Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-08-12 | CVE-2002-0781 | Denial Of Service vulnerability in Novell Bordermanager 3.6 RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | 5.0 |
2002-08-12 | CVE-2002-0780 | Denial of Service vulnerability in Novell Bordermanager 3.6 IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. | 5.0 |
2002-08-12 | CVE-2002-0779 | Denial Of Service vulnerability in Novell Bordermanager 3.6 FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. | 5.0 |
2002-08-12 | CVE-2002-0775 | Remote Security vulnerability in Hosting Controller browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. | 5.0 |
2002-08-12 | CVE-2002-0772 | Directory Traversal vulnerability in Hosting Controller DSNManager Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. | 6.4 |
2002-08-12 | CVE-2002-0771 | Cross-Site Scripting vulnerability in ViewCVS Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters. | 6.4 |
2002-08-12 | CVE-2002-0770 | Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | 5.0 |
2002-08-12 | CVE-2002-0769 | Unspecified vulnerability in Cisco Ata-186 The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. | 6.4 |
2002-08-12 | CVE-2002-0759 | Unspecified vulnerability in Bzip Bzip2 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | 5.0 |
2002-08-12 | CVE-2002-0752 | Information Disclosure vulnerability in csMailto CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. | 5.0 |