NuytsTech Security

Monthly Archive: September 1999

CVE-1999-0177

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. Date published : 1999-09-29

CVE-1999-0176

The Webgais program allows a remote user to execute arbitrary commands. Date published : 1999-09-29

CVE-1999-0175

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. Date published : 1999-09-29

CVE-1999-0174

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. Date published : 1999-09-29

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on. Date published : 1999-09-29

CVE-1999-0172

FormMail CGI program allows remote execution of commands. Date published : 1999-09-29

CVE-1999-0170

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. Date published : 1999-09-29

CVE-1999-0168

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For...

CVE-1999-0167

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. Date published : 1999-09-29

CVE-1999-0166

NFS allows users to use a "cd .." command to access other directories besides the exported file system. Date published : 1999-09-29

CVE-1999-0164

A race condition in the Solaris ps command allows an attacker to overwrite critical files. Date published : 1999-09-29

CVE-1999-0162

The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. Date published : 1999-09-29