Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-04-02 | CVE-2002-1514 | Unspecified vulnerability in Borland Software Interbase gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. | 7.2 |
2003-04-02 | CVE-2002-1506 | Local Environment Variable Buffer Overflow vulnerability in Linuxconf Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. | 7.2 |
2003-04-02 | CVE-2002-1505 | SQL Injection vulnerability in Woltlab Burning Board 2.0Beta3/2.0Beta4/2.0Beta5 SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. | 7.5 |
2003-04-02 | CVE-2002-1503 | Local Buffer Overflow vulnerability in Multiple AFD Working Directory Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. | 7.2 |
2003-04-02 | CVE-2002-1500 | Buffer Overflow vulnerability in NetBSD IPv4 Multicast Tools Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | 7.2 |
2003-04-02 | CVE-2002-1499 | SQL Injection vulnerability in Factosystem Weblog 0.9B/1.0Beta/1.1Beta Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | 7.5 |
2003-04-02 | CVE-2002-1496 | Remote Heap Overflow vulnerability in Null HTTPd Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. | 7.5 |
2003-04-02 | CVE-2002-1492 | Buffer Overrun vulnerability in Cisco VPN 5000 Client 5.2.6/5.2.7 Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. | 7.2 |
2003-04-02 | CVE-2002-1489 | Buffer Overflow vulnerability in Planetdns Planetweb Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | 7.5 |
2003-04-02 | CVE-2002-1486 | Buffer Overflow vulnerability in Cerulean Studios Trillian 0.725/0.73/0.74 Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server. | 7.5 |