| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2002-1619 |
|
|
DoS Overflow |
2002-03-08 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump). |
|
2 |
CVE-2002-0164 |
|
|
DoS +Priv |
2002-03-15 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. |
|
3 |
CVE-2002-0163 |
|
|
DoS Exec Code Overflow |
2002-03-26 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. |
|
4 |
CVE-2002-0162 |
|
|
Exec Code |
2002-03-27 |
2016-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. |
|
5 |
CVE-2002-0145 |
|
|
|
2002-03-25 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. |
|
6 |
CVE-2002-0144 |
|
|
Dir. Trav. |
2002-03-25 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. |
|
7 |
CVE-2002-0143 |
|
|
Exec Code Overflow |
2002-03-25 |
2008-09-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable. |
|
8 |
CVE-2002-0142 |
|
|
DoS |
2002-03-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. |
|
9 |
CVE-2002-0141 |
|
|
|
2002-03-25 |
2008-11-04 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. |
|
10 |
CVE-2002-0140 |
|
|
DoS Exec Code |
2002-03-25 |
2008-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions. |
|
11 |
CVE-2002-0139 |
|
|
|
2002-03-25 |
2008-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. |
|
12 |
CVE-2002-0138 |
|
|
|
2002-03-25 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. |
|
13 |
CVE-2002-0137 |
|
|
|
2002-03-25 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. |
|
14 |
CVE-2002-0136 |
|
|
DoS |
2002-03-25 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. |
|
15 |
CVE-2002-0135 |
|
|
DoS |
2002-03-25 |
2008-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). |
|
16 |
CVE-2002-0134 |
|
|
Exec Code |
2002-03-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. |
|
17 |
CVE-2002-0133 |
|
|
DoS Exec Code Overflow |
2002-03-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy. |
|
18 |
CVE-2002-0132 |
|
|
Exec Code Overflow |
2002-03-25 |
2008-09-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable. |
|
19 |
CVE-2002-0131 |
|
|
|
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. |
|
20 |
CVE-2002-0130 |
|
|
Exec Code Overflow |
2002-03-25 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument. |
|
21 |
CVE-2002-0129 |
|
|
|
2002-03-25 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. |
|
22 |
CVE-2002-0128 |
|
|
DoS Exec Code |
2002-03-25 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument. |
|
23 |
CVE-2002-0127 |
|
|
DoS |
2002-03-25 |
2008-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. |
|
24 |
CVE-2002-0126 |
|
|
Exec Code Overflow |
2002-03-25 |
2008-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD. |
|
25 |
CVE-2002-0125 |
|
|
Exec Code Overflow |
2002-03-25 |
2008-09-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. |
|
26 |
CVE-2002-0124 |
|
|
Dir. Trav. |
2002-03-25 |
2008-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. |
|
27 |
CVE-2002-0123 |
|
|
DoS Exec Code |
2002-03-25 |
2008-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
|
28 |
CVE-2002-0122 |
|
|
DoS |
2002-03-25 |
2008-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters. |
|
29 |
CVE-2002-0121 |
|
|
|
2002-03-25 |
2008-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. |
|
30 |
CVE-2002-0120 |
|
|
+Info |
2002-03-25 |
2008-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. |
|
31 |
CVE-2002-0119 |
|
|
DoS |
2002-03-25 |
2017-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection. |
|
32 |
CVE-2002-0118 |
|
|
Exec Code XSS |
2002-03-25 |
2008-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. |
|
33 |
CVE-2002-0117 |
|
|
Exec Code XSS |
2002-03-25 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. |
|
34 |
CVE-2002-0116 |
|
|
DoS |
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. |
|
35 |
CVE-2002-0115 |
|
|
DoS |
2002-03-25 |
2008-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. |
|
36 |
CVE-2002-0114 |
|
|
+Priv |
2002-03-25 |
2012-03-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform. |
|
37 |
CVE-2002-0113 |
|
|
+Priv |
2002-03-25 |
2012-03-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform. |
|
38 |
CVE-2002-0112 |
|
|
|
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL. |
|
39 |
CVE-2002-0111 |
|
|
Exec Code Dir. Trav. |
2002-03-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. |
|
40 |
CVE-2002-0110 |
|
|
+Priv |
2002-03-25 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file. |
|
41 |
CVE-2002-0109 |
|
|
DoS |
2002-03-25 |
2016-10-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. |
|
42 |
CVE-2002-0108 |
|
|
|
2002-03-25 |
2008-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. |
|
43 |
CVE-2002-0107 |
|
|
+Info |
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. |
|
44 |
CVE-2002-0106 |
|
|
DoS |
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. |
|
45 |
CVE-2002-0105 |
|
|
+Priv |
2002-03-25 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable. |
|
46 |
CVE-2002-0104 |
|
|
|
2002-03-25 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump. |
|
47 |
CVE-2002-0103 |
|
|
+Priv |
2002-03-25 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. |
|
48 |
CVE-2002-0102 |
|
|
DoS |
2002-03-25 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. |
|
49 |
CVE-2002-0101 |
|
|
DoS |
2002-03-25 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. |
|
50 |
CVE-2002-0100 |
|
|
Bypass |
2002-03-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file. |
