ID: CVE-2001-0074 |
Title: All Servers: Talkback vulnerability |
Type: Web |
Bulletins:
CVE-2001-0074 SFBID2155 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2000-12-23 |
Updated: 2010-08-21 |
ID: CVE-2001-0099 |
Title: All Servers: Brian Stanback bsguest.cgi |
Type: Web |
Bulletins:
CVE-2001-0099 SFBID2159 |
Severity: High |
Description: Possible to run arbitrary commands (web server level privileges). | ||||
Applies to: |
Created: 2000-12-20 |
Updated: 2010-08-21 |
ID: CVE-2001-0100 |
Title: All Servers: Brian Stanback bslist.cgi |
Type: Web |
Bulletins:
CVE-2001-0100 SFBID2160 |
Severity: High |
Description: Possible to run arbitrary commands (web server level privileges). | ||||
Applies to: |
Created: 2000-12-20 |
Updated: 2010-08-21 |
ID: CVE-2000-0945 |
Title: The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. |
Type: Hardware |
Bulletins:
CVE-2000-0945 SFBID1846 |
Severity: High |
Description: The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | ||||
Applies to: Cisco Catalyst 3500 XL Series |
Created: 2000-12-19 |
Updated: 2020-08-14 |
ID: CVE-2000-0984 |
Title: The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. |
Type: Hardware |
Bulletins:
CVE-2000-0984 SFBID1838 |
Severity: Medium |
Description: The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. | ||||
Applies to: |
Created: 2000-12-19 |
Updated: 2020-08-14 |
ID: CVE-2000-1092 |
Title: All Servers: Alex Heiphetz Group EZShopper Directory Disclosure |
Type: Web |
Bulletins:
CVE-2000-1092 SFBID2109 |
Severity: Medium |
Description: Possible directory listing, probably view arbitrary files. | ||||
Applies to: EZShopper |
Created: 2000-12-13 |
Updated: 2010-08-21 |
ID: CVE-2001-0065 |
Title: bftpd 1.0.13 |
Type: FTP |
Bulletins:
CVE-2001-0065 |
Severity: High |
Description: BFTPD version 1.0.13 is prone to a vulnerability, where if a very long string of characters follows the SITE CHOWN command, a buffer overflow will emerge. An attacker can take advantage of this exploit by executing his/her commands to gain root privileges on the system. There is no solution currently available, but as a workaround one could configure the /etc/bftpd.conf file and replace ENABLE_SITE=yes with ENABLE_SITE=no. | ||||
Applies to: bftpd |
Created: 2000-12-13 |
Updated: 2010-08-21 |
ID: CVE-2001-0025 |
Title: Leif M. Wright ad.cgi |
Type: Web |
Bulletins:
CVE-2001-0025 SFBID2103 |
Severity: High |
Description: Possible to run arbitrary commands (web server level privileges). | ||||
Applies to: |
Created: 2000-12-11 |
Updated: 2010-08-21 |
ID: CVE-2001-0045 |
Title: Windows 2000 SNMP parameters |
Type: Registry |
Bulletins:
CVE-2001-0045 MS00-095 SFBID2064 SFBID2066 |
Severity: Medium |
Description: Access/modify sensitive information (on network devices). | ||||
Applies to: Windows 2000 |
Created: 2000-12-06 |
Updated: 2010-08-21 |
ID: CVE-2001-0054 |
Title: Serv-U FTP-Server v2.2 to 2.5 |
Type: FTP |
Bulletins:
CVE-2001-0054 SFBID2052 |
Severity: High |
Description: Serv-U FTP server is prone to a vulnerability where authenticated users can gain access to the ftproot of the driver where the FTP server is installed. If the users have read, write, execute and list access in the home directory, they will have the same persmissions to every file residing on the same partition as ftproot. The user will be able to transfer any files using the GET command. All hidden files will also be shown. This was the attacker will be able to access systems files, password files. etc. An upgrade to version 2.5i is available at:http://ftpserv-u.deerfield.com/download/getftpservu.cfm | ||||
Applies to: Serv-U FTP-Server |
Created: 2000-12-05 |
Updated: 2010-08-21 |
ID: CVE-2000-1161 |
Title: All Servers: Adcycle - build.cgi |
Type: Web |
Bulletins:
CVE-2000-1161 SFBID1969 |
Severity: High |
Description: Build.cgi if it has execute permission and is in the cgi directory, passwords can be compromised and remote users can delete your data. | ||||
Applies to: Adcycle |
Created: 2000-11-20 |
Updated: 2010-08-21 |
ID: SFBID1872 |
Title: SWAT - Samba Web Administration Tool enabled |
Type: Services |
Bulletins:
SFBID1872 |
Severity: High |
Description: The SWAT service is listening on port 901. It is not recommended to allow access from outside to this service as remote intruders may get some account passwords. Also the traffic is not encrypted. | ||||
Applies to: SWAT |
Created: 2000-11-01 |
Updated: 2010-08-21 |
ID: CVE-2000-0700 |
Title: Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or... |
Type: Hardware |
Bulletins:
CVE-2000-0700 SFBID1541 |
Severity: Medium |
Description: Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. | ||||
Applies to: Cisco 12008 Router Cisco 12012 Router Cisco 12016 Router |
Created: 2000-10-20 |
Updated: 2020-08-14 |
ID: CVE-2000-1016 |
Title: Apache: Apache doc directory |
Type: Web |
Bulletins:
CVE-2000-1016 SFBID1707 |
Severity: Low |
Description: An attacker can read the contents of /usr/doc directory. | ||||
Applies to: Apache |
Created: 2000-09-21 |
Updated: 2010-08-21 |
ID: CVE-2000-1016 |
Title: Apache: Apache doc packages directory |
Type: Web |
Bulletins:
CVE-2000-1016 SFBID1707 |
Severity: Low |
Description: An attacker can read the contents of /doc/packages directory. | ||||
Applies to: Apache |
Created: 2000-09-21 |
Updated: 2010-08-21 |
ID: CVE-1999-0511 |
Title: IP forwarding enabled |
Type: Registry |
Bulletins:
CVE-1999-0511 SFBID1620 |
Severity: Low |
Description: If not used should be disabled. | ||||
Applies to: |
Created: 2000-08-29 |
Updated: 2010-08-21 |
ID: CVE-2000-0709 |
Title: IIS: Frontpage check |
Type: Web |
Bulletins:
CVE-2000-0709 SFBID1608 |
Severity: Low |
Description: Frontpage extensions are installed on this computer. | ||||
Applies to: IIS |
Created: 2000-08-23 |
Updated: 2010-08-21 |
ID: CVE-2000-0663 |
Title: Windows 2000 Relative Shell Path |
Type: Registry |
Bulletins:
CVE-2000-0663 MS00-052 |
Severity: Medium |
Description: A malicious user can elevate his privileges. | ||||
Applies to: Windows 2000 |
Created: 2000-07-28 |
Updated: 2010-08-21 |
ID: CVE-2000-0673 |
Title: NetBIOS Name Server Protocol Spoofing |
Type: Registry |
Bulletins:
CVE-2000-0673 MS00-047 |
Severity: Low |
Description: Custom crafted packets can cause NETBIOS Name Service to stop responding. | ||||
Applies to: Windows 2000 |
Created: 2000-07-27 |
Updated: 2010-08-21 |
ID: CVE-2000-0673 |
Title: NetBIOS Name Server Protocol Spoofing |
Type: Registry |
Bulletins:
CVE-2000-0673 MS00-047 |
Severity: Low |
Description: Custom crafted packets can cause NETBIOS Name Service to stop responding. | ||||
Applies to: Windows NT |
Created: 2000-07-27 |
Updated: 2010-08-21 |
ID: CVE-2000-0666 |
Title: Possible statd format string attack |
Type: RPC |
Bulletins:
CVE-2000-0666 SFBID1480 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 2000-07-16 |
Updated: 2010-08-21 |
ID: CVE-2000-0674 |
Title: All Servers: Virtual Vision FTP Browser Vulnerability |
Type: Web |
Bulletins:
CVE-2000-0674 SFBID1471 |
Severity: Medium |
Description: Possible Remote file retrieving. | ||||
Applies to: Virtual Vision FTP Browser |
Created: 2000-07-12 |
Updated: 2010-08-21 |
ID: CVE-2000-0573 |
Title: wu-ftpd SITE EXEC format |
Type: FTP |
Bulletins:
CVE-2000-0573 SFBID1387 |
Severity: High |
Description: Wu-ftpd is vulnerable to a remote attack in the SITE EXEC or SITE INDEX implementation. User input goes directly into a format string for a *printf function, and it is possible to overwrite important data. This way the function can jump inot shellcode pointed to by the overwritten eip and execute arbitrary commands as root. This is an input validation problem. Anonymous ftp incurs a more serious problem since attacks can come anonymously from anywhere on the internet. Patches for various Linux distributions are listed in: http://www.securityfocus.com/bid/1387/solution | ||||
Applies to: wu-ftpd |
Created: 2000-06-22 |
Updated: 2010-08-21 |
ID: CVE-2000-0345 |
Title: The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. |
Type: Hardware |
Bulletins:
CVE-2000-0345 SFBID1161 |
Severity: Low |
Description: The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. | ||||
Applies to: Cisco 2500 Router Cisco 7500 Series Routers Cisco Router 2600 Cisco Router 3600 Cisco Router 4000 Cisco Router 7200 |
Created: 2000-05-03 |
Updated: 2020-08-14 |
ID: CVE-2000-0380 |
Title: The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. |
Type: Hardware |
Bulletins:
CVE-2000-0380 SFBID1154 |
Severity: High |
Description: The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | ||||
Applies to: |
Created: 2000-04-26 |
Updated: 2020-08-14 |
ID: CVE-1999-0203 |
Title: Sendmail 8-5 |
Type: |
Bulletins:
CVE-1999-0203 |
Severity: High |
Description: Sendmail version 5 contains a vulnerability, which allows intruders to create files, append to existing files, or execute programs. Exploitation of such a vulnerability can lead to root access. This is achieved via SMTP when the user specifies an improper “mail from” address and an invalid “rcpt to” address. In order to solve such problem, one should upgrade to version 8.6.12, which is available at: ftp://ftp.cert.org/pub/tools/sendmail/sendmail.8.6.12 | ||||
Applies to: Sendmail |
Created: 2000-04-25 |
Updated: 2010-08-21 |
ID: CVE-1999-0203 |
Title: Sendmail 8-6 |
Type: |
Bulletins:
CVE-1999-0203 |
Severity: High |
Description: Sendmail version 5 contains a vulnerability, which allows intruders to create files, append to existing files, or execute programs. Exploitation of such a vulnerability can lead to root access. This is achieved via SMTP when the user specifies an improper “mail from” address and an invalid “rcpt to” address. In order to solve such problem, one should upgrade to version 8.6.12, which is available at: ftp://ftp.cert.org/pub/tools/sendmail/sendmail.8.6.12 | ||||
Applies to: Sendmail |
Created: 2000-04-25 |
Updated: 2010-08-21 |
ID: CVE-2000-0267 |
Title: Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. |
Type: Hardware |
Bulletins:
CVE-2000-0267 SFBID1122 |
Severity: Medium |
Description: Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. | ||||
Applies to: |
Created: 2000-04-20 |
Updated: 2020-08-14 |
ID: CVE-2000-0268 |
Title: Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. |
Type: Hardware |
Bulletins:
CVE-2000-0268 SFBID1123 |
Severity: Medium |
Description: Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. | ||||
Applies to: Cisco 3660 Router Cisco 7100 Series VPN Routers Cisco 7500 Series Routers Cisco Router 7200 Cisco uBR7200 Series Universal Broadband Routers |
Created: 2000-04-20 |
Updated: 2020-08-14 |
ID: CVE-2000-0613 |
Title: Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. |
Type: Hardware |
Bulletins:
CVE-2000-0613 SFBID1454 |
Severity: Medium |
Description: Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. | ||||
Applies to: |
Created: 2000-03-20 |
Updated: 2020-08-14 |
ID: CVE-2000-0070 |
Title: Spoofed LPC Port Request |
Type: Registry |
Bulletins:
CVE-2000-0070 MS00-003 |
Severity: Medium |
Description: A malicious user can gain SYSTEM privileges. | ||||
Applies to: Windows NT |
Created: 2000-01-12 |
Updated: 2010-08-21 |
ID: CVE-1999-1175 |
Title: Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. |
Type: Hardware |
Bulletins:
CVE-1999-1175 |
Severity: High |
Description: Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. | ||||
Applies to: |
Created: 1999-12-31 |
Updated: 2020-08-14 |
ID: CVE-1999-1464 |
Title: Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not... |
Type: Hardware |
Bulletins:
CVE-1999-1464 |
Severity: High |
Description: Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564. | ||||
Applies to: |
Created: 1999-12-31 |
Updated: 2020-08-14 |
ID: CVE-1999-1465 |
Title: Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with... |
Type: Hardware |
Bulletins:
CVE-1999-1465 |
Severity: High |
Description: Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862. | ||||
Applies to: |
Created: 1999-12-31 |
Updated: 2020-08-14 |
ID: SFBID894 |
Title: POP3 server might be vulnerable to a remote buffer overflow exploit |
Type: Services |
Bulletins:
SFBID894 |
Severity: High |
Description: Additional BugtraqIDs: http://www.securityfocus.com/bid/942 http://www.securityfocus.com/bid/1965 http://www.securityfocus.com/bid/2781 http://www.securityfocus.com/bid/4055 http://www.securityfocus.com/bid/4295 http://www.securityfocus.com/bid/4614 | ||||
Applies to: |
Created: 1999-12-27 |
Updated: 2010-08-21 |
ID: CVE-1999-0977 |
Title: sadmin service running |
Type: RPC |
Bulletins:
CVE-1999-0977 SFBID866 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1999-12-10 |
Updated: 2010-08-21 |
ID: SFBID789 |
Title: Imail Pop3 5.0 |
Type: |
Bulletins:
SFBID789 |
Severity: High |
Description: There exists a vulnerability in IMail POP3, which causes a buffer flow, when the username entered is between 200 and 500 characters. A buffer overflow will allow an attacker to execute his/her code on the vulnerable server, however the current exploits only cause a denial of service on the remote machine. A patch has been created by the vendors themselves, i.e. Ipswitch, and is available on their website at: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail508.exe | ||||
Applies to: Imail |
Created: 1999-11-08 |
Updated: 2010-08-21 |
ID: CVE-1999-0885 |
Title: All Servers: get32.exe |
Type: Web |
Bulletins:
CVE-1999-0885 SFBID770 |
Severity: Medium |
Description: Possible Remote command execution. | ||||
Applies to: |
Created: 1999-11-03 |
Updated: 2010-08-21 |
ID: CVE-1999-0204 |
Title: Sendmail 8-6-9 ident vulnerability |
Type: |
Bulletins:
CVE-1999-0204 |
Severity: High |
Description: Sendmail version 8.6.9 is prone to a vulnerability. It connects back to the ident service to obtain some user information. The information returned is not validated by the client, and if such a response is longer than a specified bound, a buffer overflow is generated. This may allow a remote attacker to execute some code on the host system and gain root access on the system. In order to solve such a vulnerability one should upgrade to the latest version, i.e. 8.11.2 or later. This is available form Sendmail’s website at: http://www.sendmail.org | ||||
Applies to: Sendmail |
Created: 1999-09-29 |
Updated: 2010-08-21 |
ID: CVE-1999-0526 |
Title: X server accepts connections from any host |
Type: Miscellaneous |
Bulletins:
CVE-1999-0526 |
Severity: High |
Description: Allows a cracker to connect to it and record any of your keystrokes. Use xauth to filter connections. | ||||
Applies to: X server |
Created: 1999-09-29 |
Updated: 2010-08-21 |
ID: CVE-1999-0626 |
Title: rusers service running |
Type: RPC |
Bulletins:
CVE-1999-0626 |
Severity: Low |
Description: Provide information as name of users. | ||||
Applies to: |
Created: 1999-09-29 |
Updated: 2010-08-21 |
ID: CVE-1999-0071 |
Title: Apache 1-1-1 |
Type: Miscellaneous |
Bulletins:
CVE-1999-0071 |
Severity: High |
Description: Run arbitrary commands (web server privilege). | ||||
Applies to: Apache |
Created: 1999-09-11 |
Updated: 2010-08-21 |
ID: CVE-1999-1129 |
Title: Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag. |
Type: Hardware |
Bulletins:
CVE-1999-1129 SFBID615 |
Severity: High |
Description: Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag. | ||||
Applies to: |
Created: 1999-09-01 |
Updated: 2020-08-14 |
ID: CVE-1999-0687 |
Title: ttsession service running |
Type: RPC |
Bulletins:
CVE-1999-0687 SFBID737 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1999-08-21 |
Updated: 2010-08-21 |
ID: CVE-1999-0197 |
Title: Finger service is running |
Type: Services |
Bulletins:
CVE-1999-0197 CVE-1999-0198 |
Severity: Low |
Description: Finger can give an attacker useful information, such as logon accounts and trusted hosts. | ||||
Applies to: |
Created: 1999-07-26 |
Updated: 2010-08-21 |
ID: CVE-1999-0320 |
Title: cmsd service running |
Type: RPC |
Bulletins:
CVE-1999-0320 SFBID524 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1999-07-13 |
Updated: 2010-08-21 |
ID: CVE-1999-0345 |
Title: Fragmented ICMP Packet |
Type: Registry |
Bulletins:
CVE-1999-0345 SFBID514 |
Severity: Low |
Description: Windows NT and Windows 95 may hang when they receive corrupted ICMP datagram fragments. This problem was corrected by updating the TCP/IP protocol stack. Instructions on how to install it are available from Microsoft support channels. More information can be obtained from:http://support.microsoft.com/kb/q154174/ | ||||
Applies to: Windows |
Created: 1999-07-03 |
Updated: 2010-08-21 |
ID: CVE-1999-0345 |
Title: Fragmented IGMP Packet |
Type: Registry |
Bulletins:
CVE-1999-0345 SFBID514 |
Severity: Low |
Description: Windows 98 and Windows 2000 are prone to a vulnerability in their TCP/IP stacks. When a malformed IGMP header is received the stack may fail resulting in a Blue Screen or immediate reboot, amongst others. Patches exist for the operating systems mentioned above. More information can be obtained from: http://www.securityfocus.com/bid/514/solution | ||||
Applies to: Windows |
Created: 1999-07-03 |
Updated: 2010-08-21 |
ID: CVE-1999-0889 |
Title: Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. |
Type: Hardware |
Bulletins:
CVE-1999-0889 |
Severity: High |
Description: Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. | ||||
Applies to: Cisco 600 Series DSL Customer Premises Equipment Routers |
Created: 1999-07-01 |
Updated: 2020-08-14 |
ID: CVE-1999-0721 |
Title: Malformed LSA Request |
Type: Registry |
Bulletins:
CVE-1999-0721 MS99-020 |
Severity: Low |
Description: A malformed LSA request can cause the system to stop responding. | ||||
Applies to: Windows NT |
Created: 1999-06-23 |
Updated: 2010-08-21 |
ID: CVE-1999-0775 |
Title: Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
Type: Hardware |
Bulletins:
CVE-1999-0775 |
Severity: High |
Description: Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. | ||||
Applies to: |
Created: 1999-06-10 |
Updated: 2020-08-14 |
ID: CVE-1999-0253 |
Title: IIS: ASP source using $2e trick |
Type: Web |
Bulletins:
CVE-1999-0253 |
Severity: Low |
Description: Retrieve the source code of remote ASP scripts. | ||||
Applies to: IIS |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0497 |
Title: Ftp Anonymous Upload |
Type: FTP |
Bulletins:
CVE-1999-0497 |
Severity: Medium |
Description: Anonymous uploading can open up your ftp server to be abused by intruders to upload malicious content such as pirated software / music / movies, viruses and Trojans. Apart from the obvious dangers viruses and Trojan might pose, if pirates start using the ftp server a distribution site, anti-piracy groups might target the company for legal action as hosting illegal software is a felony. Thus Ideally an FTP Server should only allow uploading and downloading privileges authenticated users. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0531 |
Title: EXPN,VRFY commands enabled on mail server |
Type: |
Bulletins:
CVE-1999-0531 |
Severity: Low |
Description: The VRFY command allows someone to telnet to a Sendmail server and asks to verify that an address is valid. In such a case spammers will be able to decide who to send mail to. Such a command allows an attacker to keep trying email addresses until s/he finds one that works. The EXPN command is used in a similar manner by spammers, but it is more dangerous because one will be able to obtain a list of address instead of just one. In order to disable EXPN and VRFY perform the following steps:Find ‘PrivacyOptions=’ in /etc/sendmail.cfChange the line to ‘PrivacyOptions=noexpn novrfy’ or to ‘PrivacyOptions=goaway’Force sendmail to reload the configuration. | ||||
Applies to: Sendmail |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0512 |
Title: SMTP server allows relaying |
Type: |
Bulletins:
CVE-1999-0512 |
Severity: Low |
Description: The mail server on this machine is configured to allow email relaying (which allows remote possibly unauthorized users to send emails through it). This configuration is often abused by spammers and hackers to avoid email protection systems. You can configure your server to disable Email Relaying. Consult your mail server manual on how to disable it. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0618 |
Title: REXEC service enabled |
Type: Services |
Bulletins:
CVE-1999-0618 |
Severity: Low |
Description: This service is vulnerable to TCP spoofing attacks. If possible use SSH instead. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0651 |
Title: RLOGIN service enabled |
Type: Services |
Bulletins:
CVE-1999-0651 |
Severity: Low |
Description: This service is vulnerable to TCP spoofing attacks. If possible use SSH instead. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0651 |
Title: RSH service enabled |
Type: Services |
Bulletins:
CVE-1999-0651 |
Severity: Low |
Description: This service is vulnerable to TCP spoofing attacks. If possible use SSH instead. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0616 |
Title: Trivial FTP service running |
Type: Services |
Bulletins:
CVE-1999-0616 |
Severity: Low |
Description: Unrestricted tftp access allows remote sites to retrieve a copy of any world-readable file. You should remove this service, unless you really need it. | ||||
Applies to: |
Created: 1999-06-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0605 |
Title: All Servers: Merchant Order Form 1.2 Order Log Permissions |
Type: Web |
Bulletins:
CVE-1999-0605 SFBID2021 |
Severity: Medium |
Description: Possible to view shopping orders. | ||||
Applies to: |
Created: 1999-04-20 |
Updated: 2010-08-21 |
ID: CVE-1999-0445 |
Title: In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. |
Type: Hardware |
Bulletins:
CVE-1999-0445 |
Severity: Medium |
Description: In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. | ||||
Applies to: |
Created: 1999-04-01 |
Updated: 2020-08-14 |
ID: CVE-1999-0382 |
Title: NT Screen Saver Vulnerability |
Type: Registry |
Bulletins:
CVE-1999-0382 MS99-008 |
Severity: High |
Description: An attacker can replace the screen server with a trojaned executable gaining administrative level privileges. | ||||
Applies to: Windows NT |
Created: 1999-03-12 |
Updated: 2010-08-21 |
ID: CVE-1999-0415 |
Title: The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. |
Type: Hardware |
Bulletins:
CVE-1999-0415 |
Severity: High |
Description: The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. | ||||
Applies to: Ciscoo 7xx Routers |
Created: 1999-03-11 |
Updated: 2020-08-14 |
ID: CVE-1999-0416 |
Title: Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. |
Type: Hardware |
Bulletins:
CVE-1999-0416 |
Severity: Medium |
Description: Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. | ||||
Applies to: Ciscoo 7xx Routers |
Created: 1999-03-11 |
Updated: 2020-08-14 |
ID: CVE-1999-0376 |
Title: KnownDLLs List Vulnerability |
Type: Registry |
Bulletins:
CVE-1999-0376 MS99-006 |
Severity: High |
Description: An attacker can replace system dll's with trojaned ones. | ||||
Applies to: Windows NT |
Created: 1999-02-20 |
Updated: 2010-08-21 |
ID: CVE-1999-0800 |
Title: IIS: Cold Fusion check |
Type: Web |
Bulletins:
CVE-1999-0800 |
Severity: Medium |
Description: Related links: www.macromedia.com/devnet/coldfusion/security.html www.isummation.com/securing_coldfusion_pages_through_iis.html www.sans.org/rr/papers/index.php?id=300 | ||||
Applies to: IIS |
Created: 1999-02-11 |
Updated: 2010-08-21 |
ID: CVE-1999-0362 |
Title: WS FTP Server 1-0-2 |
Type: FTP |
Bulletins:
CVE-1999-0362 SFBID217 |
Severity: High |
Description: WS_FTP Server is vulnerable to a Denial of Service vulnerability. When issuing a CWD command with more than 876 characters, the server will stop responding to FTP requests. In order to solve this vulnerability one should install the patch released by Ipswitch. | ||||
Applies to: WS FTP Server |
Created: 1999-02-04 |
Updated: 2010-08-21 |
ID: CVE-1999-1538 |
Title: IIS: iisadmin is accesible |
Type: Web |
Bulletins:
CVE-1999-1538 SFBID189 |
Severity: Medium |
Description: /iisadmin should be limited to localhost only because can be used for server configure. | ||||
Applies to: IIS |
Created: 1999-01-14 |
Updated: 2010-08-21 |
ID: CVE-1999-0063 |
Title: Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. |
Type: Hardware |
Bulletins:
CVE-1999-0063 |
Severity: Medium |
Description: Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. | ||||
Applies to: |
Created: 1999-01-11 |
Updated: 2020-08-14 |
ID: CVE-1999-0162 |
Title: The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. |
Type: Hardware |
Bulletins:
CVE-1999-0162 |
Severity: Medium |
Description: The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. | ||||
Applies to: |
Created: 1998-09-01 |
Updated: 2020-08-14 |
ID: CVE-1999-0003 |
Title: ttdbserver service running |
Type: RPC |
Bulletins:
CVE-1999-0003 SFBID122 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1998-08-31 |
Updated: 2010-08-21 |
ID: CVE-1999-0002 |
Title: Linux mountd running |
Type: RPC |
Bulletins:
CVE-1999-0002 SFBID121 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1998-08-28 |
Updated: 2010-08-21 |
ID: CVE-1999-0159 |
Title: Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. |
Type: Hardware |
Bulletins:
CVE-1999-0159 |
Severity: Medium |
Description: Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | ||||
Applies to: |
Created: 1998-08-12 |
Updated: 2020-08-14 |
ID: CVE-1999-1582 |
Title: By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive... |
Type: Hardware |
Bulletins:
CVE-1999-1582 |
Severity: High |
Description: By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. | ||||
Applies to: |
Created: 1998-07-15 |
Updated: 2020-08-14 |
ID: CVE-1999-0006 |
Title: QPOP 2-2 to 2.4 |
Type: |
Bulletins:
CVE-1999-0006 SFBID133 |
Severity: High |
Description: A vulnerability exists in QUALCOMM’s QPOP with versions earlier than 2.5. QPOP is prone to a buffer overflow, and in such case remote users will be able to gain privileged access to the systems running such POP servers. If the POP server installed on the system is vulnerable, a patch available from the vendor should be installed, otherwise such POP server should be disabled. In order to determine whether the POP server installed on the system is vulnerable, one should telnet to port 110 on such host, and check the version number from the banner. If the version is vulnerable, the patch should be installed, otherwise the POP server should be disabled. | ||||
Applies to: QPOP |
Created: 1998-06-27 |
Updated: 2010-08-21 |
ID: CVE-2002-0421 |
Title: IIS: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack |
Type: Web |
Bulletins:
CVE-2002-0421 SFBID2110 |
Severity: Medium |
Description: Possible to gain Unauthorized access to your computer. | ||||
Applies to: IIS |
Created: 1998-02-09 |
Updated: 2010-08-21 |
ID: CVE-1999-1293 |
Title: Apache 1-2-5 |
Type: Miscellaneous |
Bulletins:
CVE-1999-1293 |
Severity: High |
Description: Run arbitrary commands (web server privilege). | ||||
Applies to: Apache |
Created: 1998-01-06 |
Updated: 2010-08-21 |
ID: CVE-1999-0293 |
Title: AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
Type: Hardware |
Bulletins:
CVE-1999-0293 |
Severity: High |
Description: AAA authentication on Cisco systems allows attackers to execute commands without authorization. | ||||
Applies to: |
Created: 1998-01-01 |
Updated: 2020-08-14 |
ID: CVE-1999-0230 |
Title: Buffer overflow in Cisco 7xx routers through the telnet service. |
Type: Hardware |
Bulletins:
CVE-1999-0230 |
Severity: Medium |
Description: Buffer overflow in Cisco 7xx routers through the telnet service. | ||||
Applies to: |
Created: 1997-12-15 |
Updated: 2020-08-14 |
ID: REF000326 |
Title: Alerter service enabled |
Type: Services |
Bulletins: | Severity: Low |
Description: This service could be use in social engineering attacks. It is recommended to disable this service. | ||||
Applies to: |
Created: 1997-12-01 |
Updated: 2010-08-21 |
ID: CVE-1999-0016 |
Title: Land IP denial of service. |
Type: Hardware |
Bulletins:
CVE-1999-0016 |
Severity: Medium |
Description: Land IP denial of service. | ||||
Applies to: |
Created: 1997-12-01 |
Updated: 2020-08-14 |
ID: CVE-1999-1061 |
Title: HP JetDirect password is not set |
Type: Miscellaneous |
Bulletins:
CVE-1999-1061 |
Severity: Medium |
Description: Users can manipulate Device Settings through (Web)JetAdmin. | ||||
Applies to: HP JetDirect |
Created: 1997-10-04 |
Updated: 2010-08-21 |
ID: CVE-1999-0160 |
Title: Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. |
Type: Hardware |
Bulletins:
CVE-1999-0160 |
Severity: High |
Description: Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. | ||||
Applies to: |
Created: 1997-10-01 |
Updated: 2020-08-14 |
ID: SFBID688 |
Title: Denial of service on port 135 |
Type: Registry |
Bulletins:
SFBID688 |
Severity: Low |
Description: A vulnerability exists when connecting to TCP port 135. Entering 10 or more random characters will cause the CPU of the target host to jump to 100% CPU utilization, leading to a denial of service. The target host should be restarted to eliminate the problem. A fix has been issued by Microsoft and is available at:ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP2/rpc-fix/It has also been included with Service Pack 3. | ||||
Applies to: Windows NT |
Created: 1997-02-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0047 |
Title: Sendmail privilege escalation |
Type: |
Bulletins:
CVE-1999-0047 SFBID685 |
Severity: Medium |
Description: Sendmail is prone to a vulnerability, where if a attacker sends a carefully crafted email message to a system running this version of Sendmail, the attacker will be able to execute random commands with root privileges on the system the vulnerable Sendmail is running. In order to solve such problem it is advisable to upgrade to version 8.8.5 or later. | ||||
Applies to: Sendmail |
Created: 1997-01-20 |
Updated: 2010-08-21 |
ID: SFBID2026 |
Title: All Servers: Aglimpse |
Type: Web |
Bulletins:
SFBID2026 |
Severity: Medium |
Description: It is possible to force the web server to send the password file back to the attacker. | ||||
Applies to: Aglimpse |
Created: 1996-07-03 |
Updated: 2010-08-21 |
ID: SFBID1749 |
Title: ypupdated service running |
Type: RPC |
Bulletins:
SFBID1749 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 1995-12-19 |
Updated: 2010-08-21 |
ID: CVE-1999-0161 |
Title: In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. |
Type: Hardware |
Bulletins:
CVE-1999-0161 |
Severity: High |
Description: In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. | ||||
Applies to: |
Created: 1995-07-31 |
Updated: 2020-08-14 |
ID: CVE-1999-1306 |
Title: Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. |
Type: Hardware |
Bulletins:
CVE-1999-1306 |
Severity: High |
Description: Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. | ||||
Applies to: |
Created: 1992-12-10 |
Updated: 2020-08-14 |
ID: CVE-1999-1466 |
Title: Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. |
Type: Hardware |
Bulletins:
CVE-1999-1466 SFBID53 |
Severity: High |
Description: Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. | ||||
Applies to: |
Created: 1992-12-10 |
Updated: 2020-08-14 |