CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
19751 CVE-2002-2161 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood.
19752 CVE-2002-2158 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.
19753 CVE-2002-2154 22 Dir. Trav. 2002-12-31 2012-10-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
19754 CVE-2002-2150 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.
19755 CVE-2002-2149 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface.
19756 CVE-2002-2148 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response.
19757 CVE-2002-2144 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters.
19758 CVE-2002-2140 DoS Overflow 2002-12-31 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.
19759 CVE-2002-2138 DoS 2002-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139.
19760 CVE-2002-2137 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.
19761 CVE-2002-2134 Exec Code 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file.
19762 CVE-2002-2131 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.
19763 CVE-2002-2124 DoS 2002-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing.
19764 CVE-2002-2121 DoS Overflow 2002-12-31 2016-10-17
5.0
None Remote Low Not required None None Partial
SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow.
19765 CVE-2002-2118 DoS Overflow 2002-12-31 2016-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL.
19766 CVE-2002-2117 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
19767 CVE-2002-2116 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.
19768 CVE-2002-2112 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information.
19769 CVE-2002-2111 DoS 2002-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.
19770 CVE-2002-2110 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device.
19771 CVE-2002-2108 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail.
19772 CVE-2002-2103 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
19773 CVE-2002-2102 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
19774 CVE-2002-2100 Bypass 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
19775 CVE-2002-2097 DoS 2002-12-31 2017-12-18
5.0
None Remote Low Not required None None Partial
The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.
19776 CVE-2002-2095 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow.
19777 CVE-2002-2094 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
19778 CVE-2002-2090 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
19779 CVE-2002-2085 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
19780 CVE-2002-2084 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
19781 CVE-2002-2081 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
19782 CVE-2002-2080 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
19783 CVE-2002-2079 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
19784 CVE-2002-2077 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
19785 CVE-2002-2076 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
19786 CVE-2002-2075 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
19787 CVE-2002-2072 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
19788 CVE-2002-2071 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.
19789 CVE-2002-2070 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
19790 CVE-2002-2069 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
19791 CVE-2002-2068 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
19792 CVE-2002-2067 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
19793 CVE-2002-2066 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
19794 CVE-2002-2065 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
19795 CVE-2002-2058 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
19796 CVE-2002-2057 2002-12-31 2016-10-17
5.0
None Remote Low Not required Partial None None
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
19797 CVE-2002-2053 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
19798 CVE-2002-2052 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
19799 CVE-2002-2037 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
19800 CVE-2002-2033 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
Total number of vulnerabilities : 21761   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 (This Page)397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.