5354 matches found
CVE-2002-1940
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application...
CVE-2002-2126
restrictEnabled in Integrity Protection Driver IPD 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time...
CVE-2002-2221
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639...
CVE-2002-2360
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remoteforeignrequire and remoteforeigncall requests...
CVE-2002-2386
Cross-site scripting XSS vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag...
CVE-2002-2076
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request...
CVE-2002-2115
Cross-site scripting XSS vulnerability in Hyper NIKKI System HNS Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML...
CVE-2002-2016
User-mode Linux UML 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code...
CVE-2002-2096
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long 1 username or 2 password...
CVE-2002-2379
Cisco AS5350 IOS 12.211T with access control lists ACLs applied and possibly with ssh running allows remote attackers to cause a denial of service crash via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor...
CVE-2002-2199
The default aide.conf file in Advanced Intrusion Detection Environment AIDE before 0.71 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection...
CVE-2002-2021
Cross-site scripting XSS vulnerability in WoltLab Burning Board wbboard 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2002-2069
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...
CVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments...
CVE-2002-2112
RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information...
CVE-2002-2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...
CVE-2002-2415
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero null bytes sent via UDP to a running service...
CVE-2002-1915
tip on multiple BSD-based operating systems allows local users to cause a denial of service execution prevention by using flock to lock the /var/log/acculog file...
CVE-2002-1963
Linux kernel 2.4.1 through 2.4.19 sets root's NRRESERVEDFILES limit to 10 files, which allows local users to cause a denial of service resource exhaustion by opening 10 setuid binaries...
CVE-2002-1859
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...