CVE-1999-1052

Microsoft FrontPage stores form results in a default location in /private/formresults.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users...

caldera.coas.shadow.txt

Date: Tue, 27 Apr 1999 20:26:16 -0600 From: synapse To: [email protected] Subject: Caldera Advisory Heya Aleph, Not sure if this had come accross the list. -----BEGIN PGP SIGNED MESSAGE----- Caldera Systems, Inc. Security Advisory Subject: COAS Advisory number: CSSA-1999:009.0 Issue date: 1999...

sims-sds.txt

Date: Fri, 25 Dec 1998 19:51:56 PST From: Dana Jones Reply-To: Bugtraq List To: [email protected] Subject: Vulnerability SIMS 3.x Sun Internet Mail Server and SDS 1.x & 3.1 Sun LDAP Directory services vulnerability. /var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap connects/operations. ...

CVE-1999-0712

A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...

PT-1999-1292 · Caldera · Caldera Open Administration System

Name of the Vulnerable Software and Affected Versions: Caldera Open Administration System COAS affected versions not specified Description: A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable. Recommendations: At the moment,...

CVE-1999-1405

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap...

CVE-1999-1546

netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable...

CVE-1999-1072

Excite for Web Servers EWS 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi...

Excite for Web Servers 1.1 - Administrative Password

Excite for Web Servers 1.1 - Administrative Password source: https://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world...

Excite for Web Servers 1.1 - Administrative Password

source: https://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world writable. This allows an attacker...

CVE-1999-1429

DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver...

IBM AIX 4.2.1 - '/usr/bin/portmir' Local Buffer Overflow / Insecure Temporary File Creation

/ source: https://www.securityfocus.com/bid/385/info AIX version 4.2.1 introduced a new command titled 'portmir'. This new program had two notable vulnerabilites. First it contained a buffer overflow which allowed malicious users to obtain root privileges. Secondly it wrote it's log files to a...

SGI IRIX 6.2 - cgi-bin wrap

SGI IRIX 6.2 - cgi-bin wrap source: https://www.securityfocus.com/bid/373/info A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world readabl...