Weekly Vulnerabilities Reports > March 29 to April 4, 1999

Overview

14 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 17 vendors including BMC, Microsoft, Cisco, Redhat, and Debian. Vulnerabilities are notably categorized as and "Information Exposure".

  • 12 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities are exploitable by an anonymous user.
  • BMC has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • BMC has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-01 CVE-1999-0443 BMC Unspecified vulnerability in BMC Patrol Agent 3.2.3

Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.

10.0

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-30 CVE-1999-0434 Caldera
Debian
Netbsd
Redhat
Suse
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
7.5

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-01 CVE-1999-0921 BMC Denial of Service vulnerability in BMC Patrol Agent 3.2.5

BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.

5.0
1999-04-01 CVE-1999-0610 Mountain Network Systems Unspecified vulnerability in Mountain Network Systems Webcart

An incorrect configuration of the Webcart CGI program could disclose private information.

5.0
1999-04-01 CVE-1999-0609 Mercantec Unspecified vulnerability in Mercantec Softcart

An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.

5.0
1999-04-01 CVE-1999-0608 Pdgsoft Unspecified vulnerability in Pdgsoft PDG Shopping Cart 1.5

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

5.0
1999-04-01 CVE-1999-0606 Seaside Enterprises Information Exposure vulnerability in Seaside Enterprises Ezmall 2000

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.

5.0
1999-04-01 CVE-1999-0605 Austin Contract Computing Information Exposure vulnerability in Austin Contract Computing Merchant Order Form 1.0/1.2

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.

5.0
1999-04-01 CVE-1999-0469 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0

Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

5.0
1999-04-01 CVE-1999-0467 Webcom Unspecified vulnerability in Webcom CGI Guestbook

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.

5.0
1999-04-01 CVE-1999-0445 Cisco Unspecified vulnerability in Cisco IOS

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

5.0
1999-03-31 CVE-1999-1559 Alcatel Unspecified vulnerability in Alcatel Omniswitch

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.

5.0
1999-04-01 CVE-1999-0447 HP Unspecified vulnerability in HP MPE IX

Local users can gain privileges using the debug utility in the MPE/iX operating system.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-01 CVE-1999-0480 Midnight Commander Denial-Of-Service vulnerability in Midnight Commander Midnight Commander 4

Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.

2.1