CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
21801 CVE-2002-2094 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
21802 CVE-2002-2090 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
21803 CVE-2002-2085 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
21804 CVE-2002-2084 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
21805 CVE-2002-2081 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
21806 CVE-2002-2080 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
21807 CVE-2002-2079 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
21808 CVE-2002-2077 +Info 2002-12-31 2019-04-30
5.0
None Remote Low Not required Partial None None
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
21809 CVE-2002-2076 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
21810 CVE-2002-2075 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
21811 CVE-2002-2072 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
21812 CVE-2002-2071 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.
21813 CVE-2002-2070 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
21814 CVE-2002-2069 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
21815 CVE-2002-2068 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
21816 CVE-2002-2067 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
21817 CVE-2002-2066 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
21818 CVE-2002-2065 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
21819 CVE-2002-2058 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
21820 CVE-2002-2057 2002-12-31 2016-10-17
5.0
None Remote Low Not required Partial None None
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
21821 CVE-2002-2053 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
21822 CVE-2002-2052 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
21823 CVE-2002-2037 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
21824 CVE-2002-2033 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
21825 CVE-2002-2032 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
21826 CVE-2002-2031 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
21827 CVE-2002-2025 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.
21828 CVE-2002-2024 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
21829 CVE-2002-2014 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
21830 CVE-2002-2013 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
21831 CVE-2002-2012 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
21832 CVE-2002-2009 2002-12-31 2017-07-10
5.0
None Remote Low Not required Partial None None
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
21833 CVE-2002-2008 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
21834 CVE-2002-2007 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
21835 CVE-2002-2006 +Info 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
21836 CVE-2002-2004 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
21837 CVE-2002-2003 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
21838 CVE-2002-1999 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.
21839 CVE-2002-1994 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
21840 CVE-2002-1992 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
21841 CVE-2002-1990 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.
21842 CVE-2002-1989 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
21843 CVE-2002-1988 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
21844 CVE-2002-1987 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).
21845 CVE-2002-1986 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
21846 CVE-2002-1985 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
21847 CVE-2002-1984 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
21848 CVE-2002-1982 Dir. Trav. 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.
21849 CVE-2002-1981 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
21850 CVE-2002-1969 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.
Total number of vulnerabilities : 23785   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 (This Page)438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.