Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-07-23 CVE-2002-0641 Buffer Overflow vulnerability in Microsoft Msde and SQL Server
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
network
low complexity
microsoft
7.5
2002-07-23 CVE-2002-0624 Unspecified vulnerability in Microsoft Msde and SQL Server
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
network
low complexity
microsoft
7.5
2002-07-11 CVE-2002-0676 Unspecified vulnerability in Apple mac OS X
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
network
low complexity
apple
7.5
2002-07-11 CVE-2002-0653 Off-by-one Error vulnerability in Modssl MOD SSL
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
local
low complexity
modssl CWE-193
7.8
2002-07-11 CVE-2002-0637 Unspecified vulnerability in Trend Micro Interscan Viruswall 3.52
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
network
low complexity
trend-micro
7.5
2002-07-08 CVE-2002-1448 Unspecified vulnerability in Avaya Cajun M770-Atm, Cajun P130 and Cajun P330
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
network
low complexity
avaya
7.5
2002-07-03 CVE-2002-0652 Unspecified vulnerability in SGI Irix
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
network
low complexity
sgi
7.5
2002-07-03 CVE-2002-0651 Buffer Overflow vulnerability in ISC Bind 9.4.0
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
network
low complexity
isc
7.5
2002-07-03 CVE-2002-0631 Unspecified vulnerability in SGI Irix
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.
local
low complexity
sgi
7.2
2002-07-03 CVE-2002-0623 Buffer Overflow Variation vulnerability in Microsoft Commerce Server ISAPI
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
network
low complexity
microsoft
7.5