CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2002 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1642 DoS 2002-10-03 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.
2 CVE-2002-1618 Bypass 2002-10-16 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
3 CVE-2002-1590 264 DoS +Priv 2002-10-29 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
4 CVE-2002-1229 +Priv 2002-10-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
5 CVE-2002-1227 +Priv 2002-10-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
6 CVE-2002-1226 Overflow 2002-10-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
7 CVE-2002-1225 Overflow 2002-10-28 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
8 CVE-2002-1223 DoS Exec Code Overflow 2002-10-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
9 CVE-2002-1222 119 DoS Overflow 2002-10-28 2008-09-10
7.1
None Remote Medium Not required None None Complete
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
10 CVE-2002-1217 Exec Code Bypass 2002-10-28 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
11 CVE-2002-1215 Exec Code Overflow 2002-10-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
12 CVE-2002-1214 DoS Exec Code Overflow 2002-10-28 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
13 CVE-2002-1202 2002-10-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.
14 CVE-2002-1200 119 DoS Exec Code Overflow 2002-10-28 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
15 CVE-2002-1198 Sql 2002-10-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
16 CVE-2002-1197 Exec Code 2002-10-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
17 CVE-2002-1196 2002-10-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
18 CVE-2002-1194 Exec Code Overflow 2002-10-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
19 CVE-2002-1190 2002-10-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
20 CVE-2002-1179 Exec Code Overflow 2002-10-28 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
21 CVE-2002-1174 119 DoS Exec Code Overflow 2002-10-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
22 CVE-2002-1166 Exec Code Overflow 2002-10-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
23 CVE-2002-1152 2002-10-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
24 CVE-2002-1151 XSS 2002-10-11 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
25 CVE-2002-1147 DoS 2002-10-11 2016-10-18
7.1
None Remote Medium Not required None None Complete
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
26 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
27 CVE-2002-1138 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
28 CVE-2002-1137 Exec Code Overflow 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
29 CVE-2002-1135 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
30 CVE-2002-1131 XSS 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
31 CVE-2002-1129 Exec Code Overflow 2002-10-04 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
32 CVE-2002-1128 Exec Code Overflow 2002-10-04 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
33 CVE-2002-1127 Exec Code Overflow 2002-10-04 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
34 CVE-2002-1116 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
35 CVE-2002-1114 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
36 CVE-2002-1113 Exec Code 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
37 CVE-2002-1110 +Priv Sql 2002-10-04 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
38 CVE-2002-1107 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
39 CVE-2002-1106 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
40 CVE-2002-1098 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
41 CVE-2002-1097 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
42 CVE-2002-1096 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
43 CVE-2002-1092 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
44 CVE-2002-1091 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
45 CVE-2002-1090 DoS Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
46 CVE-2002-1088 Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
47 CVE-2002-1086 Sql 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
48 CVE-2002-1085 XSS 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.
49 CVE-2002-1084 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
50 CVE-2002-1080 +Priv 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.
Total number of vulnerabilities : 165   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.