CVE List - 2002 / March
Showing 101 - 200 of 570 CVEs for March 2002 (Page 2 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-1258 | 2002-03-09 | rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. |
| CVE-1999-1259 | 2002-03-09 | Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which... |
| CVE-1999-1262 | 2002-03-09 | Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and... |
| CVE-1999-1263 | 2002-03-09 | Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which... |
| CVE-1999-1276 | 2002-03-09 | fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. |
| CVE-1999-1279 | 2002-03-09 | An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC... |
| CVE-1999-1284 | 2002-03-09 | NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100%... |
| CVE-1999-1288 | 2002-03-09 | Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain... |
| CVE-1999-1290 | 2002-03-09 | Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string. |
| CVE-1999-1294 | 2002-03-09 | Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could... |
| CVE-1999-1297 | 2002-03-09 | cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts)... |
| CVE-1999-1298 | 2002-03-09 | Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access... |
| CVE-1999-1301 | 2002-03-09 | A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of... |
| CVE-1999-1309 | 2002-03-09 | Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. |
| CVE-1999-1316 | 2002-03-09 | Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. |
| CVE-1999-1317 | 2002-03-09 | Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or... |
| CVE-1999-1318 | 2002-03-09 | /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. |
| CVE-1999-1320 | 2002-03-09 | Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. |
| CVE-1999-1321 | 2002-03-09 | Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that... |
| CVE-1999-1324 | 2002-03-09 | VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts,... |
| CVE-1999-1325 | 2002-03-09 | SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. |
| CVE-1999-1326 | 2002-03-09 | wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly... |
| CVE-1999-1327 | 2002-03-09 | Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable. |
| CVE-1999-1328 | 2002-03-09 | linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. |
| CVE-1999-1329 | 2002-03-09 | Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges. |
| CVE-1999-1330 | 2002-03-09 | The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. |
| CVE-1999-1331 | 2002-03-09 | netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a... |
| CVE-1999-1332 | 2002-03-09 | gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| CVE-1999-1333 | 2002-03-09 | automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files... |
| CVE-1999-1335 | 2002-03-09 | snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. |
| CVE-1999-1336 | 2002-03-09 | 3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port. |
| CVE-1999-1339 | 2002-03-09 | Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel... |
| CVE-1999-1341 | 2002-03-09 | Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. |
| CVE-1999-1351 | 2002-03-09 | Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in... |
| CVE-1999-1356 | 2002-03-09 | Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a... |
| CVE-1999-1358 | 2002-03-09 | When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which... |
| CVE-1999-1359 | 2002-03-09 | When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users... |
| CVE-1999-1360 | 2002-03-09 | Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a... |
| CVE-1999-1363 | 2002-03-09 | Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which... |
| CVE-1999-1379 | 2002-03-09 | DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than... |
| CVE-1999-1380 | 2002-03-09 | Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious... |
| CVE-1999-1382 | 2002-03-09 | NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges... |
| CVE-1999-1384 | 2002-03-09 | Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which... |
| CVE-1999-1385 | 2002-03-09 | Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. |
| CVE-1999-1386 | 2002-03-09 | Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. |
| CVE-1999-1402 | 2002-03-09 | The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect... |
| CVE-1999-1407 | 2002-03-09 | ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. |
| CVE-1999-1409 | 2002-03-09 | The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument,... |
| CVE-1999-1411 | 2002-03-09 | The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such... |
| CVE-1999-1414 | 2002-03-09 | IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. |
| CVE-1999-1419 | 2002-03-09 | Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. |
| CVE-1999-1423 | 2002-03-09 | ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via... |
| CVE-1999-1432 | 2002-03-09 | Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters... |
| CVE-1999-1433 | 2002-03-09 | HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. |
| CVE-1999-1437 | 2002-03-09 | ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. |
| CVE-1999-1452 | 2002-03-09 | GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents... |
| CVE-1999-1455 | 2002-03-09 | RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which... |
| CVE-1999-1456 | 2002-03-09 | thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. |
| CVE-1999-1472 | 2002-03-09 | Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data... |
| CVE-1999-1473 | 2002-03-09 | When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." |
| CVE-1999-1476 | 2002-03-09 | A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95,... |
| CVE-1999-1478 | 2002-03-09 | The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. |
| CVE-1999-1481 | 2002-03-09 | Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. |
| CVE-1999-1488 | 2002-03-09 | sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication. |
| CVE-1999-1494 | 2002-03-09 | colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. |
| CVE-1999-1507 | 2002-03-09 | Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. |
| CVE-1999-1512 | 2002-03-09 | The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field. |
| CVE-1999-1530 | 2002-03-09 | cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify... |
| CVE-1999-1531 | 2002-03-09 | Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. |
| CVE-1999-1535 | 2002-03-09 | Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the... |
| CVE-1999-1542 | 2002-03-09 | RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. |
| CVE-1999-1550 | 2002-03-09 | bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. |
| CVE-1999-1565 | 2002-03-09 | Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
| CVE-2000-0006 | 2002-03-09 | strace allows local users to read arbitrary files via memory mapped file names. |
| CVE-2000-0007 | 2002-03-09 | Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. |
| CVE-2000-0027 | 2002-03-09 | IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |
| CVE-2000-0180 | 2002-03-09 | Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0290 | 2002-03-09 | Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. |
| CVE-2000-0298 | 2002-03-09 | The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. |
| CVE-2000-0324 | 2002-03-09 | pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. |
| CVE-2000-0457 | 2002-03-09 | ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a... |
| CVE-2000-0551 | 2002-03-09 | The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files. |
| CVE-2000-0570 | 2002-03-09 | FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header. |
| CVE-2000-0575 | 2002-03-09 | SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote... |
| CVE-2000-0581 | 2002-03-09 | Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. |
| CVE-2000-0593 | 2002-03-09 | WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number. |
| CVE-2000-0600 | 2002-03-09 | Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. |
| CVE-2000-0615 | 2002-03-09 | LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files. |
| CVE-2000-0619 | 2002-03-09 | Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets. |
| CVE-2000-0662 | 2002-03-09 | Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). |
| CVE-2000-0699 | 2002-03-09 | Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. |
| CVE-2000-0739 | 2002-03-09 | Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in... |
| CVE-2000-0740 | 2002-03-09 | Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. |
| CVE-2000-0741 | 2002-03-09 | Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with... |
| CVE-2000-0753 | 2002-03-09 | The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. |
| CVE-2000-0776 | 2002-03-09 | Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
| CVE-2000-0788 | 2002-03-09 | The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary... |
| CVE-2000-0790 | 2002-03-09 | The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb... |
| CVE-2000-0795 | 2002-03-09 | Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option. |
| CVE-2000-0796 | 2002-03-09 | Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option. |