Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2003-06-30 CVE-2003-0411 Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
network
low complexity
oracle CWE-178
7.5
2003-01-07 CVE-2002-0628 Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
network
low complexity
polycom CWE-307
7.5
2002-12-31 CVE-2002-2323 Improper Preservation of Permissions vulnerability in SUN Solaris PC Netlink 1.0/1.1/1.2
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
network
low complexity
sun CWE-281
7.5
2002-12-31 CVE-2002-2070 Incomplete Cleanup vulnerability in Accessdata Secureclean 3
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
network
low complexity
accessdata CWE-459
7.5
2002-12-31 CVE-2002-2069 Incomplete Cleanup vulnerability in PGP Personal Privacy
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
network
low complexity
pgp CWE-459
7.5
2002-12-31 CVE-2002-2068 Incomplete Cleanup vulnerability in Tolvanen Eraser 5.3
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
network
low complexity
tolvanen CWE-459
7.5
2002-12-31 CVE-2002-2067 Incomplete Cleanup vulnerability in East-Tec Eraser 2002
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
network
low complexity
east-tec CWE-459
7.5
2002-12-31 CVE-2002-2066 Incomplete Cleanup vulnerability in Jetico Bcwipe 1.0.7/2.0/2.35.1
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
network
low complexity
jetico CWE-459
7.5
2002-12-31 CVE-2002-2058 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Teekai Tracking Online 1.0
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
network
low complexity
teekai CWE-327
7.5
2002-12-31 CVE-2002-1949 Cleartext Transmission of Sensitive Information vulnerability in Iomega NAS A300U Firmware
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
network
low complexity
iomega CWE-319
7.5