Monthly Archive: September 1999

CVE-1999-0475

A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. Date published : 1999-09-29

CVE-1999-0474

The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user’s personal directory. Date published : 1999-09-29

CVE-1999-0473

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client’s working directory to the permissions of the directory being transferred. Date published : 1999-09-29 http://www.securityfocus.com/bid/145

CVE-1999-0472

The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. Date published : 1999-09-29

CVE-1999-0471

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. Date published : 1999-09-29

CVE-1999-0466

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. Date published : 1999-09-29 http://www.osvdb.org/905

CVE-1999-0458

L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. Date published : 1999-09-29 http://www.osvdb.org/915