[CLOSE] OSVDB ID : 43172 - Disclosed: 2002-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8939 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 61292 - Disclosed: 2002-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4013 - Disclosed: 2002-10-31

Description:

A remote overflow exists in Oracle Database 9i. Oracle Database 9i fails to handle an overly long user ID parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to run in the security context of the web server resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 6244 - Disclosed: 2002-10-31

Description:

PHP-Nuke contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the bio variable in the administrative module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 6740 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.

[CLOSE] OSVDB ID : 7359 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.

[CLOSE] OSVDB ID : 8551 - Disclosed: 2002-10-31

Description:

Merak Email Server contains a flaw related to authentication that may allow an attacker to login without an email address. No further details have been provided.

[CLOSE] OSVDB ID : 8879 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.

[CLOSE] OSVDB ID : 8924 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.

[CLOSE] OSVDB ID : 8925 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).

[CLOSE] OSVDB ID : 8926 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.

[CLOSE] OSVDB ID : 8927 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.

[CLOSE] OSVDB ID : 12643 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.

[CLOSE] OSVDB ID : 14495 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.

[CLOSE] OSVDB ID : 17124 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.

[CLOSE] OSVDB ID : 59527 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3).

[CLOSE] OSVDB ID : 59881 - Disclosed: 2002-10-31

Description:

(Description Provided by CVE) : SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.

[CLOSE] OSVDB ID : 5346 - Disclosed: 2002-10-30

Description:

(Description Provided by CVE) : uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

[CLOSE] OSVDB ID : 58668 - Disclosed: 2002-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13438 - Disclosed: 2002-10-30

Description:

(Description Provided by CVE) : The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.

[CLOSE] OSVDB ID : 17122 - Disclosed: 2002-10-30

Description:

(Description Provided by CVE) : A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

[CLOSE] OSVDB ID : 59771 - Disclosed: 2002-10-30

Description:

(Description Provided by CVE) : Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap.

[CLOSE] OSVDB ID : 44634 - Disclosed: 2002-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 20827 - Disclosed: 2002-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 20824 - Disclosed: 2002-10-29

Description:

(Description Provided by CVE) : The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.

[CLOSE] OSVDB ID : 59539 - Disclosed: 2002-10-29

Description:

(Description Provided by CVE) : SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.

[CLOSE] OSVDB ID : 60235 - Disclosed: 2002-10-29

Description:

(Description Provided by CVE) : NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.

[CLOSE] OSVDB ID : 60260 - Disclosed: 2002-10-29

Description:

(Description Provided by CVE) : Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 14844 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.

[CLOSE] OSVDB ID : 14845 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.

[CLOSE] OSVDB ID : 14846 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.

[CLOSE] OSVDB ID : 14847 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.

[CLOSE] OSVDB ID : 16018 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.

[CLOSE] OSVDB ID : 59244 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : ** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor.

[CLOSE] OSVDB ID : 8192 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

[CLOSE] OSVDB ID : 59462 - Disclosed: 2002-10-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.

[CLOSE] OSVDB ID : 11954 - Disclosed: 2002-10-27

Description:

(Description Provided by CVE) : Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.

[CLOSE] OSVDB ID : 4284 - Disclosed: 2002-10-27

Description:

phpBB contains a flaw that allows a remote attacker to gain administrative privileges. The issue is due to the admin_ug_auth.php script not validating form field input. If an attacker knows the fields required, they can post values that change an arbitrary account into an administrator account.

[CLOSE] OSVDB ID : 12047 - Disclosed: 2002-10-27

Description:

(Description Provided by CVE) : Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.