Unknown · CVSS Not scored
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
Published May 7, 2001 · Updated Dec 3, 2024
Unknown · CVSS Not scored
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.
Published May 31, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024