NuytsTech Security

Monthly Archive: February 2000

CVE-1999-0993

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. Date published : 2000-02-04

CVE-1999-0990

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. Date published : 2000-02-04

CVE-1999-0988

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. Date published : 2000-02-04

CVE-1999-0985

CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. Date published : 2000-02-04

CVE-1999-0984

Matt’s Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. Date published : 2000-02-04

CVE-1999-0983

Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. Date published : 2000-02-04

CVE-1999-0970

The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. Date published : 2000-02-04 http://www.securityfocus.com/bid/1808...

CVE-1999-0944

IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. Date published : 2000-02-04

CVE-1999-0929

Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. Date published : 2000-02-04