Unknown · CVSS Not scored
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
Published May 24, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.
Published May 24, 2001 · Updated Aug 8, 2024