CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2002-0533 DoS 2002-08-12 2016-10-18
5.0
None Remote Low Not required None None Partial
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
152 CVE-2002-0532 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
153 CVE-2002-0531 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
154 CVE-2002-0530 XSS 2002-08-12 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
155 CVE-2002-0529 +Priv 2002-08-12 2008-09-05
6.2
None Local High Not required Complete Complete Complete
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
156 CVE-2002-0528 Bypass 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
157 CVE-2002-0527 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options.
158 CVE-2002-0526 2002-08-12 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls.
159 CVE-2002-0525 +Priv 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
160 CVE-2002-0524 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.
161 CVE-2002-0523 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
162 CVE-2002-0522 +Priv Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.
163 CVE-2002-0521 +Priv XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
164 CVE-2002-0520 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
165 CVE-2002-0518 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.
166 CVE-2002-0517 Overflow +Priv 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm.
167 CVE-2002-0516 Exec Code 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
168 CVE-2002-0515 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
169 CVE-2002-0514 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
170 CVE-2002-0513 +Priv 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
171 CVE-2002-0512 +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
172 CVE-2002-0511 Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names.
173 CVE-2002-0510 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
174 CVE-2002-0509 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
175 CVE-2002-0508 Exec Code 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
176 CVE-2002-0507 287 Bypass 2002-08-12 2020-04-02
2.1
None Local Low Not required None Partial None
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
177 CVE-2002-0506 DoS Exec Code Overflow 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
178 CVE-2002-0505 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
179 CVE-2002-0504 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
180 CVE-2002-0503 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
181 CVE-2002-0502 2002-08-12 2017-12-19
5.0
None Remote Low Not required Partial None None
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
182 CVE-2002-0501 Exec Code 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
183 CVE-2002-0500 2002-08-12 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
184 CVE-2002-0499 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
185 CVE-2002-0498 +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
186 CVE-2002-0497 Overflow 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
187 CVE-2002-0496 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
188 CVE-2002-0495 Exec Code 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
189 CVE-2002-0494 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
190 CVE-2002-0493 254 Bypass 2002-08-12 2019-03-25
7.5
None Remote Low Not required Partial Partial Partial
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
191 CVE-2002-0492 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
192 CVE-2002-0491 +Priv Bypass 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
193 CVE-2002-0490 Exec Code 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
194 CVE-2002-0489 Exec Code 2002-08-12 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
195 CVE-2002-0488 Exec Code 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
196 CVE-2002-0487 +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
197 CVE-2002-0486 +Priv 2002-08-12 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
198 CVE-2002-0485 Bypass 2002-08-12 2016-10-18
5.0
None Remote Low Not required None Partial None
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
199 CVE-2002-0484 2002-08-12 2016-10-18
5.0
None Remote Low Not required None Partial None
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
200 CVE-2002-0483 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
Total number of vulnerabilities : 255   Page : 1 2 3 4 (This Page)5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.