CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2002-0223 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.
102 CVE-2002-0222 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
103 CVE-2002-0221 DoS 2002-05-16 2008-09-11
5.0
None Remote Low Not required None None Partial
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.
104 CVE-2002-0220 Exec Code 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.
105 CVE-2002-0219 Exec Code Overflow 2002-05-16 2008-09-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
106 CVE-2002-0218 Exec Code 2002-05-16 2008-09-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
107 CVE-2002-0217 XSS 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
108 CVE-2002-0216 Sql +Info 2002-05-16 2008-09-11
5.0
None Remote Low Not required Partial None None
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
109 CVE-2002-0215 2002-05-16 2008-09-11
5.0
None Remote Low Not required Partial None None
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
110 CVE-2002-0214 2002-05-16 2008-09-11
2.1
None Local Low Not required Partial None None
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.
111 CVE-2002-0213 2002-05-16 2016-10-18
2.1
None Local Low Not required Partial None None
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
112 CVE-2002-0212 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
113 CVE-2002-0211 Exec Code 2002-05-16 2016-10-18
6.2
None Local High Not required Complete Complete Complete
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
114 CVE-2002-0210 2002-05-16 2008-09-11
7.2
None Local Low Not required Complete Complete Complete
setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.
115 CVE-2002-0209 2002-05-16 2008-09-11
5.0
None Remote Low Not required Partial None None
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
116 CVE-2002-0208 2002-05-16 2008-09-11
5.0
None Remote Low Not required Partial None None
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
117 CVE-2002-0207 Exec Code Overflow 2002-05-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
118 CVE-2002-0206 Exec Code 2002-05-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
119 CVE-2002-0205 XSS 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
120 CVE-2002-0204 Exec Code Overflow 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
121 CVE-2002-0203 2002-05-16 2016-10-18
5.0
None Remote Low Not required Partial None None
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
122 CVE-2002-0202 2002-05-16 2008-09-11
3.6
None Local Low Not required Partial Partial None
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
123 CVE-2002-0201 DoS Exec Code Overflow 2002-05-16 2016-10-18
5.0
None Remote Low Not required None None Partial
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
124 CVE-2002-0200 DoS 2002-05-16 2016-10-18
5.0
None Remote Low Not required None None Partial
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
125 CVE-2002-0199 DoS Exec Code Overflow 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
126 CVE-2002-0198 Exec Code Overflow 2002-05-16 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
127 CVE-2002-0197 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
128 CVE-2002-0196 2002-05-16 2008-09-11
6.4
None Remote Low Not required Partial Partial None
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
129 CVE-2002-0193 Exec Code 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
130 CVE-2002-0191 2002-05-29 2021-07-23
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
131 CVE-2002-0190 Exec Code 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
132 CVE-2002-0189 XSS 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
133 CVE-2002-0188 Exec Code 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
134 CVE-2002-0185 2002-05-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
135 CVE-2002-0184 787 Overflow +Priv 2002-05-16 2021-04-01
7.2
None Local Low Not required Complete Complete Complete
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
136 CVE-2002-0178 Exec Code 2002-05-29 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
137 CVE-2002-0174 +Priv 2002-05-29 2008-09-11
7.2
None Local Low Not required Complete Complete Complete
nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.
138 CVE-2002-0173 Overflow +Priv 2002-05-16 2008-09-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
139 CVE-2002-0172 DoS 2002-05-16 2008-09-11
2.1
None Local Low Not required None None Partial
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
140 CVE-2002-0171 +Priv 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
141 CVE-2002-0169 2002-05-29 2008-09-11
4.6
None Local Low Not required Partial Partial Partial
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
142 CVE-2002-0157 2002-05-16 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
143 CVE-2002-0155 Exec Code Overflow 2002-05-29 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
144 CVE-2002-0154 DoS Exec Code Overflow 2002-05-16 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
145 CVE-2002-0033 Exec Code Overflow 2002-05-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
146 CVE-2001-1340 2002-05-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
147 CVE-2001-1334 2002-05-19 2016-10-18
5.0
None Remote Low Not required Partial None None
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
148 CVE-1999-1570 Overflow +Priv 2002-05-01 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
Total number of vulnerabilities : 148   Page : 1 2 3 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.