The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
Max CVSS
7.5
EPSS Score
0.42%
Published
2002-02-13
Updated
2017-12-19
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
Max CVSS
3.6
EPSS Score
0.04%
Published
2002-02-13
Updated
2017-10-10
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
Max CVSS
7.5
EPSS Score
91.81%
Published
2002-02-06
Updated
2016-10-18
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
10.95%
Published
2002-02-06
Updated
2017-10-10
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-02-26
Updated
2008-09-05
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Max CVSS
7.5
EPSS Score
1.30%
Published
2002-02-27
Updated
2016-10-18
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
Max CVSS
7.5
EPSS Score
1.07%
Published
2002-02-27
Updated
2017-10-10
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-02-27
Updated
2017-10-10
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Max CVSS
10.0
EPSS Score
94.92%
Published
2002-02-13
Updated
2018-10-12
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Max CVSS
10.0
EPSS Score
91.55%
Published
2002-02-13
Updated
2018-10-12
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
Max CVSS
7.5
EPSS Score
7.10%
Published
2002-02-27
Updated
2017-10-10
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
Max CVSS
10.0
EPSS Score
91.75%
Published
2002-02-27
Updated
2016-10-18
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.
Max CVSS
5.1
EPSS Score
0.54%
Published
2002-02-09
Updated
2017-07-11
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
Max CVSS
5.0
EPSS Score
5.52%
Published
2002-02-13
Updated
2017-07-11
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-02-26
Updated
2017-07-11
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!