Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
1.38%
Published
2002-05-27
Updated
2008-09-05
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.10%
Published
2002-05-06
Updated
2021-06-06
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-05-28
Updated
2008-09-05
Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash).
Max CVSS
5.0
EPSS Score
0.12%
Published
2002-05-17
Updated
2008-09-10
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
Max CVSS
7.5
EPSS Score
15.17%
Published
2002-05-16
Updated
2018-10-12
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-05-29
Updated
2016-10-18
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
Max CVSS
5.0
EPSS Score
1.87%
Published
2002-05-29
Updated
2017-07-11
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
Max CVSS
7.5
EPSS Score
1.16%
Published
2002-05-29
Updated
2016-10-18
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
Max CVSS
7.5
EPSS Score
0.47%
Published
2002-05-29
Updated
2008-09-05
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.
Max CVSS
7.5
EPSS Score
2.91%
Published
2002-05-29
Updated
2016-10-18
Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-05-29
Updated
2008-09-11
netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-05-29
Updated
2008-09-11
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.
Max CVSS
10.0
EPSS Score
2.76%
Published
2002-05-31
Updated
2008-09-11
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.
Max CVSS
7.5
EPSS Score
1.22%
Published
2002-05-31
Updated
2017-07-11
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.
Max CVSS
5.0
EPSS Score
0.12%
Published
2002-05-31
Updated
2016-10-18
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
Max CVSS
10.0
EPSS Score
0.32%
Published
2002-05-31
Updated
2017-07-11
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
Max CVSS
7.5
EPSS Score
8.75%
Published
2002-05-31
Updated
2016-10-18
ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.
Max CVSS
7.5
EPSS Score
0.58%
Published
2002-05-31
Updated
2016-10-18
Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.
Max CVSS
5.0
EPSS Score
0.32%
Published
2002-05-31
Updated
2017-07-11
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
Max CVSS
5.0
EPSS Score
0.60%
Published
2002-05-31
Updated
2016-10-18
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-05-31
Updated
2016-10-18
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.
Max CVSS
5.0
EPSS Score
0.09%
Published
2002-05-31
Updated
2017-10-10
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
Max CVSS
5.0
EPSS Score
0.47%
Published
2002-05-31
Updated
2016-10-18
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
Max CVSS
5.0
EPSS Score
1.24%
Published
2002-05-31
Updated
2016-10-18
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.
Max CVSS
7.6
EPSS Score
0.34%
Published
2002-05-31
Updated
2016-10-18
148 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!