Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-05-01
Updated
2016-10-18
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
Max CVSS
5.0
EPSS Score
2.00%
Published
2002-05-19
Updated
2016-10-18
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
Max CVSS
5.0
EPSS Score
2.69%
Published
2002-05-21
Updated
2008-09-10
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
Max CVSS
10.0
EPSS Score
19.35%
Published
2002-05-29
Updated
2018-10-30
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
Max CVSS
7.5
EPSS Score
6.42%
Published
2002-05-16
Updated
2018-10-12
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
Max CVSS
7.5
EPSS Score
5.50%
Published
2002-05-29
Updated
2018-10-12
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-05-16
Updated
2008-09-05
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
Max CVSS
4.6
EPSS Score
0.06%
Published
2002-05-29
Updated
2008-09-11
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
Max CVSS
7.5
EPSS Score
0.86%
Published
2002-05-16
Updated
2008-09-11
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
Max CVSS
2.1
EPSS Score
0.10%
Published
2002-05-16
Updated
2008-09-11
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-05-16
Updated
2008-09-11
nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-05-29
Updated
2008-09-11
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
Max CVSS
7.2
EPSS Score
0.07%
Published
2002-05-29
Updated
2016-10-18
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
Max CVSS
7.8
EPSS Score
0.06%
Published
2002-05-16
Updated
2024-02-02
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
Max CVSS
7.5
EPSS Score
2.79%
Published
2002-05-16
Updated
2008-09-05
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
Max CVSS
7.5
EPSS Score
3.93%
Published
2002-05-29
Updated
2021-07-23
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
Max CVSS
7.5
EPSS Score
17.84%
Published
2002-05-29
Updated
2021-07-23
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
Max CVSS
7.5
EPSS Score
4.91%
Published
2002-05-29
Updated
2021-07-23
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
Max CVSS
5.0
EPSS Score
3.30%
Published
2002-05-29
Updated
2021-07-23
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
Max CVSS
7.5
EPSS Score
6.06%
Published
2002-05-29
Updated
2021-07-23
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
Max CVSS
6.4
EPSS Score
0.39%
Published
2002-05-16
Updated
2008-09-11
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
Max CVSS
7.5
EPSS Score
0.71%
Published
2002-05-16
Updated
2016-10-18
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
Max CVSS
10.0
EPSS Score
4.82%
Published
2002-05-16
Updated
2016-10-18
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
Max CVSS
7.5
EPSS Score
2.55%
Published
2002-05-16
Updated
2016-10-18
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
Max CVSS
5.0
EPSS Score
1.12%
Published
2002-05-16
Updated
2016-10-18
148 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!