OSEC Vulnerability List
|
| Vuln |
Reference |
Description |
| amd |
CVE-1999-0704 |
Buffer overflow in Berkeley automounter
daemon (amd) logging facility provided in the Linux am-utils
package and others.
|
| cmsd |
CVE-1999-0696 |
Buffer overflow in CDE Calendar
Manager Service Daemon (rpc.cmsd)
|
| imapd |
CAN-2000-0284 |
Buffer overflows in University
of Washington imapd version 4.7 allow users with a valid account
to execute commands via LIST, COPY, LSUB, RENAME, and FIND commands.
|
| isapi/jill |
CVE-2001-0241 |
Buffer overflow in Internet Printing
ISAPI extension in Windows 2000 allows remote attackers to gain
root privileges via a long print request that is passed to the
extension through IIS 5.0.
|
| rds |
CVE-1999-1011 |
The Remote Data Service (RDS)
DataFactory component of Microsoft Data Access Components (MDAC)
in IIS 3.x and 4.x exposes unsafe methods, which allows remote
attackers to execute arbitrary commands.
|
| sadmind |
CVE-1999-0977 |
Buffer overflow in Solaris sadmind
allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE
request.
|
| snmp |
CAN-1999-0517 |
An SNMP community name is the
default (e.g. public), null, or missing.
|
| statd |
CVE-2000-0666 |
rpc.statd in the nfs-utils package
in various Linux distributions does not properly cleanse untrusted
format strings, which allows remote attackers to gain root privileges.
|
| unicode |
CVE-2000-0884 |
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
|
| wu |
CVE-2001-0550 |
wu-ftpd 2.6.1 allows remote attackers
to execute arbitrary commands via a "~{" argument to commands
such as CWD, which is not properly handled by the glob function
(ftpglob).
|
