Vulnerabilities (CVE)

Filtered by CWE-264
Total 5231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2360 1 Webmin 1 Webmin 2024-11-20 9.3 HIGH N/A
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
CVE-2002-2356 1 Hamweather 1 Hamweather 2024-11-20 6.4 MEDIUM N/A
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
CVE-2002-2353 1 Tftpd32 1 Tftpd32 2024-11-20 6.4 MEDIUM N/A
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
CVE-2002-2344 1 Ensim 1 Webppliance 2024-11-20 5.0 MEDIUM N/A
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.
CVE-2002-2334 1 Joseph Allen 1 Joe 2024-11-20 3.6 LOW N/A
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.
CVE-2002-2327 1 Sun 2 Sun Fire, Sunos 2024-11-20 4.9 MEDIUM N/A
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2024-11-20 7.2 HIGH N/A
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVE-2002-2320 1 Mysimplenews 1 Mysimplenews 2024-11-20 7.8 HIGH N/A
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3.
CVE-2002-2311 2 Microsoft, Opera Software 2 Internet Explorer, Opera Web Browser 2024-11-20 6.4 MEDIUM N/A
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVE-2002-2302 1 3d3.com 1 Shopfactory 2024-11-20 6.4 MEDIUM N/A
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
CVE-2002-2283 1 Microsoft 1 Windows Xp 2024-11-20 1.9 LOW N/A
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
CVE-2002-2270 1 Hp 1 Hp-ux 2024-11-20 3.6 LOW N/A
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
CVE-2002-2265 2 Hp, Open Source Internet Solutions 2 Tru64, Open Source Internet Solutions 2024-11-20 6.4 MEDIUM N/A
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
CVE-2002-2261 1 Sendmail 1 Sendmail 2024-11-20 7.5 HIGH N/A
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
CVE-2002-2254 1 Linux 1 Linux Kernel 2024-11-20 2.1 LOW N/A
The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted.
CVE-2002-2242 1 Kismac 1 Kismac 2024-11-20 6.4 MEDIUM N/A
The Apple Package Manager in KisMAC 0.02a and earlier modifies file permissions of sensitive files after installation, which could allow attackers to conduct unauthorized activities on those files.
CVE-2002-1978 1 Darren Reed 1 Ipfilter 2024-11-20 7.5 HIGH N/A
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2002-1877 1 Netgear 1 Fm114p 2024-11-20 7.5 HIGH N/A
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
CVE-2002-1590 1 Sun 2 Solaris, Sunos 2024-11-20 7.2 HIGH N/A
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
CVE-2002-1111 1 Mantis 1 Mantis 2024-11-20 5.0 MEDIUM N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.