Critical · CVSS 9.8
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Published Mar 15, 2002 · Updated Jan 16, 2025
High · CVSS 7.3
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
Published Mar 9, 2002 · Updated Jan 16, 2025
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
Published Mar 22, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
Published Mar 22, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
Published Mar 22, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
Published Mar 22, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
Published Mar 18, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
Published Mar 15, 2002 · Updated Aug 8, 2024