CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14501 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
14502 CVE-2002-1110 +Priv Sql 2002-10-04 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
14503 CVE-2002-1058 +Priv Dir. Trav. 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
14504 CVE-2002-1034 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
14505 CVE-2002-0988 Overflow 2002-09-24 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.
14506 CVE-2002-0951 +Priv Sql 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
14507 CVE-2002-0901 Exec Code Overflow 2002-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.
14508 CVE-2002-0801 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
14509 CVE-2002-0797 Overflow +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
14510 CVE-2002-0796 +Priv 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
14511 CVE-2002-0777 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
14512 CVE-2002-0774 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
14513 CVE-2002-0773 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
14514 CVE-2002-0753 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.
14515 CVE-2002-0747 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lsmcode in AIX 4.3.3.
14516 CVE-2002-0746 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
14517 CVE-2002-0745 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in uucp in AIX 4.3.3.
14518 CVE-2002-0744 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
14519 CVE-2002-0743 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
14520 CVE-2002-0742 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in pioout on AIX 4.3.3.
14521 CVE-2002-0736 Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
14522 CVE-2002-0721 2002-09-05 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
14523 CVE-2002-0702 Exec Code 2002-07-26 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
14524 CVE-2002-0697 Bypass 2002-08-12 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
14525 CVE-2002-0690 Exec Code 2003-04-11 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
14526 CVE-2002-0679 Exec Code Overflow 2002-09-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
14527 CVE-2002-0667 2002-07-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
14528 CVE-2002-0665 Bypass 2002-07-11 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
14529 CVE-2002-0640 Exec Code Overflow 2002-07-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
14530 CVE-2002-0639 Exec Code Overflow 2002-07-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
14531 CVE-2002-0626 2003-01-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
14532 CVE-2002-0613 +Priv Bypass 2002-06-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
14533 CVE-2002-0599 Bypass 2002-06-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
14534 CVE-2002-0539 +Priv Sql 2002-07-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
14535 CVE-2002-0537 +Priv 2002-07-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
14536 CVE-2002-0528 Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
14537 CVE-2002-0525 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
14538 CVE-2002-0516 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
14539 CVE-2002-0513 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14540 CVE-2002-0508 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
14541 CVE-2002-0495 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
14542 CVE-2002-0491 +Priv Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
14543 CVE-2002-0490 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
14544 CVE-2002-0489 Exec Code 2002-08-12 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
14545 CVE-2002-0488 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
14546 CVE-2002-0480 2002-08-12 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
14547 CVE-2002-0473 Exec Code 2002-08-12 2016-09-16
10.0
Admin Remote Low Not required Complete Complete Complete
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
14548 CVE-2002-0471 Exec Code 2002-08-12 2008-09-24
10.0
Admin Remote Low Not required Complete Complete Complete
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
14549 CVE-2002-0467 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
14550 CVE-2002-0465 Exec Code Dir. Trav. 2002-08-12 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.