Unknown · CVSS Not scored
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
Published Mar 15, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
Published Mar 15, 2002 · Updated Aug 8, 2024