Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-06-30 | CVE-2003-0411 | Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0 Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | 7.5 |
2003-01-07 | CVE-2002-0628 | Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | 7.5 |
2002-12-31 | CVE-2002-2323 | Improper Preservation of Permissions vulnerability in SUN Solaris PC Netlink 1.0/1.1/1.2 Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | 7.5 |
2002-12-31 | CVE-2002-2070 | Incomplete Cleanup vulnerability in Accessdata Secureclean 3 SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
2002-12-31 | CVE-2002-2069 | Incomplete Cleanup vulnerability in PGP Personal Privacy PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
2002-12-31 | CVE-2002-2068 | Incomplete Cleanup vulnerability in Tolvanen Eraser 5.3 Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
2002-12-31 | CVE-2002-2067 | Incomplete Cleanup vulnerability in East-Tec Eraser 2002 East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
2002-12-31 | CVE-2002-2066 | Incomplete Cleanup vulnerability in Jetico Bcwipe 1.0.7/2.0/2.35.1 BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
2002-12-31 | CVE-2002-2058 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Teekai Tracking Online 1.0 TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | 7.5 |
2002-12-31 | CVE-2002-1949 | Cleartext Transmission of Sensitive Information vulnerability in Iomega NAS A300U Firmware The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | 7.5 |