CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14801 CVE-2002-2368 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
14802 CVE-2002-2365 20 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
14803 CVE-2002-2360 264 Exec Code 2002-12-31 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
14804 CVE-2002-2290 255 +Priv 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
14805 CVE-2002-2281 Exec Code 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.
14806 CVE-2002-2279 287 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
14807 CVE-2002-2269 22 Dir. Trav. 2002-12-31 2017-07-28
9.4
None Remote Low Not required Complete Complete None
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
14808 CVE-2002-2268 119 Exec Code Overflow 2002-12-31 2017-07-28
9.4
None Remote Low Not required Complete Complete None
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
14809 CVE-2002-2264 DoS 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.
14810 CVE-2002-2257 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.
14811 CVE-2002-2253 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.
14812 CVE-2002-2251 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the changevalue function in libcgi.h for Marcos Luiz Onisto Lib CGI 0.1 allows remote attackers to execute arbitrary code via a long argument.
14813 CVE-2002-2250 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allow remote attackers to execute arbitrary code via (1) a long parameter to the xp_freedll extended stored procedure or (2) a long database name argument to the DBCC CHECKVERIFY function.
14814 CVE-2002-2248 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
14815 CVE-2002-2236 20 Exec Code 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
14816 CVE-2002-2227 119 DoS Overflow Mem. Corr. 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
14817 CVE-2002-2218 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value.
14818 CVE-2002-2209 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.
14819 CVE-2002-2207 Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.
14820 CVE-2002-2201 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
14821 CVE-2002-2198 Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
14822 CVE-2002-2176 Sql 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
14823 CVE-2002-2159 2002-12-31 2017-07-11
10.0
Admin Remote Low Not required Complete Complete Complete
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access.
14824 CVE-2002-2152 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
14825 CVE-2002-2133 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
14826 CVE-2002-2088 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.
14827 CVE-2002-2047 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file.
14828 CVE-2002-2017 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
14829 CVE-2002-1993 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
14830 CVE-2002-1974 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
14831 CVE-2002-1971 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument.
14832 CVE-2002-1959 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
14833 CVE-2002-1918 Overflow 2002-12-31 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
14834 CVE-2002-1874 20 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
14835 CVE-2002-1868 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
14836 CVE-2002-1854 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.
14837 CVE-2002-1840 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
14838 CVE-2002-1794 Exec Code 2002-12-31 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.
14839 CVE-2002-1792 Exec Code Overflow 2002-12-31 2017-07-11
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
14840 CVE-2002-1734 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true".
14841 CVE-2002-1699 Sql Bypass 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field.
14842 CVE-2002-1691 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
14843 CVE-2002-1690 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
14844 CVE-2002-1689 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
14845 CVE-2002-1686 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
14846 CVE-2002-1659 +Priv 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
14847 CVE-2002-1645 Exec Code Overflow 2002-11-25 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.
14848 CVE-2002-1641 Exec Code Overflow 2002-05-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
14849 CVE-2002-1629 +Priv 2002-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
14850 CVE-2002-1621 Exec Code Overflow 2002-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.