Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-05-29 | CVE-2002-0236 | Authentication Bypass vulnerability in Lucent VitalNet Password Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | 7.5 |
2002-05-29 | CVE-2002-0235 | Unspecified vulnerability in Castelle Faxpress 6.3 Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event. | 7.5 |
2002-05-29 | CVE-2002-0193 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0190 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0189 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0188 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0178 | Symbolic Link Attack vulnerability in GNU Sharutils 4.2 uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | 7.2 |
2002-05-29 | CVE-2002-0174 | Symbolic Link vulnerability in SGI Irix nsd nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | 7.2 |
2002-05-29 | CVE-2002-0155 | Remote Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | 7.5 |
2002-05-28 | CVE-2002-1447 | Local Buffer Overflow vulnerability in Cisco VPN Client for Unix Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | 7.2 |