Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-07-23 CVE-2002-0686 Buffer Overflow vulnerability in Iplanet web Server 4.1/6.0
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.
network
low complexity
iplanet
7.5
2002-07-23 CVE-2002-0685 Unspecified vulnerability in PGP Desktop Security, Freeware and Personal Security
Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.
network
low complexity
pgp
7.5
2002-07-23 CVE-2002-0683 Remote Command Execution vulnerability in Pacific Software Carello 1.3
Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a ..
network
low complexity
pacific-software
7.5
2002-07-23 CVE-2002-0681 Cross-Site Scripting vulnerability in GoAhead WebServer Error Page
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
network
low complexity
goahead-software
7.5
2002-07-23 CVE-2002-0678 Symbolic Link vulnerability in Multiple Vendor CDE ToolTalk Database Server
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
local
low complexity
caldera xi-graphics sgi compaq hp ibm sun
7.2
2002-07-23 CVE-2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
network
low complexity
caldera xi-graphics sgi compaq hp ibm sun
7.5
2002-07-23 CVE-2002-0674 Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
local
low complexity
pingtel
7.2
2002-07-23 CVE-2002-0670 Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
network
low complexity
pingtel
7.5
2002-07-23 CVE-2002-0668 Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
network
low complexity
pingtel
7.5
2002-07-23 CVE-2002-0642 Unspecified vulnerability in Microsoft Msde and SQL Server
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
local
low complexity
microsoft
7.2