Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-03-25 CVE-2002-0108 Unspecified vulnerability in Allaire Forums
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
network
low complexity
allaire
7.5
2002-03-25 CVE-2002-0105 Unspecified vulnerability in Caldera Unixware 7.1.0
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
local
low complexity
caldera
7.2
2002-03-25 CVE-2002-0100 Unspecified vulnerability in AOL Server 3.4.2
AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.
network
low complexity
aol
7.5
2002-03-25 CVE-2002-0098 Unspecified vulnerability in Boozt Standard 0.9.8
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
network
low complexity
boozt
7.5
2002-03-25 CVE-2002-0097 Unspecified vulnerability in Geeklog 1.3
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
network
low complexity
geeklog
7.5
2002-03-25 CVE-2002-0096 Unspecified vulnerability in Geeklog 1.3
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
local
low complexity
geeklog
7.2
2002-03-25 CVE-2002-0095 Unspecified vulnerability in Fraunhofer FIT Bscw 3.4/4.0/4.0.6
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
network
low complexity
fraunhofer-fit
7.5
2002-03-25 CVE-2002-0094 Remote Command Execution vulnerability in Fraunhofer FIT Bscw 3.4/4.0
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
network
low complexity
fraunhofer-fit
7.5
2002-03-19 CVE-2002-0076 Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
network
low complexity
hp microsoft sun
7.5
2002-03-15 CVE-2002-0091 Remote Command Execution vulnerability in CIDER Shadow Analyzer
Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.
network
low complexity
nswc
7.5