Unknown · CVSS Not scored
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
Published Mar 9, 2002 · Updated Aug 1, 2024