Unknown · CVSS Not scored
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
Published Mar 9, 2002 · Updated Aug 8, 2024