Security Vulnerabilities, CVEs, Published In 2002 CVSS score >= 7

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.

Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.

acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.

site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.

Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.

acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.

Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.

Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.

SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.

Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.

Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.

Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.

SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.

SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names.

cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.

Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.

Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor

Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.

Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.

Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.

Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.

Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.