CVE List - 2002 / March
Showing 1 - 100 of 570 CVEs for March 2002 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-0084 | 2002-03-07 | Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. |
| CVE-2002-0085 | 2002-03-07 | cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. |
| CVE-2002-0086 | 2002-03-07 | Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. |
| CVE-2002-0087 | 2002-03-07 | bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. |
| CVE-2002-0088 | 2002-03-07 | Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. |
| CVE-2002-0089 | 2002-03-07 | Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS... |
| CVE-2002-0091 | 2002-03-07 | Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields. |
| CVE-1999-0380 | 2002-03-09 | SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File... |
| CVE-1999-0801 | 2002-03-09 | BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. |
| CVE-1999-0815 | 2002-03-09 | Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. |
| CVE-1999-0921 | 2002-03-09 | BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. |
| CVE-1999-0930 | 2002-03-09 | wwwboard allows a remote attacker to delete message board articles via a malformed argument. |
| CVE-1999-0968 | 2002-03-09 | Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. |
| CVE-1999-1014 | 2002-03-09 | Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. |
| CVE-1999-1019 | 2002-03-09 | SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a... |
| CVE-1999-1021 | 2002-03-09 | NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16... |
| CVE-1999-1027 | 2002-03-09 | Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. |
| CVE-1999-1028 | 2002-03-09 | Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. |
| CVE-1999-1032 | 2002-03-09 | Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. |
| CVE-1999-1034 | 2002-03-09 | Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. |
| CVE-1999-1035 | 2002-03-09 | IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. |
| CVE-1999-1037 | 2002-03-09 | rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. |
| CVE-1999-1044 | 2002-03-09 | Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. |
| CVE-1999-1045 | 2002-03-09 | pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. |
| CVE-1999-1047 | 2002-03-09 | When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. |
| CVE-1999-1048 | 2002-03-09 | Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via... |
| CVE-1999-1055 | 2002-03-09 | Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL,... |
| CVE-1999-1057 | 2002-03-09 | VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. |
| CVE-1999-1059 | 2002-03-09 | Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. |
| CVE-1999-1074 | 2002-03-09 | Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password... |
| CVE-1999-1085 | 2002-03-09 | SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an... |
| CVE-1999-1087 | 2002-03-09 | Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone... |
| CVE-1999-1090 | 2002-03-09 | The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify... |
| CVE-1999-1093 | 2002-03-09 | Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. |
| CVE-1999-1094 | 2002-03-09 | Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." |
| CVE-1999-1098 | 2002-03-09 | Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. |
| CVE-1999-1099 | 2002-03-09 | Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. |
| CVE-1999-1100 | 2002-03-09 | Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits... |
| CVE-1999-1102 | 2002-03-09 | lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after... |
| CVE-1999-1103 | 2002-03-09 | dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. |
| CVE-1999-1104 | 2002-03-09 | Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. |
| CVE-1999-1105 | 2002-03-09 | Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary... |
| CVE-1999-1109 | 2002-03-09 | Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the... |
| CVE-1999-1111 | 2002-03-09 | Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return... |
| CVE-1999-1114 | 2002-03-09 | Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. |
| CVE-1999-1115 | 2002-03-09 | Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). |
| CVE-1999-1116 | 2002-03-09 | Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. |
| CVE-1999-1117 | 2002-03-09 | lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. |
| CVE-1999-1118 | 2002-03-09 | ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. |
| CVE-1999-1119 | 2002-03-09 | FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| CVE-1999-1120 | 2002-03-09 | netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. |
| CVE-1999-1121 | 2002-03-09 | The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. |
| CVE-1999-1122 | 2002-03-09 | Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. |
| CVE-1999-1127 | 2002-03-09 | Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections... |
| CVE-1999-1131 | 2002-03-09 | Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or... |
| CVE-1999-1132 | 2002-03-09 | Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop... |
| CVE-1999-1136 | 2002-03-09 | Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response... |
| CVE-1999-1137 | 2002-03-09 | The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker... |
| CVE-1999-1138 | 2002-03-09 | SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other... |
| CVE-1999-1139 | 2002-03-09 | Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. |
| CVE-1999-1140 | 2002-03-09 | Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. |
| CVE-1999-1142 | 2002-03-09 | SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3)... |
| CVE-1999-1143 | 2002-03-09 | Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. |
| CVE-1999-1144 | 2002-03-09 | Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. |
| CVE-1999-1145 | 2002-03-09 | Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. |
| CVE-1999-1146 | 2002-03-09 | Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. |
| CVE-1999-1147 | 2002-03-09 | Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. |
| CVE-1999-1148 | 2002-03-09 | FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. |
| CVE-1999-1156 | 2002-03-09 | BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of... |
| CVE-1999-1157 | 2002-03-09 | Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are... |
| CVE-1999-1159 | 2002-03-09 | SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. |
| CVE-1999-1160 | 2002-03-09 | Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |
| CVE-1999-1161 | 2002-03-09 | Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. |
| CVE-1999-1162 | 2002-03-09 | Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. |
| CVE-1999-1163 | 2002-03-09 | Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. |
| CVE-1999-1167 | 2002-03-09 | Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript... |
| CVE-1999-1175 | 2002-03-09 | Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts... |
| CVE-1999-1177 | 2002-03-09 | Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. |
| CVE-1999-1181 | 2002-03-09 | Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. |
| CVE-1999-1188 | 2002-03-09 | mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. |
| CVE-1999-1191 | 2002-03-09 | Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| CVE-1999-1192 | 2002-03-09 | Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| CVE-1999-1193 | 2002-03-09 | The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. |
| CVE-1999-1194 | 2002-03-09 | chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. |
| CVE-1999-1197 | 2002-03-09 | TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. |
| CVE-1999-1198 | 2002-03-09 | BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. |
| CVE-1999-1203 | 2002-03-09 | Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. |
| CVE-1999-1204 | 2002-03-09 | Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in... |
| CVE-1999-1205 | 2002-03-09 | nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
| CVE-1999-1208 | 2002-03-09 | Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. |
| CVE-1999-1209 | 2002-03-09 | Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. |
| CVE-1999-1214 | 2002-03-09 | The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service... |
| CVE-1999-1215 | 2002-03-09 | LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. |
| CVE-1999-1222 | 2002-03-09 | Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. |
| CVE-1999-1223 | 2002-03-09 | IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash)... |
| CVE-1999-1226 | 2002-03-09 | Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. |
| CVE-1999-1233 | 2002-03-09 | IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain... |
| CVE-1999-1243 | 2002-03-09 | SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. |
| CVE-1999-1246 | 2002-03-09 | Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to... |
| CVE-1999-1249 | 2002-03-09 | movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. |