Unknown · CVSS Not scored
fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.
Published May 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.
Published May 3, 2002 · Updated Aug 8, 2024