Unknown · CVSS Not scored
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.
Published Mar 9, 2002 · Updated Aug 1, 2024