# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
107601 |
CVE-2002-1038 |
|
|
|
2002-10-04 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features. |
107602 |
CVE-2002-1037 |
|
|
XSS |
2002-10-04 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. |
107603 |
CVE-2002-1036 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters. |
107604 |
CVE-2002-1035 |
|
|
DoS |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. |
107605 |
CVE-2002-1034 |
|
|
|
2002-10-04 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument. |
107606 |
CVE-2002-1033 |
|
|
Dir. Trav. |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument. |
107607 |
CVE-2002-1032 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header. |
107608 |
CVE-2002-1031 |
|
|
|
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. |
107609 |
CVE-2002-1029 |
|
|
DoS |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. |
107610 |
CVE-2002-1028 |
|
|
DoS Overflow |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments. |
107611 |
CVE-2002-1027 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. |
107612 |
CVE-2002-1026 |
|
|
DoS Overflow |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. |
107613 |
CVE-2002-1025 |
|
|
|
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. |
107614 |
CVE-2002-1024 |
399 |
|
DoS Overflow |
2002-10-04 |
2018-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144). |
107615 |
CVE-2002-1023 |
|
|
DoS |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. |
107616 |
CVE-2002-1022 |
|
|
+Priv |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. |
107617 |
CVE-2002-1021 |
|
|
|
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. |
107618 |
CVE-2002-1020 |
|
|
|
2002-10-04 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. |
107619 |
CVE-2002-1019 |
|
|
|
2002-10-04 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. |
107620 |
CVE-2002-1018 |
|
|
DoS |
2002-10-04 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times. |
107621 |
CVE-2002-1016 |
|
|
Bypass |
2002-10-04 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. |
107622 |
CVE-2002-1015 |
|
|
|
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. |
107623 |
CVE-2002-1014 |
|
|
Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. |
107624 |
CVE-2002-1013 |
|
|
Overflow +Priv |
2002-10-04 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. |
107625 |
CVE-2002-1012 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. |
107626 |
CVE-2002-1011 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. |
107627 |
CVE-2002-1010 |
|
|
Bypass |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. |
107628 |
CVE-2002-1009 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. |
107629 |
CVE-2002-1008 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. |
107630 |
CVE-2002-1007 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. |
107631 |
CVE-2002-1006 |
|
|
XSS |
2002-10-04 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. |
107632 |
CVE-2002-1005 |
|
|
DoS |
2002-10-04 |
2013-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop. |
107633 |
CVE-2002-1004 |
|
|
Dir. Trav. |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. |
107634 |
CVE-2002-1003 |
|
|
Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
107635 |
CVE-2002-1002 |
|
|
DoS Overflow |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. |
107636 |
CVE-2002-1001 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. |
107637 |
CVE-2002-1000 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. |
107638 |
CVE-2002-0999 |
89 |
|
Sql |
2002-10-04 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. |
107639 |
CVE-2002-0998 |
|
|
Dir. Trav. |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. |
107640 |
CVE-2002-0997 |
|
|
DoS Overflow |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. |
107641 |
CVE-2002-0996 |
|
|
DoS Exec Code Overflow |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. |
107642 |
CVE-2002-0995 |
|
|
+Priv |
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. |
107643 |
CVE-2002-0994 |
|
|
|
2002-10-04 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications. |
107644 |
CVE-2002-0993 |
|
|
|
2002-10-04 |
2017-07-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. |
107645 |
CVE-2002-0991 |
|
|
Overflow +Priv |
2002-10-04 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters. |
107646 |
CVE-2002-0990 |
|
|
DoS |
2002-10-28 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. |
107647 |
CVE-2002-0989 |
|
|
|
2002-09-24 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. |
107648 |
CVE-2002-0988 |
|
|
Overflow |
2002-09-24 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. |
107649 |
CVE-2002-0987 |
|
|
+Priv |
2002-09-24 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. |
107650 |
CVE-2002-0986 |
|
|
|
2002-09-24 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." |