Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
Published Mar 9, 2002 · Updated Aug 8, 2024