Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-04-22 | CVE-2002-0075 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | 7.5 |
2002-04-22 | CVE-2002-0074 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | 7.5 |
2002-04-22 | CVE-2002-0071 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | 7.5 |
2002-04-22 | CVE-2002-0066 | Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. | 7.5 |
2002-04-22 | CVE-2002-0065 | Weak Password Storage vulnerability in Funk Software Proxy Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. | 7.2 |
2002-04-22 | CVE-2002-0064 | Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. | 7.2 |
2002-04-22 | CVE-2002-0037 | Security Bypass vulnerability in IBM Lotus Domino Server 4.5/4.6/5 Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object. | 7.5 |
2002-04-08 | CVE-2002-1591 | Security Bypass vulnerability in AOL Instant Messenger 4.7.2480 AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions. | 7.5 |
2002-04-04 | CVE-2002-0151 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | 7.2 |
2002-04-04 | CVE-2002-0051 | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |