Weekly Vulnerabilities Reports > September 13 to 19, 1999
16 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 19 products from 16 vendors including SUN, Matt Wright, CDE, Microsoft, and IBM. Vulnerabilities are notably categorized as and "Configuration".
- 11 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 15 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
|1999-09-16||CVE-1999-0953||Matt Wright|| Unspecified vulnerability in Matt Wright Wwwboard 2.0Alpha2.1 |
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
|1999-09-15||CVE-1999-0817||University OF Kansas|| Remote Security vulnerability in Lynx |
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g.
|1999-09-13||CVE-1999-0759||Fuseware|| Unspecified vulnerability in Fuseware Fusemail 2.7 |
Buffer overflow in FuseMAIL POP service via long USER and PASS commands.
|1999-09-16||CVE-1999-0704|| Bsdi |
|Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.|| |
|1999-09-17||CVE-1999-0886||Microsoft|| Configuration vulnerability in Microsoft Windows NT 4.0 |
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
6 High Vulnerabilities
3 Medium Vulnerabilities
|1999-09-13||CVE-1999-0750||Microsoft|| Unspecified vulnerability in Microsoft Hotmail |
|1999-09-13||CVE-1999-0751||Netscape|| Buffer Overflow vulnerability in Netscape Enterprise Accept |
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
|1999-09-13||CVE-1999-1014||SUN|| Unspecified vulnerability in SUN Solaris and Sunos |
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
2 Low Vulnerabilities
|1999-09-17||CVE-1999-0787||SSH|| Unspecified vulnerability in SSH 1.2.27 |
The SSH authentication agent follows symlinks via a UNIX domain socket.
|1999-09-16||CVE-1999-0907||Steven J Merrifield|| Local Security vulnerability in Steven J. Merrifield Soundcard CW 1.1 |
sccw allows local users to read arbitrary files.