Vulnerabilities > Configuration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-2335 | Configuration vulnerability in John Drake Killer Protection 1.0 Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php. | 5.0 |
2002-12-31 | CVE-2002-2331 | Configuration vulnerability in Cascadesoft W3Mail W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | 5.8 |
2002-12-31 | CVE-2002-2285 | Configuration vulnerability in Broadcom Inoculateit 6.0 eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection. | 4.3 |
2002-12-31 | CVE-2002-2280 | Configuration vulnerability in Openbsd syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. | 2.1 |
2002-12-31 | CVE-2002-2263 | Configuration vulnerability in HP Visualize Conference FTP B.11.00.11 The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files. | 6.6 |
2002-12-31 | CVE-2002-2247 | Configuration vulnerability in Mambo Site Server 4.0.11 The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | 5.0 |
2002-12-31 | CVE-2002-2234 | Configuration vulnerability in Netscreen Screenos NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. | 4.3 |
1999-01-01 | CVE-1999-0656 | Configuration vulnerability in Linux Kernel The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | 5.0 |