Full List

Search

Recent Vulnerabilities

• CVE-2001-1295 • published on June 25, 2002 Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
• CVE-2001-1297 • published on June 25, 2002 PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
• CVE-2001-1342 • published on June 25, 2002 Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
• CVE-2002-0004 • published on June 25, 2002 Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
• CVE-2002-0023 • published on June 25, 2002 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
• CVE-2002-0026 • published on June 25, 2002 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
• CVE-2002-0027 • published on June 25, 2002 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
• CVE-2002-0046 • published on June 25, 2002 Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
• CVE-2002-0047 • published on June 25, 2002 CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.
• CVE-2002-0050 • published on June 25, 2002 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
• CVE-2002-0051 • published on June 25, 2002 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
• CVE-2002-0003 • published on June 25, 2002 Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
• CVE-2002-0007 • published on June 25, 2002 CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
• CVE-2002-0021 • published on June 25, 2002 Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
• CVE-2002-0044 • published on June 25, 2002 GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
• CVE-2002-0052 • published on June 25, 2002 Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
• CVE-2002-0057 • published on June 25, 2002 XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
• CVE-2002-0060 • published on June 25, 2002 IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
• CVE-2002-0064 • published on June 25, 2002 Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
• CVE-2002-0028 • published on June 25, 2002 Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.