CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15701 CVE-2002-1307 XSS 2002-11-29 2017-10-09
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
15702 CVE-2002-1290 2002-11-29 2016-10-17
6.4
None Remote Low Not required Partial Partial None
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.
15703 CVE-2002-1188 +Info 2002-12-11 2018-10-12
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
15704 CVE-2002-1187 XSS 2002-12-11 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
15705 CVE-2002-1181 XSS 2002-11-12 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
15706 CVE-2002-1168 XSS 2002-11-04 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
15707 CVE-2002-1167 XSS 2002-11-04 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
15708 CVE-2002-1159 DoS +Info 2002-12-18 2018-05-02
6.4
None Remote Low Not required Partial None Partial
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
15709 CVE-2002-1084 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
15710 CVE-2002-1054 Dir. Trav. 2002-10-04 2016-09-16
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.
15711 CVE-2002-1053 XSS 2002-10-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
15712 CVE-2002-1006 XSS 2002-10-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.
15713 CVE-2002-0976 2002-09-24 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
15714 CVE-2002-0943 +Info 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
15715 CVE-2002-0934 Dir. Trav. 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.
15716 CVE-2002-0932 Sql 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
15717 CVE-2002-0882 DoS 2002-10-04 2018-10-30
6.4
None Remote Low Not required Partial None Partial
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
15718 CVE-2002-0840 XSS 2002-10-11 2017-10-09
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15719 CVE-2002-0812 +Info 2002-08-12 2005-10-20
6.4
None Remote Low Not required Partial Partial None
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
15720 CVE-2002-0772 Dir. Trav. 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
15721 CVE-2002-0771 XSS 2002-08-12 2016-11-18
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
15722 CVE-2002-0769 Bypass 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.
15723 CVE-2002-0737 DoS 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
15724 CVE-2002-0710 Dir. Trav. 2002-08-12 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
15725 CVE-2002-0658 +Priv 2002-08-12 2013-09-04
6.2
Admin Local High Not required Complete Complete Complete
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15726 CVE-2002-0638 +Priv 2002-08-12 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
15727 CVE-2002-0529 +Priv 2002-08-12 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
15728 CVE-2002-0464 Dir. Trav. 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
15729 CVE-2002-0462 DoS 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial None Partial
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
15730 CVE-2002-0293 +Priv 2002-05-31 2017-07-10
6.2
Admin Local High Not required Complete Complete Complete
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
15731 CVE-2002-0211 Exec Code 2002-05-16 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
15732 CVE-2002-0196 2002-05-16 2008-09-10
6.4
None Remote Low Not required Partial Partial None
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
15733 CVE-2002-0162 Exec Code 2002-03-27 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
15734 CVE-2002-0109 DoS 2002-03-25 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.
15735 CVE-2002-0049 2002-03-08 2018-10-12
6.4
None Remote Low Not required Partial Partial None
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
15736 CVE-2001-1585 287 Bypass 2001-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
15737 CVE-2001-1569 2001-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
15738 CVE-2001-1568 2001-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
15739 CVE-2001-1512 2001-12-31 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
15740 CVE-2001-1441 XSS 2001-07-02 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
15741 CVE-2001-1390 2001-04-17 2016-12-07
6.2
Admin Local High Not required Complete Complete Complete
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
15742 CVE-2001-1383 2001-09-26 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
15743 CVE-2001-1247 264 2001-12-06 2012-06-25
6.4
None Remote Low Not required Partial Partial None
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
15744 CVE-2001-1213 2001-12-18 2008-09-10
6.4
None Remote Low Not required Partial Partial None
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
15745 CVE-2001-1210 2001-12-30 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
15746 CVE-2001-1185 +Priv 2001-12-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
15747 CVE-2001-1177 2001-07-17 2017-10-09
6.2
Admin Local High Not required Complete Complete Complete
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
15748 CVE-2001-1145 2001-08-17 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
15749 CVE-2001-1120 2001-07-11 2017-12-18
6.4
None Remote Low Not required Partial Partial None
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
15750 CVE-2001-1119 2001-08-03 2017-10-09
6.2
Admin Local High Not required Complete Complete Complete
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.