CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2002-0774 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
602 CVE-2002-0777 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
603 CVE-2002-0796 +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
604 CVE-2002-0797 Overflow +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
605 CVE-2002-0801 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
606 CVE-2002-0901 Exec Code Overflow 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.
607 CVE-2002-0951 +Priv Sql 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
608 CVE-2002-0988 Overflow 2002-09-24 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.
609 CVE-2002-1034 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
610 CVE-2002-1058 +Priv Dir. Trav. 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
611 CVE-2002-1110 +Priv Sql 2002-10-04 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
612 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
613 CVE-2002-1215 Exec Code Overflow 2002-10-28 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
614 CVE-2002-1225 Overflow 2002-10-28 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
615 CVE-2002-1226 Overflow 2002-10-28 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
616 CVE-2002-1235 Exec Code Overflow 2002-11-04 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
617 CVE-2002-1251 Exec Code Overflow 2002-11-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
618 CVE-2002-1257 Exec Code 2002-12-23 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
619 CVE-2002-1272 +Priv 2002-12-11 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
620 CVE-2002-1318 DoS Exec Code Overflow 2002-12-11 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
621 CVE-2002-1337 Exec Code Overflow 2003-03-07 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
622 CVE-2002-1357 119 DoS Exec Code Overflow 2002-12-23 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
623 CVE-2002-1358 20 DoS Exec Code 2002-12-23 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
624 CVE-2002-1359 20 DoS Exec Code Overflow 2002-12-23 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
625 CVE-2002-1360 20 DoS Exec Code 2002-12-23 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
626 CVE-2002-1361 Exec Code Overflow 2002-12-23 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
627 CVE-2002-1367 2002-12-26 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
628 CVE-2002-1369 Exec Code Overflow 2002-12-26 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
629 CVE-2002-1383 Exec Code Overflow 2002-12-26 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
630 CVE-2002-1399 2003-01-17 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
631 CVE-2002-1428 Bypass 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
632 CVE-2002-1440 +Priv 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
633 CVE-2002-1466 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
634 CVE-2002-1468 Exec Code Overflow 2003-04-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
635 CVE-2002-1478 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
636 CVE-2002-1482 +Priv Sql 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
637 CVE-2002-1510 2003-03-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
638 CVE-2002-1519 DoS Exec Code 2003-04-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
639 CVE-2002-1520 2003-04-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
640 CVE-2002-1537 +Priv 2003-03-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
641 CVE-2002-1558 +Priv 2003-03-31 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
642 CVE-2002-1560 +Priv Bypass 2003-03-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.
643 CVE-2002-1572 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
644 CVE-2002-1573 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."
645 CVE-2002-1582 Exec Code 2004-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
646 CVE-2002-1584 +Priv 2002-12-27 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
647 CVE-2002-1621 Exec Code Overflow 2002-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
648 CVE-2002-1629 +Priv 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
649 CVE-2002-1641 Exec Code Overflow 2002-05-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
650 CVE-2002-1645 Exec Code Overflow 2002-11-25 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.