Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-1951 | Remote Arbitrary Command Execution vulnerability in Goahead Software Goahead Webserver 2.1 Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. | 7.5 |
2002-12-31 | CVE-2002-1949 | Cleartext Transmission of Sensitive Information vulnerability in Iomega NAS A300U Firmware The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | 7.5 |
2002-12-31 | CVE-2002-1948 | Buffer Overflow vulnerability in Gringotts 0.5.9 Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors. | 7.2 |
2002-12-31 | CVE-2002-1938 | Remote Command Execution vulnerability in Virgil CGI Scanner 0.9 Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters. | 7.5 |
2002-12-31 | CVE-2002-1936 | Unspecified vulnerability in Utstarcom BAS 1000 3.1.10 UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase". | 7.5 |
2002-12-31 | CVE-2002-1933 | Unspecified vulnerability in Microsoft Windows 2000 Terminal Services The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | 7.2 |
2002-12-31 | CVE-2002-1930 | Buffer Overflow vulnerability in AN HTTPD Malformed SOCKS4 Request Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | 7.5 |
2002-12-31 | CVE-2002-1923 | Unspecified vulnerability in Oracle Mysql The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | 7.5 |
2002-12-31 | CVE-2002-1921 | Unspecified vulnerability in Oracle Mysql The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | 7.5 |
2002-12-31 | CVE-2002-1919 | SQL Injection vulnerability in Virtual Programming Vp-Asp 4.0 SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields. | 7.5 |