Monthly Archive: June 2000

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. Date published : 2000-06-02 http://www.securityfocus.com/bid/255

CVE-1999-0696

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). Date published : 2000-06-02

CVE-1999-0668

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. Date published : 2000-06-02 http://www.securityfocus.com/bid/598

CVE-1999-0493

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd....

CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Date published :...

CVE-1999-0225

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. Date published : 2000-06-02...