Full List

Search

Recent Vulnerabilities

• CVE-2002-0740 • published on July 26, 2002 Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
• CVE-2002-0744 • published on July 26, 2002 namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
• CVE-2002-0751 • published on July 26, 2002 CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
• CVE-2002-0757 • published on July 26, 2002 (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
• CVE-2002-0770 • published on July 26, 2002 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
• CVE-2002-0773 • published on July 26, 2002 imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
• CVE-2002-0730 • published on July 26, 2002 Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
• CVE-2002-0731 • published on July 26, 2002 Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
• CVE-2002-0746 • published on July 26, 2002 Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
• CVE-2002-0747 • published on July 26, 2002 Buffer overflow in lsmcode in AIX 4.3.3.
• CVE-2002-0750 • published on July 26, 2002 CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
• CVE-2002-0763 • published on July 26, 2002 Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
• CVE-2002-0771 • published on July 26, 2002 Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
• CVE-2002-0774 • published on July 26, 2002 Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
• CVE-2002-0780 • published on July 26, 2002 IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.
• CVE-2002-0784 • published on July 26, 2002 Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot).
• CVE-2002-0728 • published on July 26, 2002 Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
• CVE-2002-0742 • published on July 26, 2002 Buffer overflow in pioout on AIX 4.3.3.
• CVE-2002-0752 • published on July 26, 2002 CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
• CVE-2002-0764 • published on July 26, 2002 Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.