Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-11-12 | CVE-2002-1238 | Unspecified vulnerability in Peter Sandvik Simple web Server Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | 7.5 |
| 2002-11-12 | CVE-2002-1211 | Remote File Include vulnerability in Jason Orcutt Prometheus 3.0Beta/4.0Beta/6.0 Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. | 7.5 |
| 2002-11-12 | CVE-2002-1180 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | 7.5 |
| 2002-11-12 | CVE-2002-0869 | Unspecified vulnerability in Microsoft products Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | 7.5 |
| 2002-11-04 | CVE-2002-1157 | Cross-Site Scripting vulnerability in Mod_SSL Wildcard DNS Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | 7.5 |
| 2002-10-29 | CVE-2002-1590 | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | 7.2 |
| 2002-10-28 | CVE-2002-1229 | Unspecified vulnerability in Avaya products Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | 7.5 |
| 2002-10-28 | CVE-2002-1227 | Authentication Bypass vulnerability in PAM 0.76 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | 7.5 |
| 2002-10-28 | CVE-2002-1223 | Denial-Of-Service vulnerability in KDE 1.1/3.0.3A Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | 7.5 |
| 2002-10-28 | CVE-2002-1222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Catos Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | 7.1 |