Unknown · CVSS Not scored
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
Published Aug 24, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t").
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header.
Published Aug 31, 2002 · Updated Aug 8, 2024