CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
19851 CVE-2002-0496 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
19852 CVE-2002-0492 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
19853 CVE-2002-0485 Bypass 2002-08-12 2016-10-17
5.0
None Remote Low Not required None Partial None
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
19854 CVE-2002-0484 2002-08-12 2016-10-17
5.0
None Remote Low Not required None Partial None
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
19855 CVE-2002-0483 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
19856 CVE-2002-0482 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
19857 CVE-2002-0481 Bypass 2002-08-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
19858 CVE-2002-0478 2002-08-12 2016-10-17
5.0
None Remote Low Not required None Partial None
The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.
19859 CVE-2002-0476 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
19860 CVE-2002-0475 XSS 2002-08-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
19861 CVE-2002-0474 XSS 2002-08-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
19862 CVE-2002-0472 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
19863 CVE-2002-0466 2002-08-12 2017-12-18
5.0
None Remote Low Not required Partial None None
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
19864 CVE-2002-0463 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
19865 CVE-2002-0461 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
19866 CVE-2002-0460 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
19867 CVE-2002-0456 2002-08-12 2016-10-17
5.0
None Remote Low Not required None Partial None
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
19868 CVE-2002-0455 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
19869 CVE-2002-0454 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
19870 CVE-2002-0448 DoS 2002-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
19871 CVE-2002-0447 Dir. Trav. 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
19872 CVE-2002-0446 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.
19873 CVE-2002-0445 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
19874 CVE-2002-0441 Dir. Trav. 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.
19875 CVE-2002-0438 DoS 2002-07-26 2018-08-13
5.0
None Remote Low Not required None None Partial
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
19876 CVE-2002-0433 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
19877 CVE-2002-0431 DoS 2002-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.
19878 CVE-2002-0425 +Info 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
19879 CVE-2002-0421 Bypass 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
19880 CVE-2002-0419 200 +Info 2002-08-12 2018-10-30
5.0
None Remote Low Not required Partial None None
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
19881 CVE-2002-0418 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
19882 CVE-2002-0417 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
19883 CVE-2002-0410 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
19884 CVE-2002-0409 2002-07-26 2016-10-17
5.0
None Remote Low Not required Partial None None
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
19885 CVE-2002-0408 2002-07-26 2016-10-17
5.0
None Remote Low Not required Partial None None
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
19886 CVE-2002-0407 2002-07-26 2016-10-17
5.0
None Remote Low Not required Partial None None
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
19887 CVE-2002-0406 DoS 2002-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
19888 CVE-2002-0404 DoS 2002-06-18 2016-10-17
5.0
None Remote Low Not required None None Partial
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
19889 CVE-2002-0403 DoS 2002-06-18 2016-10-17
5.0
None Remote Low Not required None None Partial
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
19890 CVE-2002-0400 DoS 2002-06-18 2008-09-10
5.0
None Remote Low Not required None None Partial
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
19891 CVE-2002-0399 Dir. Trav. 2002-10-10 2018-10-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
19892 CVE-2002-0397 +Info 2002-07-26 2017-10-09
5.0
None Remote Low Not required Partial None None
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
19893 CVE-2002-0386 DoS 2002-11-04 2008-09-10
5.0
None Remote Low Not required None None Partial
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
19894 CVE-2002-0385 +Info 2004-06-01 2017-07-10
5.0
None Remote Low Not required Partial None None
Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.
19895 CVE-2002-0381 Bypass 2002-06-25 2008-09-05
5.0
None Remote Low Not required Partial None None
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
19896 CVE-2002-0375 XSS 2002-05-29 2017-07-10
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
19897 CVE-2002-0368 DoS 2002-06-18 2018-10-12
5.0
None Remote Low Not required None None Partial
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
19898 CVE-2002-0354 2002-06-25 2016-10-17
5.0
None Remote Low Not required None Partial None
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
19899 CVE-2002-0353 DoS 2002-06-25 2008-09-10
5.0
None Remote Low Not required None None Partial
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.
19900 CVE-2002-0352 2002-06-25 2016-10-17
5.0
None Remote Low Not required None Partial None
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 (This Page)399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.