Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2048 | Remote Security vulnerability in Michael Baumer Pfinger 0.7.8 Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. | 7.5 |
| 2002-12-31 | CVE-2002-2046 | Remote Security vulnerability in Xqus X-News 1.1 x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. | 7.5 |
| 2002-12-31 | CVE-2002-2043 | Authentication Patch SQL Command Execution vulnerability in Cyrus SASL LDAP+MySQL SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. | 7.5 |
| 2002-12-31 | CVE-2002-2042 | Unspecified vulnerability in QNX Rtos 4.25/6.1.0 ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes. | 7.2 |
| 2002-12-31 | CVE-2002-2041 | Buffer Overflow vulnerability in QNX Rtos 6.1.0 Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer. | 7.2 |
| 2002-12-31 | CVE-2002-2040 | Unspecified vulnerability in QNX Rtos 4.25/6.1.0 The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program. | 7.2 |
| 2002-12-31 | CVE-2002-2036 | Unspecified vulnerability in SUN RAY Server Software 1.3 Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. | 7.5 |
| 2002-12-31 | CVE-2002-2035 | SQL-Injection vulnerability in Realityscape Mylogin 2000 1.0.0 SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form. | 7.5 |
| 2002-12-31 | CVE-2002-2034 | Unspecified vulnerability in John Hardin Procmail Email Sanitizer 1.131/1.132 The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | 7.5 |
| 2002-12-31 | CVE-2002-2030 | Buffer Overflow vulnerability in Sqldata Enterprise Server 3.0 Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request. | 7.5 |