Monthly Archive: September 1999

Buffer overflow in Thomas Boutell’s cgic library version up to 1.05. Date published : 1999-09-29

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. Date published : 1999-09-29

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. Date published : 1999-09-29 http://www.osvdb.org/3186

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. Date published : 1999-09-29 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010 http://www.osvdb.org/111

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. Date published : 1999-09-29 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-009

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user’s clipboard when the user accesses documents with ActiveX content. Date published : 1999-09-29...

ACC Tigris allows public access without a login. Date published : 1999-09-29 http://www.securityfocus.com/bid/183

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. Date published : 1999-09-29 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-008

Microsoft Taskpads allows remote web sites to execute commands on the visiting user’s machine via certain methods that are marked as Safe for Scripting. Date published : 1999-09-29 http://www.securityfocus.com/bid/498

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine’s process tables through multiple connections to network services. Date published : 1999-09-29 http://www.securitytracker.com/id/1033881

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. Date published : 1999-09-29

Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. Date published : 1999-09-29

Debian GNU/Linux cfengine package is susceptible to a symlink attack. Date published : 1999-09-29

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. Date published : 1999-09-29