Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-07-23 | CVE-2002-0683 | Remote Command Execution vulnerability in Pacific Software Carello 1.3 Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. | 7.5 |
2002-07-23 | CVE-2002-0681 | Cross-Site Scripting vulnerability in GoAhead WebServer Error Page Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | 7.5 |
2002-07-23 | CVE-2002-0678 | Symbolic Link vulnerability in Multiple Vendor CDE ToolTalk Database Server CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | 7.2 |
2002-07-23 | CVE-2002-0677 | CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. | 7.5 |
2002-07-23 | CVE-2002-0674 | Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | 7.2 |
2002-07-23 | CVE-2002-0670 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. | 7.5 |
2002-07-23 | CVE-2002-0668 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | 7.5 |
2002-07-23 | CVE-2002-0642 | Unspecified vulnerability in Microsoft Msde and SQL Server The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." | 7.2 |
2002-07-23 | CVE-2002-0641 | Buffer Overflow vulnerability in Microsoft Msde and SQL Server Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. | 7.5 |
2002-07-23 | CVE-2002-0624 | Unspecified vulnerability in Microsoft Msde and SQL Server Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | 7.5 |