Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-10-04 | CVE-2002-1131 | Cross-Site Scripting Vulnerablities in SquirrelMail Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | 7.5 |
| 2002-10-04 | CVE-2002-1129 | Buffer Overflow vulnerability in HP Tru64/OSF1 DXTerm Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument. | 7.2 |
| 2002-10-04 | CVE-2002-1128 | Local Buffer Overflow vulnerability in Digital OSF 1 and Ultrix Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. | 7.2 |
| 2002-10-04 | CVE-2002-1127 | Local Buffer Overflow vulnerability in HP Tru64 UUCP Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter. | 7.2 |
| 2002-10-04 | CVE-2002-1116 | Unspecified vulnerability in Mantis The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | 7.5 |
| 2002-10-04 | CVE-2002-1114 | Remote File Include Command Execution vulnerability in Mantis Configuration config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie. | 7.5 |
| 2002-10-04 | CVE-2002-1113 | Remote File Include Command Execution vulnerability in Mantis JPGraph summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. | 7.5 |
| 2002-10-04 | CVE-2002-1107 | Unspecified vulnerability in Cisco VPN Client Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. | 7.5 |
| 2002-10-04 | CVE-2002-1106 | Unspecified vulnerability in Cisco VPN Client Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. | 7.5 |
| 2002-10-04 | CVE-2002-1098 | Unspecified vulnerability in Cisco products Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. | 7.5 |