Date

Date	Description	system	version	Risk	Application	Source	References	port	Patch	Patchref
12/31/98	OracleDenial of Service	Oracle	8.05 8.0.4 7.3	medium	Oracle	bugtraq
12/20/98	WindowsNT "Remote Explorer" Virus	Windows NT	3.51 4.0 5.0	medium	Windows NT	Microsoft
12/17/98	passwd	Solaris	2.6 2.6_x86, 2.5.1, 2.5.1_x86, 2.5, 2.5_x86, 2.4, 2.4_x86 2.3	medium	passwd	Sun	00182			SUNpatch
12/16/98	Attacking "protected" machines through MS-Proxy	MS-Proxy		high	Firewall	bugtraq
12/13/98	Exploitable buffer overflow in bootpd	UNIX		high	bootpd
12/10/98	Patch Availablefor Excel "CALL Vulnerability"	MS-Office	97	high	Excel	Microsoft	MS98-018
12/10/98	Vulnerabilityin IRIX fcagent daemon	IRIX	6.4 and higher	medium	fcagent, RPC	SGI	19981201-01-PX
12/10/98	ICMP RedirectsAgainst Embedded Controllers	OS-9		medium	Embedded Controllers	ISS
12/10/98	Built in password	BreezeCOM		high	password	bugtraq
11/16/98	Sendmail lame DoS attacks	Sendmail	8.8.6	medium	sendmail	Bugtraq		25		sendmail 8.9.1
11/5/98	Cisco IOS DFS Access List Leakage	cisco IOS	Cisco 7xxx family 11.1CC and 11.1CT releases	medium		CERT	VB-98.13.Cisco_IOS_DFS	all
11/2/98	Hidden SNMP community in HP OpenView	Open View	HP-UX Version 10.X HP-UX Version 9.X Solaris Version 2.X	high	Open View snmp	ISS		161
11/2/98	Hidden community string in SNMP implementation	Solaris	2.6 and earlier	high	snmp agent	ISS		161
10/16/98	Update available for "Untrusted Scripted Paste" Issue in	Windows All	Microsoft Internet Explorer 4.01 and 4.01 SP1 on Windows NT 4.0, Windows 95 - Microsoft Windows 98, with integrated Internet Explorer - Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51	high	Iexplorer 4.01	Microsoft	ms98-015.htm	80
10/14/98	Two independent vulnerabilities in ufsrestoreand ufsdump	SunOS	5.5.1 5.5.1_x86 5.5 5.5_x86. 5.4 5.4_x86 5.3	high	ufsrestore ufsdump	CERT	http://sunsolve.Sun.COM/pub-cgi /us/sec2html?secbull/169
10/14/98	Cisco IOS Command History Release at Login Prompt	cisco IOS	Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, 1xxx, 25xx, 26xx, 30xx, 36xx,40xx, 45xx, 47xx, AS52xx, AS53xx, 70xx, 72xx (including the ubr72xx), 75xx, and 12xxxseries Most recent versions of the LS1010 ATM switch, some version of te Catalyst 29	00XL		LAN s	witch. The Cisco DistributedDirector 9.1 and laterhigh cisc	o	c	i
10/13/98	Security Vulnerabilities in "mscreen" Serial Multiscreens Utility	SCO	- SCO Open Desktop/Open Server 3.0 (all, also SCO UNIX 3.2v4) - SCO OpenServer 5.0 (all, also SCO Internet FastStart) - SCO CMW+ 3.0	high	mscreen	CERT	SCO Security Bulletin 98.05a	OS		sse016.tar.Z
10/12/98	RemotelyExploitable Buffer Overflow Vulnerability in mountd	Linux		high	NFS	CERT	ftp://ftp.cert.org/pub/ cert_advisories/CA-98.12.mountd			http://www.redhat.com/ support/docs/errata.html ftp://ftp.caldera.com/pub/ OpenLinux/updates/1.2/013
9/29/98	Snork : Denial of service attack agiants windows NT RPC	Windows NT	4.0 including SP4	medium	RPC	ISS		135,7,9		ms98-014
9/3/98	Vulnerabilityin ToolTalk RPC Service	SunOS	5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.4,5.4_x86, 5.3, 4.1,4.1.3_U1	HP-U	X release 10.3	0 HP-UX release 1	1.00 SGI IRIX 5.3 IRIX 5.4 IRIX 6.2 IRIX 6.3 IRIX 6.4 IBM AIX 4.1.	X		AIX 4.2.X AIX 4.3.X TriTeal TriTeal CDE - TED versions 4.3 and previous. Xi Graphics Xi Graphics Maximum CDE v1.2.3 highTooltalk (CDE)NAI
8/25/98	Steal anarbitrary number of Hotmail passwords	hotmail		high	free mail service	Bugtraq
8/20/98	Cisco PIXpossible DOS-attacks to static IP-addresses on the inside	cisco PIX		medium	Firewall	Bugtraq
8/19/98	SecurityVulnerability in BIND on HP-UX	HP-UX	9.0-11.0	high	BIND	HP
8/18/98	Updates available for Security Vulnerabilities in Microsoft PPTP	Windows NT		high	Dialup Networking 1.2x and earlier onWindows 95 -Remote Access Services, Routing and Remote Access Services on Windows NT 4.0 - Windows 98 Dialup Networking<br>	Microsoft	http://www.repsec.com/ advisories.html			Updates availablevulnerabilities in PPTP
8/18/98	Two vulnerabilities in rpc.pcnfsd	AIX	4.0, 4.1, 4.2, 4.3	high	rpc.pcnfsd	RSI
8/18/98	"Window.External"	Windows NT		medium	IE 4.0, 4.01, 4.01 SP1	Microsoft
8/14/98	ICQ PasswordVerification Bug	Linux		high	ICQ servers	rootshell	Security bulletin
8/13/98	Cisco IOSRemote Router Crash	cisco IOS		medium	IOS	cisco	cisco
8/11/98	Buffer Overflow in MIME-aware Mail and News Clients	All		high	Openwindows versions 3.0, 3.3, 3.4, 3.5 and 3.6. CDE versions 1.0.1, 1.0.2 and 1.2. - - SCO CMW+ - - SCO Open Desktop / Open Server 3.0, SCO UNIX 3.2v4 - - SCO OpenServer 5, SCO Internet FastStart - - SCO UnixWare 2.1 mutt and pine	CERT	CA-98.10-mime-buffer-overflows.html	25
8/8/98	Apache DoSattack	All		medium	Apache	Bugtraq
8/7/98	1.Descriptionof the Eudora Security Hole 2. Eudora Pro Security Alert	Windows All		high	Eudora Pro and CommCenter 4.0.1 and 4.0	Bugtraq	Pharlap	25, 110, 143
8/6/98	OBJECTvulnerability in IE 4.0	Windows NT		low	Internet Explorer 4.0 even with SP1	Bugtraq	TLAalert procmail warning	80, 25, 110, 143	TLAalert
8/6/98	Universityof Washington imapd daemon Vulnerability	IRIX		high	Imapd	SGI		143
8/6/98	IRIXBIND DNS Vulnerabilities Update	IRIX	5.3	high	Bind DNS	SGI	CERT98-05	53		SUN00180
8/6/98	IRIX IPSpoofing/TCP Sequence Attack Update	IRIX	5.3 6.2	medium	tcpip	SGI				ftp://sgigate.sgi.com/security/ 19961202-01-PX
8/6/98	fingerforwarding and finger DoS	Solaris	2.5.1 2.6	medium	finger	Bugtraq
8/6/98	Users can overwrite/create system files	All		high	Notes 4.6+ Client	l0pht		80
8/6/98	Insufficient bounds checking with SUN.LIBAUTH	Solaris	2.2 2.3 2.4 2.5 2.5.1 2.6	high	login in.ftpd in.uucpd rpc.rexd	RSI
8/5/98	Denial ofService attack to NT boxes running OpenNT 2.1	Windows NT		high	OpenNT 2.1	Bugtraq		23
8/5/98	bug in the'faxsurvey' CGI-Script			high	HylaFAX package	Bugtraq		80	patch for bug in the 'faxsurvey'CGI-Script
8/4/98	Microsoft'sresponse to the Cult of the Dead Cow's "BackOrifice" tool	W95	95 98	high	Backorifice	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-010.htm	31337 or other
8/4/98	IBM AIX"sdrd" daemon Vulnerability	AIX		low	sdrd	CIAC	CIAC-I-079			ftp://aix.software.ibm.com/ aix/efixes/security/sdrd.tar.Z
7/31/98	Lotus NotesSMTP Mta 1.1 running on crashes in "imsgconv" task when receiving follwing Mime Fragment	Notes Server	4.5x	medium	SMTP Mta 1.1	Bugtraq		25
7/31/98	Vulnerabilityin ZEN Client 2.5	Windows NT	4.0	high	ZEN Client 2.5 access to Netware 4.11	NTbugtraq			Novel	http://www.novell.com/download/
7/29/98	SecurityVulnerability with Predictive on HP-UX	HP-UX	9.04 10.01 10.10 10.20 10.30 11.00	high	Predictive	HP
7/28/98	A bufferoverrun has been detected in Outlook Express (v4.72.2106.4 & v4.72.3110.1), and Netscape Mail (v4.05 & 4.5b1) 2. MS98-008	Windows NT		high	Outlook 98 Outlook Express (v4.72.2106.4& v4.72.3110.1) Netscape Mail (v4.05 & 4.5b1) Eudora Pro 3.05	Bugtraq	1. http://ntbugtraq.ntadvice.com/ editorials/newworm.asp 2. MS98-008 3.CIAC-I-077	25 110	a) procmail kit b) procmail procmail warning	1. MS98-008 2.http://www.eu.microsoft.com/ie/ security/?/ie/security/oelong.htm 3. filter with procmailwhat is procmail
7/28/98	OpenVMS (VAX& ALPHA) V7.1 LOGINOUT Potential Security Vulnerability	OpenVMS	7.1	high	LOGINOUT	CERT	VB-98.07			http://www.service.digital.com/ public/vms
7/27/98	1.Windows NT Privilege Elevation attack 2. Read authors interview	Windows NT		high	NT4.0, 3.51	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-009.htm		MS-98-009
7/27/98	Httpssecurity in Netscape 4.x when using Squid proxy server	UNIX		high	SSL,https, proxy	Bugtraq		443
7/25/98	A backdoorhas been found in mIRC			high	mIRC	Bugtraq		194	mIRC
7/24/98	Potential SMTP andNNTP Denial-of-Service Vulnerabilities in Exchange Server	Windows NT		medium	Exchange Server 5.5 and 5.0	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-007.htm	25 119	MS98-007	ftp://ftp.microsoft.com/ bussys/exchange/ exchange-public/fixes/
7/23/98	Denial-of-Servicein IIS FTP Server with Passive Connections	Windows NT		medium	IIS 2.0, 3.0, 4.0	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-006.htm	21		ftp://ftp.microsoft.com/bussys/ iis/iis-public/fixes/usa/security/
7/23/98	SecurityVulnerability with ftp on HP-UX	HP-UX	10.0, 10.01 10.10 10.16 10.20 10.24 11.00	medium	ftp	HP		21
7/22/98	SGI IRIXioconfig(1M) and disk_bandwidth(1M) Vulnerability	IRIX	6.4	high	ioconfig disk_bandwidth	SGI
7/20/98	multiscan('mscan') Tool	All		low	statd nfs cgi-bin (eg: 'handler', 'phf' & 'cgi-test') X POP3 IMAP DNS finger	AusCERT	http://www.cert.org/incident_notes/ IN-98.02.html	53 80 110 143 6000
7/20/98	Unwanted DataIssue with Office 98 for the Macintosh	Macintosh		medium	Office 98	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-005..htm
7/19/98	Javasecurity flaw	UNIX		high	ClassLoader in Netscape Navigator 4.0x	Bugtraq	http://www.cs.princeton.edu/sip	80
7/17/98	Unauthorized ODBCData Access with RDS and IIS	Windows NT		high	-IIS 4.0 -Remote Data Services 1.5 -VisualStudio 6.0	Microsoft	http://www.microsoft.com/security/ bulletins/ms98-004.htm	80	ms98-004.htm	ms98-004.htm
7/17/98	UW imapdserver	UNIX		high	imapd	Bugtraq	CERT Advisory CA-98.09 CIAC-I-074 older ref: 14.4.97 Cert Advisory CA-97.09 Vulnerabilityin IMAP and POP	143	SGI-19980802-01-I	CA-97.09 SGI-19980802-01-I
7/15/98	Pandorav3.0, a set of Novell Netware 4.x attack tools	Netware	4.x	high	pandora	nmrc	pandora
7/9/98	ePerl wasincorrectly handling ISINDEX queries	http servers		high	eperl	Bugtraq		80		upgrade to ePerl 2.2.13
7/8/98	Vulnerabilitywith CSM Proxy 4.1	Windows NT		medium	ftpd	SAFER		21
7/7/98	Visibleuser list in Frontpage permissions	Windows NT		low	Frontpage	NTbugtraq
7/2/98	ASPvulnerability with Alternate Data Streams	Windows NT		high	IIS	Bugtraq CERT	1. http://www.microsoft.com/security/ bulletins/ms98-003.htm 2.http://support.microsoft.com/support/ kb/articles/q188/8/06.asp	80		ms98-003.htm
6/30/98	Securityvulnerabilities in MetaInfo products	Windows NT		high	MetaIP Sendmail	Bugtraq		25
6/29/98	DistributedDoS attack against NIS/NIS+ based networks	UNIX		medium	NIS, NIS+ finger	ISS		79
6/29/98	QPOPPER remote rootexploit	UNIX		high	Qpopper	Bugtraq	CERT* Advisory CA-98.08	110		QUALCOMM SCO SGI-19980801-01-I
6/27/98	at(1) allows any file tobe read	NetBSD	1.3.2	high	at	NetBSD
6/26/98	Vulnerabilityin Some Usages of PKCS			high	SSL		ftp://ftp.cert.org/pub/cert_advisories/ CA-98.07.PKCS
6/26/98	mailx(1)Buffer Overrun Vulnerability	IRIX		high	mailx	SGI
6/25/98	Several vulnerabilities have been discovered which could	HP-UX	9.x 10.x	high	RLPDAEMON	RSI	http://www.repsec.com/ advisories.html	515
6/18/98	Securityproblems on SCO's lp subsystem	SCO		high	lp	Bugtraq
6/18/98	IRIX BINDDNS Vulnerabilities	IRIX	3.X to 6.4	high	named	SGI	CERTCA-98.05	53
6/18/98	mail(1)/rmail(1M)/sendmail(1M)	IRIX	3.X to 6.4	high	mail(1)/ rmail(1M)/ sendmail(1M)	SGI	CERTCA-96.20
6/17/98	IRIXmediad(1M) Vulnerability	IRIX	5.1 to 6.4	high	mediad	SGI
6/17/98	A bufferoverflow in rlogind	BSDI	2.0 2.1 3.0 3.1	high	rlogind	RSI	http://www.repsec.com/ bofs.html
6/16/98	OSF/DCEDenial of Service Attack	IRIX	5.3 6.2 6.3 6.4	medium	OSF/DCE	SGI	ftp://ftp.cert.org/pub/ cert_bulletins/ VB-97.12.opengroup
6/11/98	ufsrestore sparc exploit	Solaris	2.4 2.5 2.5.1 2.6	high	ufsrestore	Bugtraq
6/11/98	Ataque de insercion aSSH			high	SSH 1.x	CORE SDI S.A.			980703	Patch CORE
6/11/98	BIND, port 1/tcpmux,root compromise	UNIX		high	Summary	CERT
6/11/98	Ataque de insercion aSSH			high	SSH 1.x	CORE SDI S.A.			980703	Patch CORE
6/10/98	Vulnerability in 4.4BSDSecure Levels Implementation		4.4	medium	Secure levels	Bugtraq
6/10/98	Vulnerable ftpd	Solaris	2.3 2.5 2.5.1 2.6	medium	ftpd	SUN
6/9/98	Buffer Overflow inNIS+	UNIX		high	rpc.nisd	CERT	ftp://ftp.cert.org/pub/ cert_advisories/CA-98.06.nisd
6/5/98	Domain_Create_Aliasthreat	Windows NT		medium		Infoworld
6/3/98	PIX Private Link KeyProcessing and Cryptography Issues	cisco PIX		high	PIX Private Link	CERT	ftp://ftp.cert.org/pub/cert_bulletins/ VB-98.05.cisco
6/2/98	Microsoft'sPPTP vulnerable	Windows NT		high	PPTP	Counterpane	http://www.counterpane.com/ pptp-faq.html
5/15/98	Remote users can sendcommands to your terminal via escape sequences sent to the rlpdaemon	HP-UX	9.X 10.X	high	rlpdaemon	RSI	http://www.repsec.com/ advisories.html
5/14/98	libnslInsufficient bounds checking	Solaris	5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, 5.4_x86 5.3.	high	Sun Microsystem's libnsl	RSI			SUN-SB-00172 980709	SUN
5/10/98	Default user login	Bay-Wellfleet		high	login	Bugtraq
5/5/98	backdoor/undocumented"access level"	3COM		high	Debug	Bugtraq
4/30/98	potential vulnerability	DEC UNIX		high	ftp, advs, rpc.statd, ftpd V3.2g, V4.0, V4.0a, V4.0b, V4.0c	DEC
4/27/98	Vulnerabilitiesin xterm and Xaw	UNIX		high	xterm, xaw	CERT	ftp://ftp.cert.org/pub/cert_bulletins/ VB-98.04.xterm.Xaw
4/23/98	SUN Solaris 2.6 bufferoverflow	Solaris	2.6	medium	ufsdump	Bugtraq
4/16/98	Creating user accountsto become "hidden"	Netware	4.x	high	NWADMIN	Bugtraq
4/10/98	Bind 4.9.7 SIGINTSIGIOT	UNIX		medium	named	Bugtraq		53
4/8/98	MultipleVulnerabilities in BIND	UNIX		high	BIND 4.9 BIND 8	CERT	ftp://ftp.cert.org/pub/cert_advisories/ CA-98.05.bind_problems	53
4/6/98	Mailcapvulnerability	IRIX	6.3 6.4	high	runtask(1M) or runexec(1M)	CERT	ftp://ftp.cert.org/pub/cert_bulletins/ VB-98.03.sgi_mailcap
3/30/98	Improperly coded routines canresult in susceptability to denial of service attacks.	HP-UX	9.X, and 10.X	medium		HP	HEWLETT-PACKARD SECURITY BULLETIN:
3/23/98	Security Issues in Sun NIS+	Solaris		low	NIS +	SNI	http://www.secnet.com/advisories/
3/16/98	Ascend Routing Hardware	Ascend		medium		SNI	http://www.secnet.com/advisories/
3/4/98	Denial of serviceattacks targeting Windows 95/NT machines	W95		medium	TCP/IP stack	CERT	CERT* Summary CS-98.02 http://www.microsoft.com/security/ newtear2.htm
2/24/98	"land"	SCO		medium		Bugtraq	SCO(SSE) 010
2/14/98	Windows NT Logon Denial ofService	Windows NT		medium	SMB logon	SNI	SNI-25
2/13/98	Current activityrelating to rpc.statd	UNIX		high	.	CERT	Summary
2/12/98	New release of l0phtcrack v2.0			high	Windows NT, SAMBA running on Unix machines	L0pht	Advisory
2/11/98	Telnetdenial of service attack	AIX	4.1.x 4.2.x 4.3	medium	telnet	IBM	ERS-SVA-E01-1998:003.1
2/11/98	Insecure temporary files allow symbolic link attacks	AIX	3.2.5 4.1.x 4.2.x 4.3	medium	.	IBM	ERS-SVA-E01-1998:002.2
2/10/98	vulnerability in thevolrmmount program	SunOS	5.6 5.6_x86	medium	volrmmount	SUN	00162
2/9/98	Vulnerabilities in NetworkIntrusion Detection Software			medium	Intrusion detection systems	SNI	SNI-24 technicalpaper
2/6/98	MicrosoftWindows-based Web Servers unauthorized access - long file names	Windows NT		high	IIS	CERT	Advisory CA-98.04
2/6/98	WindowsNT: Users can bind to any port and block NT services	Windows NT		medium	.	L0pht	Advisory
1/21/98	Vulnerabilities in CDE	UNIX		medium	CDE	CERT	Advisory CA-98.02
1/20/98	Domino-write	Notes Server	4.6	high	Domino 4.6	L0pht	Advisory
1/20/98	Apache SecurityAdvisory	UNIX		medium	Apache	CERT vendor initiated	Bulletin VB-98.02
1/20/98	Vulnerability inssh-agent	UNIX		high	ssh	SNI	advisory SNI-23
1/19/98	CGI Security Hole inEWS1.1	UNIX		medium	EWS1.1	CERT vendor initiated	Bulletin VB-98.01
1/14/98	Viewing remote HTML contentcan execute arbitrary native code			high	Microsoft Internet Explorer 4.0(1) Suite	L0pht	Advisory
1/14/98	linux-deliver	Linux Debian		high	deliver mail component	KSR	KSR[T] Advisory
1/8/98	IBM-routed	AIX	3.2.x 4.1.x 4.2.x 4.3.x	high	routed	IBM	ERS-SVA-E01-1998:001.1
1/5/98	.smurf:ping denial of service	All		medium	.	CERT	Advisory CA-98.01