CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1208 +Priv 2002-08-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
2 CVE-2000-1209 +Priv 2002-08-12 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
3 CVE-2002-0391 Exec Code Overflow Bypass 2002-08-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
4 CVE-2002-0411 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
5 CVE-2002-0412 Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
6 CVE-2002-0413 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
7 CVE-2002-0414 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
8 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low ??? Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
9 CVE-2002-0416 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
10 CVE-2002-0417 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
11 CVE-2002-0418 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
12 CVE-2002-0419 200 +Info 2002-08-12 2020-11-23
5.0
None Remote Low Not required Partial None None
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
13 CVE-2002-0420 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
14 CVE-2002-0421 Bypass 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
15 CVE-2002-0422 200 +Info 2002-08-12 2020-11-23
2.6
None Remote High Not required Partial None None
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
16 CVE-2002-0423 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
17 CVE-2002-0424 +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
18 CVE-2002-0425 +Info 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
19 CVE-2002-0426 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
20 CVE-2002-0427 Overflow +Priv 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
21 CVE-2002-0428 Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
22 CVE-2002-0429 2002-08-12 2016-10-18
3.6
None Local Low Not required None Partial Partial
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
23 CVE-2002-0430 Bypass 2002-08-12 2008-09-10
3.7
None Local High Not required Partial Partial Partial
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
24 CVE-2002-0451 Exec Code 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
25 CVE-2002-0452 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
26 CVE-2002-0453 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
27 CVE-2002-0454 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
28 CVE-2002-0455 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
29 CVE-2002-0456 2002-08-12 2016-10-18
5.0
None Remote Low Not required None Partial None
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
30 CVE-2002-0457 Exec Code XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
31 CVE-2002-0458 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
32 CVE-2002-0459 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
33 CVE-2002-0460 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
34 CVE-2002-0461 DoS 2002-08-12 2021-07-23
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
35 CVE-2002-0462 DoS 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial None Partial
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
36 CVE-2002-0463 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
37 CVE-2002-0464 Dir. Trav. 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
38 CVE-2002-0465 Exec Code Dir. Trav. 2002-08-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
39 CVE-2002-0466 2002-08-12 2017-12-19
5.0
None Remote Low Not required Partial None None
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
40 CVE-2002-0467 Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
41 CVE-2002-0468 Overflow +Priv 2002-08-12 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
42 CVE-2002-0469 +Priv 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
43 CVE-2002-0470 +Priv 2002-08-12 2008-09-24
7.2
None Local Low Not required Complete Complete Complete
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
44 CVE-2002-0471 Exec Code 2002-08-12 2008-09-24
10.0
None Remote Low Not required Complete Complete Complete
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
45 CVE-2002-0472 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
46 CVE-2002-0473 Exec Code 2002-08-12 2016-09-17
10.0
None Remote Low Not required Complete Complete Complete
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
47 CVE-2002-0474 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
48 CVE-2002-0475 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
49 CVE-2002-0476 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
50 CVE-2002-0477 Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
Total number of vulnerabilities : 255   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.