[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-08 - 27 candidates



The following cluster contains 27 candidates, all of which were
announced between 2/1/2000 and 2/4/2000.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0101
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The Make-a-Store OrderPage shopping cart application allows remote
users to modify sensitive purchase information via hidden form
fields.


VOTE:

=================================
Candidate: CAN-2000-0102
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The SalesCart shopping cart application allows remote users to modify
sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0103
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The SmartCart shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0104
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The Shoptron shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0105
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 Outlook Express 5 vulnerability - Active Scripting may read email messages
Reference: BID:962

Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers
to view a user's email messages via a script that accesses a variable
that references subsequent email messages that are read by the client.


VOTE:

=================================
Candidate: CAN-2000-0106
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The EasyCart shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0107
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: DEBIAN:20000201
Reference: BID:958

Linux apcd program allows local attackers to modify arbitrary files
via a symlink attack.


VOTE:

=================================
Candidate: CAN-2000-0108
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The Intellivend shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0109
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 Security issues with S&P ComStock multiCSP (Linux)

The mcsp Client Site Processor system (MultiCSP) in Standard and
Poor's ComStock is installed with several accounts that have no
passwords or easily guessable default passwords.


VOTE:

=================================
Candidate: CAN-2000-0110
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The WebSiteTool shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0112
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: BID:960

The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.


VOTE:

=================================
Candidate: CAN-2000-0114
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)

Frontpage Server Extensions allows remote attackers to determine the
name of the anonymous account via an RPC POST request to shtml.dll in
the /_vti_bin/ virtual directory.


VOTE:

=================================
Candidate: CAN-2000-0121
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000
Reference: MS:MS00-007
Reference: MSKB:Q248399
Reference: BID:963

The Recycle Bin utility in Windows NT and Windows 2000 allows local
users to read or modify files by creating a subdirectory with the
victim's SID in the recycler directory, aka the ""Recycle Bin
Creation" vulnerability.


VOTE:

=================================
Candidate: CAN-2000-0122
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: NTBUGTRAQ:20000203 2 MS Frontpage issues Cerberus Information Security Advisory (CISADV000203)
Reference: BID:964

Frontpage Server Extensions allows remote attackers to determine the
physical path of a virtual directory via a GET request to the
htimage.exe CGI program.


VOTE:

=================================
Candidate: CAN-2000-0123
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 Re: [xforce@iss.net: ISSalert: ISS E-Security Alert: Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications]

The shopping cart application provided with Filemaker allows remote
users to modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0124
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 surfCONTROL SuperScout v2.6.1.6 flaw
Reference: BID:965

surfCONTROL SuperScout does not properly asign a category to web sites
with a . (dot) at the end, which may allow users to bypass web access
restrictions.


VOTE:

=================================
Candidate: CAN-2000-0125
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)
Reference: BID:967

wwwthreads does not properly cleanse numeric data or table names that
are passed to SQL queries, which allows remote attackers to gain
privileges for wwwthreads forums.


VOTE:

=================================
Candidate: CAN-2000-0126
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000202 Alert: IIS 4 / IS 2 IDQ Cerberus Information Security Advisory (CISADV000202)
Reference: NTBUGTRAQ:20000202 Alert: IIS 4 / IS 2 IDQ Cerberus Information Security Advisory (CISADV000202)

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote
attackers to read files via a .. (dot dot) attack.


VOTE:

=================================
Candidate: CAN-2000-0127
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: BID:969

The Webspeed configuration program does not properly disable access to
the WSMadmin utility, which allows remote attackers to gain
privileges.


VOTE:

=================================
Candidate: CAN-2000-0128
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000204 "The Finger Server"

The Finger Server 0.82 allows remote attackers to execute commands via
shell metacharacters.


VOTE:

=================================
Candidate: CAN-2000-0129
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: NTBUGTRAQ:20000204 Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability
Reference: BUGTRAQ:20000204 Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability
Reference: NTBUGTRAQ:20000204 Windows Api SHGetPathFromIDList Buffer Overflow
Reference: BUGTRAQ:20000204 Windows Api SHGetPathFromIDList Buffer Overflow

Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP
server allows attackers to cause a denial of service by performing a
LIST command on a malformed .lnk file.


VOTE:

=================================
Candidate: CAN-2000-0131
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: BID:966

Buffer overflow in War FTPd 1.6x allows users to cause a denial of
service via long MKD and CWD commands.


VOTE:

=================================
Candidate: CAN-2000-0133
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 Tiny FTPd 0.52 beta3 Buffer Overflow
Reference: BID:961

Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to
execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE,
and RNFR commands.


VOTE:

=================================
Candidate: CAN-2000-0134
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The Check It Out shopping cart application allows remote users to
modify sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0135
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The @Retail shopping cart application allows remote users to modify
sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0136
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The Cart32 shopping cart application allows remote users to modify
sensitive purchase information via hidden form fields.


VOTE:

=================================
Candidate: CAN-2000-0137
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ISS:20000201 Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications

The CartIt shopping cart application allows remote users to modify
sensitive purchase information via hidden form fields.


VOTE:

Page Last Updated or Reviewed: May 22, 2007