Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0815 | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | 7.5 |
| 2002-08-12 | CVE-2002-0814 | Buffer Overflow vulnerability in VMWare GSX Server 2.0.0Build2050 Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | 7.5 |
| 2002-08-12 | CVE-2002-0813 | Buffer Errors vulnerability in Cisco IOS 11.1/11.2/11.3 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | 7.1 |
| 2002-08-12 | CVE-2002-0811 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | 7.5 |
| 2002-08-12 | CVE-2002-0809 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | 7.5 |
| 2002-08-12 | CVE-2002-0808 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | 7.5 |
| 2002-08-12 | CVE-2002-0807 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | 7.5 |
| 2002-08-12 | CVE-2002-0804 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | 7.5 |
| 2002-08-12 | CVE-2002-0802 | SQL-Injection vulnerability in Postgresql 6.5.0 The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | 7.5 |
| 2002-08-12 | CVE-2002-0799 | Buffer Overflow vulnerability in Youngzsoft Cmailserver 3.30 Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | 7.5 |