| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
19801 |
CVE-2002-0853 |
|
|
DoS |
2002-09-05 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. |
|
19802 |
CVE-2002-0852 |
|
|
DoS Overflow |
2002-09-05 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. |
|
19803 |
CVE-2002-0848 |
|
|
|
2002-08-12 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. |
|
19804 |
CVE-2002-0835 |
|
|
DoS |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. |
|
19805 |
CVE-2002-0830 |
|
|
DoS |
2002-08-12 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. |
|
19806 |
CVE-2002-0810 |
|
|
+Info |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. |
|
19807 |
CVE-2002-0803 |
|
|
|
2002-08-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. |
|
19808 |
CVE-2002-0800 |
|
|
|
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. |
|
19809 |
CVE-2002-0794 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. |
|
19810 |
CVE-2002-0792 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. |
|
19811 |
CVE-2002-0791 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. |
|
19812 |
CVE-2002-0786 |
|
|
|
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. |
|
19813 |
CVE-2002-0785 |
|
|
DoS Overflow |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. |
|
19814 |
CVE-2002-0784 |
|
|
Dir. Trav. |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). |
|
19815 |
CVE-2002-0782 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. |
|
19816 |
CVE-2002-0781 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. |
|
19817 |
CVE-2002-0780 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. |
|
19818 |
CVE-2002-0779 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. |
|
19819 |
CVE-2002-0775 |
|
|
|
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. |
|
19820 |
CVE-2002-0770 |
|
|
Exec Code +Info |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." |
|
19821 |
CVE-2002-0759 |
|
|
|
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. |
|
19822 |
CVE-2002-0752 |
|
|
+Info |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. |
|
19823 |
CVE-2002-0750 |
|
|
|
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. |
|
19824 |
CVE-2002-0748 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. |
|
19825 |
CVE-2002-0741 |
|
|
DoS |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC. |
|
19826 |
CVE-2002-0729 |
|
|
DoS |
2002-08-12 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. |
|
19827 |
CVE-2002-0728 |
|
|
DoS Overflow |
2002-08-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. |
|
19828 |
CVE-2002-0715 |
|
|
|
2002-07-26 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. |
|
19829 |
CVE-2002-0711 |
|
|
DoS |
2002-11-12 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. |
|
19830 |
CVE-2002-0708 |
|
|
Dir. Trav. |
2002-10-10 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences. |
|
19831 |
CVE-2002-0707 |
|
|
DoS Overflow |
2002-10-10 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow. |
|
19832 |
CVE-2002-0704 |
|
|
|
2002-07-26 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. |
|
19833 |
CVE-2002-0699 |
|
|
|
2002-10-04 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. |
|
19834 |
CVE-2002-0687 |
|
|
|
2002-07-23 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. |
|
19835 |
CVE-2002-0680 |
|
|
Dir. Trav. |
2002-07-23 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. |
|
19836 |
CVE-2002-0669 |
|
|
DoS |
2003-02-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. |
|
19837 |
CVE-2002-0666 |
|
|
DoS |
2002-11-04 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. |
|
19838 |
CVE-2002-0659 |
|
|
DoS |
2002-08-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. |
|
19839 |
CVE-2002-0654 |
|
|
|
2002-09-05 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. |
|
19840 |
CVE-2002-0650 |
|
|
DoS |
2002-08-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. |
|
19841 |
CVE-2002-0648 |
|
|
|
2002-09-24 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. |
|
19842 |
CVE-2002-0632 |
|
|
|
2002-09-05 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. |
|
19843 |
CVE-2002-0630 |
|
|
DoS |
2003-01-07 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. |
|
19844 |
CVE-2002-0629 |
|
|
DoS |
2003-01-07 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. |
|
19845 |
CVE-2002-0628 |
|
|
|
2003-01-07 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. |
|
19846 |
CVE-2002-0621 |
|
|
Overflow |
2002-07-03 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. |
|
19847 |
CVE-2002-0620 |
|
|
Overflow |
2002-07-03 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. |
|
19848 |
CVE-2002-0617 |
|
|
Exec Code Bypass |
2002-08-12 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." |
|
19849 |
CVE-2002-0616 |
|
|
Exec Code |
2002-08-12 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." |
|
19850 |
CVE-2002-0614 |
|
|
+Info |
2002-06-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. |
