8637 matches found
CVE-1999-0732
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links...
[SECURITY] New versions of smtp-refuser fixes security hole
This bug was experienced in May 1999 but wasnt reported on this channel yet. Former versions of the smtp-refuser package came with unchecked logging facility to /tmp/log. This allowed deleting arbitrary, root-owned files by any user who has write access to /tmp. We recommend you upgrade your...
PT-1999-1310 Ā· Debian Ā· Smtp-Refuser
Name of the Vulnerable Software and Affected Versions: Debian smtp-refuser affected versions not specified Description: The issue affects the logging facility of the Debian smtp-refuser package, allowing local users to delete arbitrary files using symbolic links. Recommendations: At the moment,...
http-request_method.txt
Date: Wed, 6 Jan 1999 13:16:07 -0000 From: mnemonix To: [email protected] Subject: HTTP REQUESTMETHOD flaw There is a "feature" inherent in some web servers, such as Apache 1.3.x or MS IIS, that carries mild security implications that could allow web server attacks to go unnoticed. The problem...
SshdJJF.txt
J.J.F. / Hackers Team - Security Advisory =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Fecha: 09/05/1999 Publicado: 14/05/1999 Autor: Zhodiac URL: http://www.jjf.org Aplicacion: sshd2 up to 2.0.11 Sistema Operativo: Unix Peligrosidad: Medio, a largo plazo posible acceso remoto al sistema...
ca.inoculan.nt.txt
Date: Sat, 8 May 1999 14:58:08 +1000 From: Glenn Corbett To: [email protected] Subject: Insecure Bahaviour in Inoculan Client Russ, A problem has been discovered with the InocuLAN client on Windows NT workstations. If an account lockout policy is present on a Windows NT domain, lar...
ms-iis4-avoid-log.txt
Date: Fri, 22 Jan 1999 10:12:52 -0000 From: mnemonix To: [email protected] Subject: IIS 4 Request Logging Security Advisory There is are a combination of problems with IIS 4 that allows an successful HTTP request to go unlogged. Microsoft's Internet Information Server 4 allows the use of any...
trend.micro.interscan.ftp.proxy.txt
Date: Mon, 14 Jun 1999 17:47:17 -0400 From: "Lherisson, Karl C." To: [email protected] Subject: Possible Security Flaw in Trend Micro's InterScan FTP Proxy Hi my name is Karl C. Lherisson a network consultant at a securities firm. I am writing to inform you that I recently purchased Trend...
wingate-killer.pl
Date: Sat, 14 Nov 1998 13:51:30 -0500 From: G23 To: [email protected] Subject: crashing wingates Hello, The following one-liner will crash an open Wingate. perl -MIO::Socket -e \ 'IO::Socket::INET-newPeerAddr="wingate.to.hoze:23"\ -send"X" x 4400 . "\n",0' Unfortunately I don't have access to...
mail.local.diff
688a689,698 define MAXMSGLEN 65536 / Make sure message is less than MAXMSGLEN / if ftellfp MAXMSGLEN syslogLOGDEBUG,"Message too long - %i bytes limit is %i\n", ftellfp,MAXMSGLEN; exit1;...
putsyslog.txt
http://www.rootshell.com/ From [email protected] Wed Jul 8 10:18:27 1998 Date: Wed, 8 Jul 1998 19:08:41 +0200 From: Paul Boehm To: [email protected] Subject: putsyslog hi, users can write messages to syslog and thus hide files in there and bypass quotas.. later they can extract it if they ha...
SshdJJFen.txt
J.J.F. / Hackers Team - Security Advisory =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: 05/09/1999 Release: 05/14/1999 Author: Zhodiac URL: http://www.jjf.org Application: sshd2 up to 2.0.11 OS: Unix Risk: Risky :, long term could gain system access. -=-=-=-=-=-=-=-= Introduction...
CVE-2000-0118
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing...
RedHat Linux 5.2 i3866.0 - No Logging
RedHat Linux 5.2 i3866.0 - No Logging source: https://www.securityfocus.com/bid/320/info A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity. su is a command that allows users to change identifies by supplying a...
RedHat Linux 5.2 i386/6.0 - No Logging
source: https://www.securityfocus.com/bid/320/info A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity. su is a command that allows users to change identifies by supplying a password. If the password is correct su...
Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode (1)
Ethereal 0.8.40.8.50.8.6 tcpdump 3.43.5 alpha - DNS Decode 1 // source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffe...
CVE-1999-1029
SSH server sshd2 before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs...
CVE-1999-0579
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys...
CVE-1999-0577
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories...
CVE-1999-0578
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys...