Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2002-12-18 CVE-2002-1347 Incorrect Calculation of Buffer Size vulnerability in multiple products
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
network
low complexity
cyrusimap apple CWE-131
critical
9.8
2002-10-11 CVE-2002-0969 Classic Buffer Overflow vulnerability in Oracle Mysql
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
local
low complexity
oracle CWE-120
7.8
2002-09-05 CVE-2002-0725 Link Following vulnerability in Microsoft Windows 2000 and Windows NT
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
local
low complexity
microsoft CWE-59
5.5
2002-08-12 CVE-2002-0844 Off-by-one Error vulnerability in Distrotech CVS
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
local
low complexity
distrotech CWE-193
7.8
2002-08-12 CVE-2002-0793 Link Following vulnerability in Blackberry QNX Neutrino Real-Time Operating System 4.25
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
local
low complexity
blackberry CWE-59
5.5
2002-08-12 CVE-2002-0788 Incomplete Cleanup vulnerability in PGP Corporate Desktop, Freeware and Personal Security
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
local
low complexity
pgp CWE-459
5.5
2002-08-12 CVE-2002-0485 Improper Handling of Case Sensitivity vulnerability in Symantec Norton Antivirus
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
network
low complexity
symantec CWE-178
7.5
2002-08-12 CVE-2002-0391 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
network
low complexity
openbsd sun freebsd microsoft CWE-190
critical
9.8
2002-07-26 CVE-2002-0704 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
network
low complexity
linux CWE-212
7.5
2002-07-23 CVE-2002-0671 Download of Code Without Integrity Check vulnerability in Pingtel Xpressa Firmware 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
network
low complexity
pingtel CWE-494
critical
9.8