Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-1445 | Cross-Site Scripting vulnerability in W3C Cern Httpd 3.0 Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. network w3c | 4.3 |
| 2002-08-12 | CVE-2002-0849 | Information Disclosure vulnerability in iSCSI Insecure Configuration File Permissions Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | 4.6 |
| 2002-08-12 | CVE-2002-0848 | Unspecified vulnerability in Cisco VPN 5000 Concentrator Series Software Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. | 5.0 |
| 2002-08-12 | CVE-2002-0830 | Denial Of Service vulnerability in Multiple Vendor BSD NFS Zero-Length RPC Message Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | 5.0 |
| 2002-08-12 | CVE-2002-0829 | Unspecified vulnerability in Freebsd Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. | 4.6 |
| 2002-08-12 | CVE-2002-0824 | Link Following vulnerability in Freebsd Point-To-Point Protocol Daemon BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | 6.9 |
| 2002-08-12 | CVE-2002-0812 | Information Exposure vulnerability in multiple products Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | 6.4 |
| 2002-08-12 | CVE-2002-0810 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | 5.0 |
| 2002-08-12 | CVE-2002-0805 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | 4.6 |
| 2002-08-12 | CVE-2002-0803 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | 5.0 |