CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1645 Exec Code Overflow 2002-11-25 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.
2 CVE-2002-1644 +Priv 2002-11-25 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
3 CVE-2002-1588 DoS 2002-11-29 2008-09-10
5.0
None Remote Low Not required None None Partial
Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.
4 CVE-2002-1585 DoS 2002-11-08 2008-09-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
5 CVE-2002-1316 Exec Code XSS 2002-11-29 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).
6 CVE-2002-1315 XSS 2002-11-29 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
7 CVE-2002-1313 DoS 2002-11-29 2008-09-10
2.1
None Local Low Not required None None Partial
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
8 CVE-2002-1312 DoS Overflow 2002-11-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password.
9 CVE-2002-1311 2002-11-29 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
10 CVE-2002-1310 Overflow 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
11 CVE-2002-1309 Overflow 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
12 CVE-2002-1308 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
13 CVE-2002-1307 XSS 2002-11-29 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
14 CVE-2002-1306 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
15 CVE-2002-1295 DoS Bypass 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
16 CVE-2002-1294 DoS 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
17 CVE-2002-1293 Bypass 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
18 CVE-2002-1292 DoS Bypass 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
19 CVE-2002-1291 2002-11-29 2008-09-10
5.0
None Remote Low Not required Partial None None
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.
20 CVE-2002-1290 2002-11-29 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.
21 CVE-2002-1289 DoS Exec Code 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
22 CVE-2002-1288 2002-11-29 2008-09-05
5.0
None Remote Low Not required Partial None None
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.
23 CVE-2002-1287 DoS Overflow 2002-11-29 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
24 CVE-2002-1286 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user.
25 CVE-2002-1285 +Priv 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
26 CVE-2002-1284 2002-11-29 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.
27 CVE-2002-1283 DoS Overflow 2002-11-29 2008-10-03
5.0
None Remote Low Not required None None Partial
Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.
28 CVE-2002-1282 Exec Code 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
29 CVE-2002-1281 Exec Code 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
30 CVE-2002-1279 Overflow +Priv 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
31 CVE-2002-1278 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
32 CVE-2002-1277 Exec Code Overflow 2002-11-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
33 CVE-2002-1276 XSS 2002-11-29 2008-09-05
4.3
None Remote Medium Not required Partial None None
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
34 CVE-2002-1275 Exec Code 2002-11-12 2012-10-11
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input."
35 CVE-2002-1271 Exec Code 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.
36 CVE-2002-1265 DoS 2002-11-12 2008-09-05
5.0
None Remote Low Not required None None Partial
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
37 CVE-2002-1264 Exec Code Overflow 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
38 CVE-2002-1253 Exec Code +Priv 2002-11-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
39 CVE-2002-1251 Exec Code Overflow 2002-11-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
40 CVE-2002-1250 Overflow +Priv 2002-11-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
41 CVE-2002-1248 DoS 2002-11-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
42 CVE-2002-1247 Overflow 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
43 CVE-2002-1245 +Priv 2002-11-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
44 CVE-2002-1244 DoS Exec Code 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.
45 CVE-2002-1242 +Priv Sql 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
46 CVE-2002-1239 +Priv 2002-11-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
47 CVE-2002-1238 Bypass 2002-11-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
48 CVE-2002-1236 DoS 2002-11-12 2008-09-10
5.0
None Remote Low Not required None None Partial
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
49 CVE-2002-1235 Exec Code Overflow 2002-11-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
50 CVE-2002-1233 2002-11-04 2008-09-10
2.6
None Local High Not required Partial Partial None
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Total number of vulnerabilities : 74   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.