CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-0061 Exec Code Overflow 2002-01-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.
2 CVE-2002-2426 352 1 CSRF 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
3 CVE-2002-2425 264 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
4 CVE-2002-2424 79 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
5 CVE-2002-2423 20 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
6 CVE-2002-2422 79 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
7 CVE-2002-2421 20 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
8 CVE-2002-2420 20 Exec Code 2002-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
9 CVE-2002-2419 189 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.
10 CVE-2002-2418 79 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
11 CVE-2002-2417 287 +Priv 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
12 CVE-2002-2416 22 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
13 CVE-2002-2415 20 DoS 2002-12-31 2008-09-05
6.8
None Remote Low Single system None None Complete
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
14 CVE-2002-2414 DoS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None None Partial
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
15 CVE-2002-2413 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
16 CVE-2002-2412 255 2002-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
17 CVE-2002-2411 119 Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
18 CVE-2002-2410 200 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
19 CVE-2002-2409 200 +Info 2002-12-31 2008-09-05
3.5
None Remote Medium Single system Partial None None
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
20 CVE-2002-2408 Bypass 2002-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.
21 CVE-2002-2407 264 +Priv 2002-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
22 CVE-2002-2406 20 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
23 CVE-2002-2405 264 2002-12-31 2008-09-05
4.9
None Remote Medium Single system Partial Partial None
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
24 CVE-2002-2404 119 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
25 CVE-2002-2403 22 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
26 CVE-2002-2402 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
27 CVE-2002-2401 264 Bypass 2002-12-31 2008-09-10
3.6
None Local Low Not required Partial Partial None
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
28 CVE-2002-2400 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
29 CVE-2002-2399 22 Dir. Trav. 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
30 CVE-2002-2398 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.
31 CVE-2002-2397 287 Bypass 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
32 CVE-2002-2396 119 Exec Code Overflow 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.
33 CVE-2002-2395 264 Exec Code Bypass 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.
34 CVE-2002-2394 264 Exec Code Bypass 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
35 CVE-2002-2393 20 DoS 2002-12-31 2010-04-28
5.0
None Remote Low Not required None None Partial
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
36 CVE-2002-2392 Exec Code 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
37 CVE-2002-2391 89 Exec Code Sql 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
38 CVE-2002-2390 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
39 CVE-2002-2389 255 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
40 CVE-2002-2388 119 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.
41 CVE-2002-2387 22 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command.
42 CVE-2002-2386 79 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
43 CVE-2002-2385 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.
44 CVE-2002-2384 255 2002-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
45 CVE-2002-2383 89 Exec Code Sql 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names.
46 CVE-2002-2382 59 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
47 CVE-2002-2381 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.
48 CVE-2002-2380 200 +Info 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
49 CVE-2002-2379 310 DoS 2002-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor.
50 CVE-2002-2378 79 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
Total number of vulnerabilities : 2156   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.