CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
52 CVE-2002-1141 DoS 2002-10-11 2018-10-12
5.0
None Remote Low Not required None None Partial
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
53 CVE-2002-1140 DoS 2002-10-11 2018-10-12
5.0
None Remote Low Not required None None Partial
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
54 CVE-2002-1139 2002-10-11 2018-10-12
5.0
None Remote Low Not required None Partial None
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
55 CVE-2002-1138 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
56 CVE-2002-1137 Exec Code Overflow 2002-10-11 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
57 CVE-2002-1135 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
58 CVE-2002-1134 2002-10-04 2016-10-18
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
59 CVE-2002-1133 Dir. Trav. 2002-10-04 2016-10-18
5.0
None Remote Low Not required Partial None None
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
60 CVE-2002-1132 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
61 CVE-2002-1131 XSS 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
62 CVE-2002-1129 Exec Code Overflow 2002-10-04 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
63 CVE-2002-1128 Exec Code Overflow 2002-10-04 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
64 CVE-2002-1127 Exec Code Overflow 2002-10-04 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
65 CVE-2002-1119 Exec Code 2002-10-04 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
66 CVE-2002-1118 DoS 2002-10-28 2008-09-11
5.0
None Remote Low Not required None None Partial
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
67 CVE-2002-1117 2002-10-04 2017-10-10
5.0
None Remote Low Not required Partial None None
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
68 CVE-2002-1116 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
69 CVE-2002-1115 2002-10-04 2016-10-18
5.0
None Remote Low Not required Partial None None
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
70 CVE-2002-1114 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
71 CVE-2002-1113 Exec Code 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
72 CVE-2002-1112 2002-10-04 2017-10-10
5.0
None Remote Low Not required Partial None None
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
73 CVE-2002-1111 264 2002-10-04 2017-10-10
5.0
None Remote Low Not required Partial None None
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
74 CVE-2002-1110 +Priv Sql 2002-10-04 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
75 CVE-2002-1109 DoS 2002-10-04 2016-10-18
2.1
None Local Low Not required None None Partial
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
76 CVE-2002-1108 2002-10-04 2017-10-10
5.0
None Remote Low Not required Partial None None
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
77 CVE-2002-1107 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
78 CVE-2002-1106 2002-10-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
79 CVE-2002-1105 2002-10-04 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
80 CVE-2002-1104 DoS 2002-10-04 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
81 CVE-2002-1103 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.
82 CVE-2002-1102 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
83 CVE-2002-1101 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name.
84 CVE-2002-1100 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.
85 CVE-2002-1099 +Info 2002-10-04 2018-10-30
5.0
None Remote Low Not required Partial None None
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
86 CVE-2002-1098 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
87 CVE-2002-1097 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
88 CVE-2002-1096 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
89 CVE-2002-1095 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
90 CVE-2002-1094 +Info 2002-10-04 2018-10-30
5.0
None Remote Low Not required Partial None None
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
91 CVE-2002-1093 DoS 2002-10-04 2018-10-30
5.0
None Remote Low Not required None None Partial
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
92 CVE-2002-1092 2002-10-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
93 CVE-2002-1091 Exec Code 2002-10-04 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
94 CVE-2002-1090 DoS Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
95 CVE-2002-1089 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
96 CVE-2002-1088 Exec Code Overflow 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
97 CVE-2002-1087 2002-10-04 2008-09-05
5.0
None Remote Low Not required None Partial None
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
98 CVE-2002-1086 Sql 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
99 CVE-2002-1085 XSS 2002-10-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.
100 CVE-2002-1084 2002-10-04 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
Total number of vulnerabilities : 314   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.