Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-07-23 | CVE-2002-0686 | Buffer Overflow vulnerability in Iplanet web Server 4.1/6.0 Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter. | 7.5 |
2002-07-23 | CVE-2002-0685 | Unspecified vulnerability in PGP Desktop Security, Freeware and Personal Security Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message. | 7.5 |
2002-07-23 | CVE-2002-0683 | Remote Command Execution vulnerability in Pacific Software Carello 1.3 Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. | 7.5 |
2002-07-23 | CVE-2002-0681 | Cross-Site Scripting vulnerability in GoAhead WebServer Error Page Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | 7.5 |
2002-07-23 | CVE-2002-0678 | Symbolic Link vulnerability in Multiple Vendor CDE ToolTalk Database Server CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | 7.2 |
2002-07-23 | CVE-2002-0677 | CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. | 7.5 |
2002-07-23 | CVE-2002-0674 | Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | 7.2 |
2002-07-23 | CVE-2002-0670 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. | 7.5 |
2002-07-23 | CVE-2002-0668 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | 7.5 |
2002-07-23 | CVE-2002-0642 | Unspecified vulnerability in Microsoft Msde and SQL Server The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." | 7.2 |