Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-07-03 CVE-2002-0546 Unspecified vulnerability in Nullsoft Winamp 2.78/2.79
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
network
low complexity
nullsoft
7.5
2002-07-03 CVE-2002-0544 Unspecified vulnerability in Aprelium Technologies Abyss web Server 1.0
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.
local
low complexity
aprelium-technologies
7.2
2002-07-03 CVE-2002-0542 Unspecified vulnerability in Openbsd 2.9/3.0
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
local
low complexity
openbsd
7.2
2002-07-03 CVE-2002-0541 Buffer Overflow vulnerability in IBM Tivoli Storage Manager 4.2/4.2.1
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
network
low complexity
ibm
7.5
2002-07-03 CVE-2002-0540 Unspecified vulnerability in Nortel CVX 1800 Multi-Service Access Switch 3.6.3
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
network
low complexity
nortel
7.5
2002-07-03 CVE-2002-0538 Unspecified vulnerability in Symantec products
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
network
low complexity
symantec
7.5
2002-07-03 CVE-2002-0536 Unspecified vulnerability in PHPgroupware 0.9.13
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
network
low complexity
phpgroupware
7.5
2002-07-03 CVE-2002-0378 Remote Print Submission vulnerability in Astart Technologies Lprng 3.7.4/3.8.9
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
network
low complexity
astart-technologies
7.5
2002-07-03 CVE-2002-0373 Privilege Escalation vulnerability in Microsoft Windows Media Player 7.1
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
local
low complexity
microsoft
7.2
2002-07-03 CVE-2002-0372 Path Disclosure vulnerability in Windows Media Player IE Cache
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
network
low complexity
microsoft
7.5