VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-199907-0009 CVE-1999-1078 WS_FTP Configuration file ws_ftp.ini File password weak encryption vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. WS_FTP, both Pro and LE versions,. allows passwords to be saved as part of a saved site configuration. These passwords are encrypted and stored in .ini files. The encryption method is weak and can be broken. WS_FTP is a widely used FTP client software maintained by Ipswitch distribution. Certain versions of WS_FTP have a problem that will leak FTP user passwords
VAR-199907-0037 CVE-1999-1543 MacOS Weak Password Encryption Vulnerability CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. apple's macOS Exists in unspecified vulnerabilities.None. The encryption algorithm in MacOS system is simple and the password can be easily decoded. Offset is different on each system and depends on Users & Groups configuration, but it always lie after owner's username. It's not so difficult to find it using a hex editor, even if we don't know owner's username. Here are some examples of encrypted passwords: 00 04 06 18 0D 0A 19 0B = stayaway 0A 1F 10 1B 00 07 75 1E = yellow 1C 1B 16 14 12 62 10 7B = owner 07 02 13 1A 1E 0F 1A 14 = turnpage 27 25 33 27 27 39 24 7E = Trustno1 AA BB CC DD EE FF GG HH = aa bb cc dd ee ff gg hh where: AA BB CC DD EE FF GG HH - encrypted password (hex) aa bb cc dd ee ff gg hh - decrypted password in ASCII codes (hex) aa=AA XOR 73H bb=BB XOR AA XOR 70H cc=CC XOR BB XOR 63H dd=DD XOR CC XOR 67H ee=EE XOR DD XOR 74H ff=FF XOR EE XOR 70H gg=GG XOR FF XOR 72H hh=HH XOR GG XOR 6BH An example: Let's take OO 04 06 18 0D 0A 19 0B 00H XOR 73H = 73H = s 04H XOR 00H = 04H; 04H XOR 70H = 74H = t 06H XOR 04H = 02H; O2H XOR 63H = 61H = a 18H XOR 06H = 1EH; 1EH XOR 67H = 79H = y 0DH XOR 18H = 15H; 15H XOR 74H = 61H = a 0AH XOR 0DH = 07H; 07H XOR 70H = 77H = w 19H XOR 0AH = 13H; 13H XOR 72H = 61H = a 0BH XOR 19H = 12H; 12H XOR 6BH = 79H = y tested on: MacOS 7.5.3, 7.5.5, 8.1, 8.5 copied verbatim from a post to bugtraq by Dawid adix Adamski <adixx@FRIKO4.ONET.PL> on July 10, 1999. There are vulnerabilities in MacOS
VAR-199907-0017 CVE-1999-0889 Cisco 675 Router Telnet Session Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. Cisco 675 Router is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks. Cisco 675 routers running CBOS are vulnerable
VAR-199906-0021 CVE-1999-0916 WebTrends Security hole CVSS V2: 2.1
CVSS V3: -
Severity: LOW
WebTrends software stores account names and passwords in a file which does not have restricted access permissions. Vulnerabilities exist in WebTrends software
VAR-199906-0010 CVE-1999-0775 Cisco Gigabit Switch Security hole CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. Cisco IOS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks
VAR-199906-0038 No CVE Cisco IOS established Access List Keyword Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
A vulnerability in certain versions of the Cisco IOS software running in the Cisco 12000 series Gigabit Switch Routers may allow a remote attacker to bypass security restrictions. The issue allows a vulnerable device to forward unauthorized traffic regardless of security restrictions. The issue occurs due to an error in the processing of the 'established' keyword in an access-list statement. Specifically, this issue presents itself when an affected router carries out the following command: access-list 101 permit tcp any any established It is reported that the vulnerable devices ignore the 'established' keyword and forward all TCP traffic to the relevant interface. Cisco Gigabit Switch Routers running Cisco IOS software release 11.2(14)GS2 to 11.2(15)GS3 are vulnerable to this issue.
VAR-199906-0005 CVE-1999-1412 Apple MacOS Security hole CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loop. The system will panic and display a stack trace with ipc_task_init. Although the vulnerability is not related to web servering it can only be reproduced so far using this means
VAR-199905-0021 CVE-1999-0803 AIX eNetwork Firewall fwluser Script to write arbitrary file vulnerabilities CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. A vulnerability exists in the fwluser script in the AIX eNetwork firewall
VAR-199905-0009 CVE-1999-1393 apple's  macOS  Vulnerability in CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. apple's macOS Exists in unspecified vulnerabilities.None. Powerbooks come with a 'Password Security' Control Panel. This allows the user to create a password that must be entered prior to the OS mounting the hard drive. This feature can be enabled or disabled by the user. The control panel stores the enabled/disabled state, as well as an encrypted verion of the password, in a file called 'aaaaaaaaAPWD' in the root of the drive. The problem is that this security feature can be bypassed with a boot disk and hard drive utility
VAR-199905-0051 CVE-1999-1566 iParty Conferencing Server Remote Denial of Service Attack Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. A buffer overflow condition has been discovered in the Intel iParty server. The server will need to be restarted to regain normal functionality. This issue may be due to a buffer overrun, potentially resulting in arbitrary code execution. This possibility has not been confirmed. iParty is a small voice conference chat program developed by Intel Experimental Technologies Department. The iParty meeting service daemon does not correctly handle the malformed requests submitted by users. Remote attackers can use this vulnerability to carry out denial-of-service attacks on the meeting service system
VAR-199904-0053 No CVE Cisco IOS Software Input Access List Leakage with NAT CVSS V2: -
CVSS V3: -
Severity: -
It is reported that Cisco routers running versions 12.0 are affected by a vulnerability which allows packets to bypass input filter rules. When certain versions of Cisco IOS are configured with both input access lists and NAT, an interaction between different software bugs allows packets to bypass the input filter rules. This situation allows for a false sense of security by the administrators of affected devices. This may allow an attacker to circumvent access control restrictions, possibly aiding them in further compromise of protected computers.
VAR-199904-0034 CVE-1999-0471 Winroute Security hole CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button
VAR-199904-0039 CVE-1999-1323 Internet Email Gateways (NAVIEG) navieg.ini and MS Exchange (NAVMSE) ModifyPassword Registry key Norton AntiVirus Encryption error vulnerability CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. ini, (2) ModifyPassword registry entry under NAVMSE
VAR-199904-0026 CVE-1999-0445 IOS Cisco routing running NAT Filter vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters
VAR-199903-0049 CVE-1999-1559 Xylan OmniSwitch Input validation vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. Omniswitch is prone to a security bypass vulnerability. Xylan OmniSwitch prior to 3.2.6 is vulnerable
VAR-199903-0024 CVE-1999-0415 Cisco router HTTP Server vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. Cisco 7Xx Routers is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. A remote attacker could exploit this vulnerability to change the router's configuration
VAR-199903-0025 CVE-1999-0416 Cisco Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. There are vulnerabilities in the Cisco 7xx series
VAR-199903-0051 CVE-2000-0019 IMail POP3 daemon Security hole CVSS V2: 2.1
CVSS V3: -
Severity: LOW
IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability
VAR-199903-0048 CVE-1999-1551 Ipswitch IMail Buffer overflow DoS Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. The IMail web server can be crashed by requesting an abnormally long URL. There is a buffer overflow vulnerability in Ipswitch IMail Service version 5.0
VAR-199903-0014 CVE-1999-0221 Ascend Router security vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Denial of service of Ascend routers through port 150 (remote administration). Ascend Router is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition