Recent Vulnerabilities

CVE-2002-1169 • published on September 1, 2004 IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
CVE-2002-1170 • published on September 1, 2004 The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
CVE-2002-1187 • published on September 1, 2004 Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the frame or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1239'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1239 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1245'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1245 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1255'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1255 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1260'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1260 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1264'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1264 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1265'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1265 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1277'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1277 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1231'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1231 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1236'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1236 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1250'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1250 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1253'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1253 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1256'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1256 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1268'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1268 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1270'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1270 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1271'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1271 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1278'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1278 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.</small> </div> </li> <li class="result-item" onclick="window.location='/CVE-2002-1227'" style="cursor:pointer; display:flex; align-items:flex-start; border-radius: 8px; border: 1px solid #e2e6eb; box-shadow: 0 1px 4px rgba(0, 0, 0, 0.05); background-color: #ffffff; padding: 1.2rem 1.5rem; color: #3a3a3a;" > <div style="flex:1; display:flex; flex-direction:column;"> <span> CVE-2002-1227 <span class="separator">•</span> <small>published on September 1, 2004</small> </span> <small class="ellipsis-text">PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.</small> </div> </li> </ul> <div class="center-pagination"><div class="pagination"><a href="/?page=13644" class=" " >«</a><a href="/?page=1" class=" " >1</a><a href="/?page=13643" class=" " >13643</a><a href="/?page=13644" class=" " >13644</a><a href="/?page=13645" class="active " >13645</a><a href="/?page=13646" class=" " >13646</a><a href="/?page=13647" class=" " >13647</a><a href="/?page=13993" class=" " >13993</a><a href="/?page=13646" class=" " >»</a></div></div> </div> </div> <footer style="text-align: center; padding: 2em 1em 1em 1em; font-size: 0.9em; color: #666; margin-top: 2em;"> Data from cve.org<br> Compiled by Portend AI, Inc. </footer> <script> document.getElementById('advisorySearchForm').addEventListener('submit', function (e) { e.preventDefault(); // Prevent the default form submission const searchValue = document.getElementById('searchInput').value.trim(); if (searchValue) { // Redirect to the desired URL window.location.href = '/' + encodeURIComponent(searchValue); } }); </script> </body> </html>