CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15251 CVE-2002-0690 Exec Code 2003-04-11 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
15252 CVE-2002-0679 Exec Code Overflow 2002-09-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
15253 CVE-2002-0667 2002-07-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
15254 CVE-2002-0665 Bypass 2002-07-11 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
15255 CVE-2002-0640 Exec Code Overflow 2002-07-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
15256 CVE-2002-0639 Exec Code Overflow 2002-07-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
15257 CVE-2002-0626 2003-01-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
15258 CVE-2002-0613 +Priv Bypass 2002-06-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
15259 CVE-2002-0599 Bypass 2002-06-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
15260 CVE-2002-0539 +Priv Sql 2002-07-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
15261 CVE-2002-0537 +Priv 2002-07-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
15262 CVE-2002-0528 Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
15263 CVE-2002-0525 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
15264 CVE-2002-0516 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
15265 CVE-2002-0513 +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15266 CVE-2002-0508 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
15267 CVE-2002-0495 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
15268 CVE-2002-0491 +Priv Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
15269 CVE-2002-0490 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
15270 CVE-2002-0489 Exec Code 2002-08-12 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
15271 CVE-2002-0488 Exec Code 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
15272 CVE-2002-0480 2002-08-12 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
15273 CVE-2002-0473 Exec Code 2002-08-12 2016-09-16
10.0
Admin Remote Low Not required Complete Complete Complete
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
15274 CVE-2002-0471 Exec Code 2002-08-12 2008-09-24
10.0
Admin Remote Low Not required Complete Complete Complete
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
15275 CVE-2002-0467 Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
15276 CVE-2002-0465 Exec Code Dir. Trav. 2002-08-12 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
15277 CVE-2002-0450 Exec Code Overflow 2002-07-26 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
15278 CVE-2002-0449 Exec Code Overflow 2002-07-26 2017-07-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe.
15279 CVE-2002-0437 Exec Code 2002-07-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
15280 CVE-2002-0436 Exec Code 2002-07-26 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
15281 CVE-2002-0434 Exec Code 2002-07-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
15282 CVE-2002-0432 DoS Exec Code Overflow 2002-07-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
15283 CVE-2002-0427 Overflow +Priv 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
15284 CVE-2002-0423 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
15285 CVE-2002-0416 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
15286 CVE-2002-0405 DoS Exec Code Overflow 2002-07-26 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
15287 CVE-2002-0398 DoS Exec Code 2002-07-26 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.
15288 CVE-2002-0395 2002-07-26 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
15289 CVE-2002-0394 2002-07-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.
15290 CVE-2002-0393 DoS Exec Code Overflow 2002-07-26 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.
15291 CVE-2002-0391 Exec Code Overflow Bypass 2002-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
15292 CVE-2002-0369 DoS Exec Code Overflow 2002-07-26 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
15293 CVE-2002-0359 +Priv 2002-07-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.
15294 CVE-2002-0335 DoS Exec Code Overflow 2002-06-25 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.
15295 CVE-2002-0311 +Priv 2002-05-31 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.
15296 CVE-2002-0308 +Priv Sql Bypass 2002-05-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
15297 CVE-2002-0287 +Priv Sql Bypass 2002-05-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
15298 CVE-2002-0272 Exec Code Overflow 2002-05-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.
15299 CVE-2002-0267 +Priv 2002-05-29 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
15300 CVE-2002-0255 DoS 2002-05-29 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.