Security Vulnerabilities, CVEs, Published In May 1999

Denial of service in in.comsat allows attackers to generate messages.

Denial of service in Windows NT IIS server using ..\..

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.

NetBSD allows ARP packets to overwrite static ARP entries.

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

Buffer overflow in Solaris lpset program allows local users to gain root access.

Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.

The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.

Buffer overflow in Solaris dtprintinfo program.