Unknown · CVSS Not scored
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
Published Aug 23, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
Published Aug 2, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
Published Aug 31, 2002 · Updated Aug 8, 2024