CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2002-0752 +Info 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
102 CVE-2002-0751 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
103 CVE-2002-0750 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
104 CVE-2002-0749 Exec Code 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
105 CVE-2002-0748 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
106 CVE-2002-0747 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lsmcode in AIX 4.3.3.
107 CVE-2002-0746 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
108 CVE-2002-0745 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in uucp in AIX 4.3.3.
109 CVE-2002-0744 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
110 CVE-2002-0743 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
111 CVE-2002-0742 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in pioout on AIX 4.3.3.
112 CVE-2002-0741 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
113 CVE-2002-0740 Overflow +Priv 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
114 CVE-2002-0739 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
115 CVE-2002-0738 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
116 CVE-2002-0737 DoS 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
117 CVE-2002-0736 Bypass 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
118 CVE-2002-0735 DoS Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.
119 CVE-2002-0734 Exec Code 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
120 CVE-2002-0733 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
121 CVE-2002-0732 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
122 CVE-2002-0731 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
123 CVE-2002-0730 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
124 CVE-2002-0729 DoS 2002-08-12 2016-10-18
5.0
None Remote Low Not required None None Partial
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
125 CVE-2002-0728 DoS Overflow 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
126 CVE-2002-0719 Exec Code Sql 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
127 CVE-2002-0718 Exec Code 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
128 CVE-2002-0710 Dir. Trav. 2002-08-12 2016-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
129 CVE-2002-0700 Exec Code Overflow 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
130 CVE-2002-0698 120 Exec Code Overflow 2002-08-12 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
131 CVE-2002-0697 Bypass 2002-08-12 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
132 CVE-2002-0695 Exec Code Overflow 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
133 CVE-2002-0684 Exec Code Overflow 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
134 CVE-2002-0661 Exec Code Dir. Trav. 2002-08-12 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
135 CVE-2002-0660 DoS Exec Code Overflow 2002-08-12 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
136 CVE-2002-0659 DoS 2002-08-12 2008-09-10
5.0
None Remote Low Not required None None Partial
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
137 CVE-2002-0658 +Priv 2002-08-12 2013-09-04
6.2
None Local High Not required Complete Complete Complete
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
138 CVE-2002-0657 Exec Code Overflow 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
139 CVE-2002-0656 Exec Code Overflow 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
140 CVE-2002-0655 DoS Exec Code 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
141 CVE-2002-0650 DoS 2002-08-12 2018-10-12
5.0
None Remote Low Not required None None Partial
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
142 CVE-2002-0649 119 DoS Exec Code Overflow 2002-08-12 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
143 CVE-2002-0645 Exec Code Sql 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
144 CVE-2002-0644 Exec Code Overflow 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
145 CVE-2002-0638 +Priv 2002-08-12 2016-10-18
6.2
None Local High Not required Complete Complete Complete
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
146 CVE-2002-0619 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
147 CVE-2002-0618 Exec Code 2002-08-12 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
148 CVE-2002-0617 Exec Code Bypass 2002-08-12 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
149 CVE-2002-0616 Exec Code 2002-08-12 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
150 CVE-2002-0534 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
Total number of vulnerabilities : 255   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.