| CVE-1999-696 | "Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)." |
| CVE-1999-696 | "Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)." |
| CVE-1999-875 | "DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes." |
| CVE-1999-909 | "Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options |
| CVE-1999-918 | "Denial of service in various Windows systems via malformed |
| CVE-1999-974 | "Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service." |
| CVE-1999-974 | "Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service." |
| CVE-1999-977 | "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request." |
| CVE-1999-977 | "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request." |
| CVE-1999-1189 | "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service |
| CVE-1999-1228 | "Various modems that do not implement a guard time |
| CVE-2000-138 | "A system has a distributed denial of service (DDOS) attack master |
| CVE-2000-138 | "A system has a distributed denial of service (DDOS) attack master |
| CVE-2000-666 | "rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings |
| CVE-2000-666 | "rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings |
| CVE-2000-884 | "IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root |
| CVE-2000-1209 | "The ""sa"" account is installed with a default null password on (1) Microsoft SQL Server 2000 |
| CVE-2000-1209 | "The ""sa"" account is installed with a default null password on (1) Microsoft SQL Server 2000 |
| CVE-2001-214 | "Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte." |
| CVE-2001-236 | "Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long ""indication"" event." |
| CVE-2001-236 | "Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long ""indication"" event." |
| CVE-2001-554 | "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There) |
| CVE-2001-779 | "Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6 |
| CVE-2001-779 | "Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6 |
| CVE-2001-1305 | "ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq |
| CVE-2002-5 | "Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480 |
| CVE-2002-354 | "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client |
| CVE-2002-359 | "xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication |
| CVE-2002-359 | "xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication |
| CVE-2002-390 | "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized |
| CVE-2002-391 | "Integer overflow in xdr_array function in RPC servers for operating systems that use libc |
| CVE-2002-391 | "Integer overflow in xdr_array function in RPC servers for operating systems that use libc |
| CVE-2002-815 | "The Javascript ""Same Origin Policy"" (SOP) |
| CVE-2002-909 | "Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses |
| CVE-2002-1059 | "Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6 |
| CVE-2002-1226 | "Unknown vulnerabilities in Heimdal before 0.5 with unknown impact |
| CVE-2002-1226 | "Unknown vulnerabilities in Heimdal before 0.5 with unknown impact |
| CVE-2002-1232 | "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist." |
| CVE-2003-15 | "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request |
| CVE-2003-252 | "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines." |
| CVE-2003-252 | "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines." |
| CVE-2003-352 | "Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0 |
| CVE-2003-567 | "Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device |
| CVE-2003-726 | "RealOne player allows remote attackers to execute arbitrary script in the ""My Computer"" zone via a SMIL presentation with a URL that references a scripting protocol |
| CVE-2003-903 | "Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request." |
| CVE-2003-977 | "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests." |
| CVE-2004-120 | "The Microsoft Secure Sockets Layer (SSL) library |
| CVE-2004-120 | "The Microsoft Secure Sockets Layer (SSL) library |
| CVE-2004-120 | "The Microsoft Secure Sockets Layer (SSL) library |
| CVE-2004-120 | "The Microsoft Secure Sockets Layer (SSL) library |
| CVE-2004-120 | "The Microsoft Secure Sockets Layer (SSL) library |
| CVE-2004-176 | "Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow |
| CVE-2004-258 | "Multiple buffer overflows in RealOne Player |
| CVE-2004-363 | "Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004 |
| CVE-2004-420 | "The Windows Shell application in Windows 98 |
| CVE-2004-444 | "Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004 |
| CVE-2004-492 | "Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field |
| CVE-2004-549 | "The WebBrowser ActiveX control |
| CVE-2004-566 | "Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value." |
| CVE-2004-597 | "Multiple buffer overflows in libpng 1.2.5 and earlier |
| CVE-2004-636 | "Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5 |
| CVE-2004-957 | "Unknown vulnerability in MySQL 3.23.58 and earlier |
| CVE-2005-45 | "The Server Message Block (SMB) implementation for Windows NT 4.0 |
| CVE-2005-45 | "The Server Message Block (SMB) implementation for Windows NT 4.0 |
