Author: alec-guest Date: 2006-05-22 20:59:47 +0000 (Mon, 22 May 2006) New Revision: 4052 Modified: data/CVE/list Log: NOT-FOR-US Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-22 20:56:56 UTC (rev 4051) +++ data/CVE/list 2006-05-22 20:59:47 UTC (rev 4052) @@ -29939,9 +29939,9 @@ CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...) TODO: check CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...) @@ -30001,7 +30001,7 @@ CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...) TODO: check CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) TODO: check CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...) @@ -30795,9 +30795,9 @@ CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...) NOT-FOR-US: Microsoft CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...) NOT-FOR-US: Microsoft CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...) @@ -30833,11 +30833,11 @@ CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...) TODO: check CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...) NOT-FOR-US: Microsoft CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...) @@ -30993,11 +30993,11 @@ CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...) NOT-FOR-US: Microsoft CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...) TODO: check CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...) @@ -31163,7 +31163,7 @@ CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...) TODO: check CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...) NOT-FOR-US: Microsoft CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...) @@ -31237,7 +31237,7 @@ CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...) TODO: check CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...) TODO: check CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...) @@ -31349,7 +31349,7 @@ CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...) TODO: check CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...) NOT-FOR-US: Microsoft CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...) @@ -31629,7 +31629,7 @@ CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...) TODO: check CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...) TODO: check CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...) @@ -31661,7 +31661,7 @@ CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...) TODO: check CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...) TODO: check CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...) @@ -31759,9 +31759,9 @@ CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...) TODO: check CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...) TODO: check CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...) @@ -31893,7 +31893,7 @@ CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...) TODO: check CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...) NOT-FOR-US: Microsoft CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...) @@ -31903,7 +31903,7 @@ CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...) NOT-FOR-US: Microsoft CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...) NOT-FOR-US: Microsoft CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...) @@ -32089,9 +32089,9 @@ CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...) TODO: check CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...) TODO: check CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...) @@ -32345,7 +32345,7 @@ CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...) TODO: check CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...) TODO: check CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...) @@ -32419,7 +32419,7 @@ CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...) TODO: check CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...) TODO: check CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...) @@ -32649,7 +32649,7 @@ CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...) NOT-FOR-US: Microsoft CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...) TODO: check CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...) @@ -32667,7 +32667,7 @@ CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...) TODO: check CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...) TODO: check CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...) @@ -32697,7 +32697,7 @@ CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...) TODO: check CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...) @@ -32937,9 +32937,9 @@ CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...) TODO: check CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...) TODO: check CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...) @@ -32985,7 +32985,7 @@ CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...) TODO: check CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...) TODO: check CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...) @@ -33045,7 +33045,7 @@ CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...) TODO: check CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...) TODO: check CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...) @@ -33150,11 +33150,11 @@ CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...) TODO: check CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...) TODO: check CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...) TODO: check CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...) @@ -33216,7 +33216,7 @@ CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...) TODO: check CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...) TODO: check CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...) @@ -33312,7 +33312,7 @@ CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...) TODO: check CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1034 (Vulnerability in login in AT&T System V Release 4 allows local users ...) TODO: check CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...) @@ -33551,7 +33551,7 @@ CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...) TODO: check CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...) TODO: check CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...) @@ -33563,7 +33563,7 @@ CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...) TODO: check CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...) TODO: check CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...) @@ -33571,7 +33571,7 @@ CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...) TODO: check CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...) TODO: check CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client''s ...) @@ -33687,7 +33687,7 @@ CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...) TODO: check CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...) NOT-FOR-US: Cisco CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...) @@ -33771,7 +33771,7 @@ CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...) TODO: check CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...) TODO: check CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...) @@ -33940,9 +33940,9 @@ CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...) TODO: check CVE-1999-0449 (Denial of service in IIS 4 with scripts from the ExAir sample site. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...) TODO: check CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...) @@ -33996,7 +33996,7 @@ CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...) TODO: check CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...) TODO: check CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...) @@ -34004,7 +34004,7 @@ CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...) TODO: check CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...) TODO: check CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...) @@ -34086,9 +34086,9 @@ CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...) TODO: check CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...) TODO: check CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...) @@ -34188,13 +34188,13 @@ CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIOS ...) TODO: check CVE-1999-0281 (Denial of service in IIS using long URLs. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...) NOT-FOR-US: Microsoft CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...) TODO: check CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...) TODO: check CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...) @@ -34252,7 +34252,7 @@ CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...) TODO: check CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or .cmd ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) NOT-FOR-US: Cisco CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...) @@ -34306,7 +34306,7 @@ CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...) TODO: check CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...) TODO: check CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...) @@ -34928,13 +34928,13 @@ CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...) TODO: check CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...) TODO: check CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2002-0418 (Directory traversal vulnerability in the ...) TODO: check CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...) @@ -37033,7 +37033,7 @@ CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...) TODO: check CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...) TODO: check CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...) @@ -37065,7 +37065,7 @@ CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...) TODO: check CVE-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...) TODO: check CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...) @@ -37299,7 +37299,7 @@ CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...) TODO: check CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...) TODO: check CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...) @@ -37365,7 +37365,7 @@ CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user''s ...) NOT-FOR-US: Microsoft CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...) TODO: check CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...) @@ -37483,7 +37483,7 @@ CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...) TODO: check CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...) TODO: check CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...) @@ -37607,7 +37607,7 @@ CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...) TODO: check CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...) TODO: check CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...) @@ -37645,7 +37645,7 @@ CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...) TODO: check CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...) TODO: check CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...) @@ -37659,7 +37659,7 @@ CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...) TODO: check CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...) TODO: check CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...) @@ -37703,7 +37703,7 @@ CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...) TODO: check CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...) TODO: check CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...) @@ -37806,7 +37806,7 @@ CVE-1999-1539 (Buffer overflow in FTP server in QPC Software''s QVT/Term Plus versions ...) TODO: check CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...) TODO: check CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...) @@ -37940,7 +37940,7 @@ CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...) NOT-FOR-US: Microsoft CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...) TODO: check CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...) @@ -38056,7 +38056,7 @@ CVE-1999-1377 (Matt Wright''s download.cgi 1.0 allows remote attackers to read ...) TODO: check CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...) TODO: check CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...) @@ -38640,13 +38640,13 @@ CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...) TODO: check CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...) TODO: check CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...) @@ -38852,7 +38852,7 @@ CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...) TODO: check CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...) TODO: check CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...)