Unknown · CVSS Not scored
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
Published Jun 25, 2002 · Updated Aug 8, 2024