Full List

Search

Recent Vulnerabilities

• CVE-2002-1448 • published on September 1, 2004 An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
• CVE-2002-1476 • published on September 1, 2004 Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
• CVE-2002-1478 • published on September 1, 2004 Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
• CVE-2002-1490 • published on September 1, 2004 NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
• CVE-2002-1491 • published on September 1, 2004 The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
• CVE-2002-1494 • published on September 1, 2004 Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.
• CVE-2002-1496 • published on September 1, 2004 Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
• CVE-2002-1446 • published on September 1, 2004 The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
• CVE-2002-1519 • published on September 1, 2004 Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
• CVE-2002-1472 • published on September 1, 2004 Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
• CVE-2002-1516 • published on September 1, 2004 rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2002-1530 • published on September 1, 2004 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.
• CVE-2002-1468 • published on September 1, 2004 Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
• CVE-2002-1517 • published on September 1, 2004 fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file.
• CVE-2002-1538 • published on September 1, 2004 Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable.
• CVE-2002-1469 • published on September 1, 2004 scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
• CVE-2002-1511 • published on September 1, 2004 The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
• CVE-2002-1501 • published on September 1, 2004 The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
• CVE-2002-1505 • published on September 1, 2004 SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
• CVE-2002-1513 • published on September 1, 2004 The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.