Unknown · CVSS Not scored
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
Published Apr 12, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
Published Apr 18, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
Published Apr 18, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
Published Apr 4, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
Published Apr 4, 2001 · Updated Aug 8, 2024