Monthly Archive: September 1999

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via...

Denial of service in IIS using long URLs. Date published : 1999-09-29

Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. Date published : 1999-09-29

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. Date published : 1999-09-29 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913

The WorkMan program can be used to overwrite any file to get root access. Date published : 1999-09-29

mSQL v2.0.1 and below allows remote execution through a buffer overflow. Date published : 1999-09-29

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn’t made. Date published : 1999-09-29

Denial of service through Solaris 2.5.1 telnet by sending ^D characters. Date published : 1999-09-29

Denial of service in Slmail v2.5 through the POP3 port. Date published : 1999-09-29

Netscape Enterprise servers may list files through the PageServices query. Date published : 1999-09-29

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. Date published : 1999-09-29

The info2www CGI script allows remote file access or remote command execution. Date published : 1999-09-29 http://www.securityfocus.com/bid/1995

ICMP redirect messages may crash or lock up a host. Date published : 1999-09-29 http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q154174

htmlscript CGI program allows remote read access to files. Date published : 1999-09-29