CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15451 CVE-2003-0009 XSS 2003-03-07 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
15452 CVE-2003-0002 XSS 2003-02-07 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
15453 CVE-2002-2423 20 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
15454 CVE-2002-2415 20 DoS 2002-12-31 2008-09-05
6.8
None Remote Low Single system None None Complete
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
15455 CVE-2002-2407 264 +Priv 2002-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
15456 CVE-2002-2399 22 Dir. Trav. 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
15457 CVE-2002-2392 Exec Code 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
15458 CVE-2002-2380 200 +Info 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
15459 CVE-2002-2366 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
15460 CVE-2002-2356 264 +Info 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
15461 CVE-2002-2353 264 2002-12-31 2009-11-24
6.4
None Remote Low Not required Partial Partial None
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
15462 CVE-2002-2351 22 Exec Code Dir. Trav. Bypass 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
15463 CVE-2002-2311 264 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
15464 CVE-2002-2302 264 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
15465 CVE-2002-2299 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
15466 CVE-2002-2298 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
15467 CVE-2002-2297 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
15468 CVE-2002-2284 Exec Code Bypass 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
15469 CVE-2002-2282 2002-12-31 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
15470 CVE-2002-2265 264 +Priv 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
15471 CVE-2002-2263 16 2002-12-31 2017-07-28
6.6
None Local Low Not required Complete Complete None
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
15472 CVE-2002-2242 264 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
The Apple Package Manager in KisMAC 0.02a and earlier modifies file permissions of sensitive files after installation, which could allow attackers to conduct unauthorized activities on those files.
15473 CVE-2002-2228 20 Bypass 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
15474 CVE-2002-2221 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
15475 CVE-2002-2220 Overflow +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
15476 CVE-2002-2210 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
15477 CVE-2002-2182 Exec Code Overflow 2002-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet.
15478 CVE-2002-2180 +Priv 2002-12-31 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
15479 CVE-2002-2139 2002-12-31 2018-10-30
6.4
None Remote Low Not required Partial Partial None
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
15480 CVE-2002-2125 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
15481 CVE-2002-2045 Exec Code 2002-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
15482 CVE-2002-1947 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
15483 CVE-2002-1883 DoS 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
15484 CVE-2002-1834 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
15485 CVE-2002-1825 Exec Code 2002-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
15486 CVE-2002-1819 Dir. Trav. 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
15487 CVE-2002-1798 264 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
15488 CVE-2002-1729 XSS 2002-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.
15489 CVE-2002-1727 XSS 2002-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL.
15490 CVE-2002-1724 XSS 2002-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
15491 CVE-2002-1709 Sql +Info 2002-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
15492 CVE-2002-1708 XSS 2002-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
15493 CVE-2002-1703 XSS 2002-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter.
15494 CVE-2002-1681 Exec Code XSS 2002-12-31 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
15495 CVE-2002-1675 DoS Exec Code 2002-12-31 2017-07-10
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers.
15496 CVE-2002-1664 +Info 2002-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
15497 CVE-2002-1662 XSS 2002-12-31 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
15498 CVE-2002-1640 XSS 2002-04-01 2018-09-26
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
15499 CVE-2002-1632 +Info 2002-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
15500 CVE-2002-1567 Exec Code XSS 2003-10-06 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.