CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2002-0482 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
202 CVE-2002-0481 Bypass 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
203 CVE-2002-0480 2002-08-12 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
204 CVE-2002-0479 Bypass 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
205 CVE-2002-0478 2002-08-12 2016-10-18
5.0
None Remote Low Not required None Partial None
The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.
206 CVE-2002-0477 Exec Code 2002-08-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
207 CVE-2002-0476 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
208 CVE-2002-0475 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
209 CVE-2002-0474 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
210 CVE-2002-0473 Exec Code 2002-08-12 2016-09-17
10.0
None Remote Low Not required Complete Complete Complete
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
211 CVE-2002-0472 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
212 CVE-2002-0471 Exec Code 2002-08-12 2008-09-24
10.0
None Remote Low Not required Complete Complete Complete
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
213 CVE-2002-0470 +Priv 2002-08-12 2008-09-24
7.2
None Local Low Not required Complete Complete Complete
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
214 CVE-2002-0469 +Priv 2002-08-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
215 CVE-2002-0468 Overflow +Priv 2002-08-12 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
216 CVE-2002-0467 Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
217 CVE-2002-0466 2002-08-12 2017-12-19
5.0
None Remote Low Not required Partial None None
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
218 CVE-2002-0465 Exec Code Dir. Trav. 2002-08-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
219 CVE-2002-0464 Dir. Trav. 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
220 CVE-2002-0463 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
221 CVE-2002-0462 DoS 2002-08-12 2008-09-05
6.4
None Remote Low Not required Partial None Partial
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
222 CVE-2002-0461 DoS 2002-08-12 2021-07-23
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
223 CVE-2002-0460 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
224 CVE-2002-0459 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
225 CVE-2002-0458 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
226 CVE-2002-0457 Exec Code XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
227 CVE-2002-0456 2002-08-12 2016-10-18
5.0
None Remote Low Not required None Partial None
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
228 CVE-2002-0455 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
229 CVE-2002-0454 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
230 CVE-2002-0453 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
231 CVE-2002-0452 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
232 CVE-2002-0451 Exec Code 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
233 CVE-2002-0430 Bypass 2002-08-12 2008-09-10
3.7
None Local High Not required Partial Partial Partial
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
234 CVE-2002-0429 2002-08-12 2016-10-18
3.6
None Local Low Not required None Partial Partial
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
235 CVE-2002-0428 Bypass 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
236 CVE-2002-0427 Overflow +Priv 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
237 CVE-2002-0426 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
238 CVE-2002-0425 +Info 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
239 CVE-2002-0424 +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
240 CVE-2002-0423 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
241 CVE-2002-0422 200 +Info 2002-08-12 2020-11-23
2.6
None Remote High Not required Partial None None
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
242 CVE-2002-0421 Bypass 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
243 CVE-2002-0420 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
244 CVE-2002-0419 200 +Info 2002-08-12 2020-11-23
5.0
None Remote Low Not required Partial None None
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
245 CVE-2002-0418 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
246 CVE-2002-0417 Dir. Trav. 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
247 CVE-2002-0416 DoS Exec Code Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
248 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low ??? Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
249 CVE-2002-0414 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
250 CVE-2002-0413 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
Total number of vulnerabilities : 255   Page : 1 2 3 4 5 (This Page)6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.