CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2002-0574 DoS 2002-07-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.
52 CVE-2002-0573 Exec Code 2002-07-03 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
53 CVE-2002-0572 2002-07-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
54 CVE-2002-0571 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
55 CVE-2002-0570 2002-07-03 2017-12-19
2.1
None Local Low Not required None Partial None
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
56 CVE-2002-0569 Bypass 2002-07-03 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
57 CVE-2002-0568 +Info 2002-07-03 2016-10-18
2.1
None Local Low Not required Partial None None
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
58 CVE-2002-0567 Bypass 2002-07-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
59 CVE-2002-0566 DoS 2002-07-03 2018-05-03
5.0
None Remote Low Not required None None Partial
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
60 CVE-2002-0565 +Info 2002-07-03 2017-12-19
5.0
None Remote Low Not required Partial None None
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
61 CVE-2002-0564 Bypass 2002-07-03 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
62 CVE-2002-0563 287 2002-07-03 2017-07-11
5.0
None Remote Low Not required Partial None None
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
63 CVE-2002-0562 2002-07-03 2016-10-18
5.0
None Remote Low Not required Partial None None
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
64 CVE-2002-0561 +Priv 2002-07-03 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
65 CVE-2002-0560 +Info 2002-07-03 2016-10-18
5.0
None Remote Low Not required Partial None None
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
66 CVE-2002-0559 DoS Exec Code Overflow 2002-07-03 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
67 CVE-2002-0558 Dir. Trav. 2002-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
68 CVE-2002-0557 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
69 CVE-2002-0556 Dir. Trav. 2002-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
70 CVE-2002-0555 Exec Code 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
71 CVE-2002-0554 Sql Bypass 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
72 CVE-2002-0553 +Priv XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
73 CVE-2002-0552 DoS Exec Code Overflow 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.
74 CVE-2002-0551 Exec Code XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar.
75 CVE-2002-0550 Exec Code 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter.
76 CVE-2002-0549 XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users.
77 CVE-2002-0548 Bypass 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php.
78 CVE-2002-0547 DoS Exec Code Overflow 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
79 CVE-2002-0546 XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
80 CVE-2002-0545 DoS 2002-07-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
81 CVE-2002-0544 +Priv 2002-07-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.
82 CVE-2002-0543 Dir. Trav. 2002-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
83 CVE-2002-0542 +Priv 2002-07-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
84 CVE-2002-0541 DoS Exec Code Overflow 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
85 CVE-2002-0540 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
86 CVE-2002-0539 +Priv Sql 2002-07-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
87 CVE-2002-0538 2002-07-03 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
88 CVE-2002-0537 +Priv 2002-07-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
89 CVE-2002-0536 Sql 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
90 CVE-2002-0535 Exec Code XSS 2002-07-03 2017-07-11
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
91 CVE-2002-0450 Exec Code Overflow 2002-07-26 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
92 CVE-2002-0449 Exec Code Overflow 2002-07-26 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe.
93 CVE-2002-0448 DoS 2002-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
94 CVE-2002-0447 Dir. Trav. 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
95 CVE-2002-0446 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.
96 CVE-2002-0445 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
97 CVE-2002-0444 Bypass 2002-07-26 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
98 CVE-2002-0443 Bypass 2002-07-26 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
99 CVE-2002-0442 Overflow +Priv 2002-07-26 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.
100 CVE-2002-0441 Dir. Trav. 2002-07-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.
Total number of vulnerabilities : 137   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.