CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0901 Exec Code Overflow 2002-10-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.
2 CVE-2002-0951 +Priv Sql 2002-10-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
3 CVE-2002-1034 2002-10-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
4 CVE-2002-1058 +Priv Dir. Trav. 2002-10-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
5 CVE-2002-1110 +Priv Sql 2002-10-04 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
6 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
7 CVE-2002-1215 Exec Code Overflow 2002-10-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
8 CVE-2002-1225 Overflow 2002-10-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
9 CVE-2002-1226 Overflow 2002-10-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
10 CVE-2002-0370 DoS Exec Code Overflow 2002-10-10 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
11 CVE-2002-0384 Exec Code Overflow 2002-10-04 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
12 CVE-2002-0664 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
13 CVE-2002-0692 DoS Overflow 2002-10-10 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
14 CVE-2002-0693 Exec Code Overflow 2002-10-10 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
15 CVE-2002-0694 Exec Code 2002-10-10 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
16 CVE-2002-0696 2002-10-04 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
17 CVE-2002-0705 2002-10-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.
18 CVE-2002-0706 2002-10-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.
19 CVE-2002-0709 Sql 2002-10-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.
20 CVE-2002-0836 Exec Code 2002-10-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
21 CVE-2002-0837 Exec Code XSS 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.
22 CVE-2002-0843 DoS Exec Code Overflow 2002-10-11 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
23 CVE-2002-0850 Exec Code Overflow 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted.
24 CVE-2002-0862 2002-10-04 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
25 CVE-2002-0865 Exec Code 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
26 CVE-2002-0866 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
27 CVE-2002-0878 Sql Bypass 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field.
28 CVE-2002-0884 Exec Code 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.
29 CVE-2002-0885 Exec Code Overflow 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
30 CVE-2002-0888 Bypass 2002-10-04 2012-05-12
7.5
None Remote Low Not required Partial Partial Partial
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.
31 CVE-2002-0895 DoS Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
32 CVE-2002-0897 Bypass 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
33 CVE-2002-0899 Bypass 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).
34 CVE-2002-0900 DoS Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
35 CVE-2002-0902 XSS Bypass 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
36 CVE-2002-0903 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
37 CVE-2002-0904 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
38 CVE-2002-0906 DoS Exec Code Overflow 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
39 CVE-2002-0907 Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
40 CVE-2002-0909 Exec Code Overflow +Priv 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.
41 CVE-2002-0910 Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.
42 CVE-2002-0913 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response.
43 CVE-2002-0916 Exec Code 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.
44 CVE-2002-0917 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
45 CVE-2002-0919 +Priv 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
46 CVE-2002-0923 +Priv 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.
47 CVE-2002-0924 Exec Code 2002-10-04 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
48 CVE-2002-0925 Exec Code 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
49 CVE-2002-0928 DoS Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message.
50 CVE-2002-0931 XSS 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
Total number of vulnerabilities : 314   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.