Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1706 Improper Verification of Cryptographic Signature vulnerability in Cisco IOS
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
network
low complexity
cisco CWE-347
7.5
2002-12-31 CVE-2002-1697 Inadequate Encryption Strength vulnerability in Vtun Project Vtun 2.0/2.5
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
network
low complexity
vtun-project CWE-326
7.5
2002-12-31 CVE-2002-1657 Use of Password Hash With Insufficient Computational Effort vulnerability in Postgresql 7.3.19
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
network
low complexity
postgresql CWE-916
7.5
2002-12-26 CVE-2002-1372 Unchecked Return Value vulnerability in multiple products
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
network
low complexity
apple debian CWE-252
7.5
2002-10-11 CVE-2002-0969 Classic Buffer Overflow vulnerability in Oracle Mysql
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
local
low complexity
oracle CWE-120
7.8
2002-08-12 CVE-2002-0844 Off-by-one Error vulnerability in Distrotech CVS
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
local
low complexity
distrotech CWE-193
7.8
2002-08-12 CVE-2002-0485 Improper Handling of Case Sensitivity vulnerability in Symantec Norton Antivirus
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
network
low complexity
symantec CWE-178
7.5
2002-07-26 CVE-2002-0704 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
network
low complexity
linux CWE-212
7.5
2002-07-11 CVE-2002-0653 Off-by-one Error vulnerability in Modssl MOD SSL
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
local
low complexity
modssl CWE-193
7.8
2002-06-25 CVE-2002-0367 Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
local
low complexity
microsoft
7.8