CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1616 Overflow +Priv 2002-08-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
2 CVE-2002-1452 Exec Code Overflow 2002-08-14 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.
3 CVE-2002-0847 Exec Code 2002-08-12 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
4 CVE-2002-0846 Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
5 CVE-2002-0845 Exec Code Overflow 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.
6 CVE-2002-0833 Exec Code Overflow 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.
7 CVE-2002-0832 Bypass 2002-08-12 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
8 CVE-2002-0827 +Priv 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.
9 CVE-2002-0826 Exec Code Overflow 2002-08-12 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
10 CVE-2002-0825 DoS Exec Code Overflow 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
11 CVE-2002-0824 59 2002-08-12 2021-03-11
6.9
None Local Medium Not required Complete Complete Complete
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
12 CVE-2002-0823 Exec Code Overflow 2002-08-12 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
13 CVE-2002-0822 DoS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
14 CVE-2002-0821 DoS Exec Code Overflow 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
15 CVE-2002-0820 +Priv 2002-08-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
16 CVE-2002-0819 +Priv 2002-08-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.
17 CVE-2002-0818 DoS Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.
18 CVE-2002-0817 +Priv 2002-08-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.
19 CVE-2002-0816 Overflow +Priv 2002-08-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.
20 CVE-2002-0815 2002-08-12 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
21 CVE-2002-0814 Exec Code Overflow 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
22 CVE-2002-0813 119 DoS Overflow 2002-08-12 2016-10-18
7.1
None Remote Medium Not required None None Complete
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
23 CVE-2002-0812 200 +Info 2002-08-12 2020-12-09
6.4
None Remote Low Not required Partial Partial None
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
24 CVE-2002-0811 DoS Sql 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
25 CVE-2002-0809 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
26 CVE-2002-0808 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
27 CVE-2002-0807 XSS 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
28 CVE-2002-0804 Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
29 CVE-2002-0802 Sql 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
30 CVE-2002-0801 Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
31 CVE-2002-0799 Exec Code Overflow 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
32 CVE-2002-0797 Overflow +Priv 2002-08-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
33 CVE-2002-0796 +Priv 2002-08-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
34 CVE-2002-0789 Exec Code Overflow 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.
35 CVE-2002-0787 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
36 CVE-2002-0783 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
37 CVE-2002-0778 2002-08-12 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
38 CVE-2002-0777 Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
39 CVE-2002-0776 +Priv 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
40 CVE-2002-0774 +Priv 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
41 CVE-2002-0773 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
42 CVE-2002-0772 Dir. Trav. 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
43 CVE-2002-0771 XSS 2002-08-12 2016-11-19
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
44 CVE-2002-0769 Bypass 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.
45 CVE-2002-0768 Exec Code Overflow 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
46 CVE-2002-0767 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
47 CVE-2002-0766 DoS +Priv 2002-08-12 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
48 CVE-2002-0765 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
49 CVE-2002-0764 Exec Code 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
50 CVE-2002-0763 Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
Total number of vulnerabilities : 149   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.