CVE Output in CVRF 1.1: 20240227
CVE List
cve@mitre.org
The MITRE Corporation
20240227-102213
Interim
2024.02.27.10
1
2024-02-27T10:22:13
Initial public release
2024-02-27T10:22:13
2024-02-27T10:22:13
MITRE Custom CVE-to-CVRF Converter 2.0
This is a list of CVE Identifiers as published by MITRE.
The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Vulnerabilities and Exposures (CVE (R)) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITREs copyright designation and this license in any such copy.
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
CVE-2002-0001
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
2002-01-03
2016-10-17
CVE-2002-0001
http://www.securityfocus.com/bid/3774
BID:3774
http://marc.info/?l=bugtraq&m=100994648918287&w=2
BUGTRAQ:20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
CALDERA:CSSA-2002-002.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
CONECTIVA:CLA-2002:449
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
CONFIRM:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
http://www.debian.org/security/2002/dsa-096
DEBIAN:DSA-096
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
FREEBSD:FreeBSD-SA-02:04
http://online.securityfocus.com/advisories/3778
HP:HPSBTL0201-011
http://www.redhat.com/support/errata/RHSA-2002-003.html
REDHAT:RHSA-2002:003
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
SUSE:SuSE-SA:2002:001
http://www.iss.net/security_center/static/7759.php
XF:mutt-address-handling-bo(7759)
CVE-2002-0002
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
2002-06-25
2007-11-12
CVE-2002-0002
http://www.securityfocus.com/bid/3748
BID:3748
http://online.securityfocus.com/archive/1/247427
BUGTRAQ:20011227 Stunnel: Format String Bug in versions <3.22
http://online.securityfocus.com/archive/1/248149
BUGTRAQ:20020102 Stunnel: Format String Bug update
http://stunnel.mirt.net/news.html
CONFIRM:http://stunnel.mirt.net/news.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3
MANDRAKE:MDKSA-2002:004
http://marc.info/?l=stunnel-users&m=100869449828705&w=2
MISC:http://marc.info/?l=stunnel-users&m=100869449828705&w=2
http://www.redhat.com/support/errata/RHSA-2002-002.html
REDHAT:RHSA-2002:002
https://exchange.xforce.ibmcloud.com/vulnerabilities/7741
XF:stunnel-client-format-string(7741)
CVE-2002-0003
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
2002-06-25
2002-06-15
CVE-2002-0003
http://www.securityfocus.com/bid/3869
BID:3869
http://online.securityfocus.com/advisories/3793
HP:HPSBTL0201-014
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php
MANDRAKE:MDKSA-2002:012
http://www.redhat.com/support/errata/RHSA-2002-004.html
REDHAT:RHSA-2002:004
https://exchange.xforce.ibmcloud.com/vulnerabilities/7881
XF:linux-groff-preprocessor-bo(7881)
CVE-2002-0004
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
2002-06-25
2002-06-15
CVE-2002-0004
http://www.securityfocus.com/bid/3886
BID:3886
http://marc.info/?l=bugtraq&m=101128661602088&w=2
BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit
http://www.debian.org/security/2002/dsa-102
DEBIAN:DSA-102
http://online.securityfocus.com/advisories/3833
HP:HPSBTL0201-021
http://online.securityfocus.com/advisories/3969
HP:HPSBTL0302-034
http://marc.info/?l=bugtraq&m=101147632721031&w=2
MANDRAKE:MDKSA-2002:007
http://www.redhat.com/support/errata/RHSA-2002-015.html
REDHAT:RHSA-2002:015
http://www.novell.com/linux/security/advisories/2002_003_at_txt.html
SUSE:SuSE-SA:2002:003
https://exchange.xforce.ibmcloud.com/vulnerabilities/7909
XF:linux-at-exetime-heap-corruption(7909)
CVE-2002-0005
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
2002-03-09
2002-01-10
CVE-2002-0005
http://www.securityfocus.com/bid/3769
BID:3769
http://www.securityfocus.com/archive/1/247944
BUGTRAQ:20020102 AIM addendum
http://marc.info/?l=ntbugtraq&m=100998295512885&w=2
BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
http://www.kb.cert.org/vuls/id/907819
CERT-VN:VU#907819
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
NTBUGTRAQ:20020102 AIM addendum
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7743
XF:aim-game-overflow(7743)
CVE-2002-0006
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
2003-04-02
2002-05-31
CVE-2002-0006
http://www.securityfocus.com/bid/3830
BID:3830
http://marc.info/?l=bugtraq&m=101060676210255&w=2
BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
CONECTIVA:CLA-2002:453
http://www.debian.org/security/2002/dsa-099
DEBIAN:DSA-099
http://online.securityfocus.com/advisories/3806
HP:HPSBTL0201-016
http://rhn.redhat.com/errata/RHSA-2002-005.html
REDHAT:RHSA-2002:005
https://exchange.xforce.ibmcloud.com/vulnerabilities/7856
XF:xchat-ctcp-ping-command(7856)
CVE-2002-0007
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
2002-06-25
2002-06-15
CVE-2002-0007
http://www.securityfocus.com/bid/3792
BID:3792
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
http://www.bugzilla.org/security2_14_1.html
CONFIRM:http://www.bugzilla.org/security2_14_1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=54901
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901
http://rhn.redhat.com/errata/RHSA-2002-001.html
REDHAT:RHSA-2002:001
https://exchange.xforce.ibmcloud.com/vulnerabilities/7812
XF:bugzilla-ldap-auth-bypass(7812)
CVE-2002-0008
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
2002-01-10
2005-07-02
CVE-2002-0008
http://www.securityfocus.com/bid/3793
BID:3793
http://www.securityfocus.com/bid/3794
BID:3794
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
http://www.bugzilla.org/security2_14_1.html
CONFIRM:http://www.bugzilla.org/security2_14_1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=108385
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108385
http://bugzilla.mozilla.org/show_bug.cgi?id=108516
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108516
http://rhn.redhat.com/errata/RHSA-2002-001.html
REDHAT:RHSA-2002:001
http://www.iss.net/security_center/static/7804.php
XF:bugzilla-postbug-report-spoofing(7804)
http://www.iss.net/security_center/static/7805.php
XF:bugzilla-processbug-comment-spoofing(7805)
CVE-2002-0009
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.
2003-04-02
2003-03-18
CVE-2002-0009
http://www.securityfocus.com/bid/3798
BID:3798
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
http://www.bugzilla.org/security2_14_1.html
CONFIRM:http://www.bugzilla.org/security2_14_1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=102141
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141
http://rhn.redhat.com/errata/RHSA-2002-001.html
REDHAT:RHSA-2002:001
http://www.iss.net/security_center/static/7802.php
XF:bugzilla-showbug-reveal-bugs(7802)
CVE-2002-0010
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
2002-01-10
2005-07-02
CVE-2002-0010
http://www.securityfocus.com/bid/3801
BID:3801
http://www.securityfocus.com/bid/3802
BID:3802
http://www.securityfocus.com/bid/3804
BID:3804
http://www.securityfocus.com/bid/3805
BID:3805
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
BUGTRAQ:20020106 Inproper input validation in Bugzilla <=2.14 - exploit
http://www.bugzilla.org/security2_14_1.html
CONFIRM:http://www.bugzilla.org/security2_14_1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=108812
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108812
http://bugzilla.mozilla.org/show_bug.cgi?id=108821
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108821
http://bugzilla.mozilla.org/show_bug.cgi?id=108822
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108822
http://bugzilla.mozilla.org/show_bug.cgi?id=109679
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109679
http://bugzilla.mozilla.org/show_bug.cgi?id=109690
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109690
http://www.bugzilla.org/bugzilla2.14to2.14.1.patch
MISC:http://www.bugzilla.org/bugzilla2.14to2.14.1.patch
http://rhn.redhat.com/errata/RHSA-2002-001.html
REDHAT:RHSA-2002:001
http://www.iss.net/security_center/static/7807.php
XF:bugzilla-buglist-modify-sql(7807)
http://www.iss.net/security_center/static/7813.php
XF:bugzilla-buglist-sql-logic(7813)
http://www.iss.net/security_center/static/7814.php
XF:bugzilla-editusers-change-groupset(7814)
http://www.iss.net/security_center/static/7811.php
XF:bugzilla-longlist-modify-sql(7811)
http://www.iss.net/security_center/static/7809.php
XF:bugzilla-userprefs-change-groupset(7809)
CVE-2002-0011
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
2003-04-02
2003-03-18
CVE-2002-0011
http://www.securityfocus.com/bid/3800
BID:3800
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
http://www.bugzilla.org/security2_14_1.html
CONFIRM:http://www.bugzilla.org/security2_14_1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=98146
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146
http://rhn.redhat.com/errata/RHSA-2002-001.html
REDHAT:RHSA-2002:001
http://www.iss.net/security_center/static/7803.php
XF:bugzilla-doeditvotes-login-information(7803)
CVE-2002-0012
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
2002-02-18
2018-10-12
CVE-2002-0012
http://www.securityfocus.com/bid/5043
BID:5043
CALDERA:CSSA-2002-SCO.4
http://www.cert.org/advisories/CA-2002-03.html
CERT:CA-2002-03
http://www.kb.cert.org/vuls/id/107186
CERT-VN:VU#107186
http://www.securityfocus.com/advisories/4211
HP:HPSBMP0206-015
http://www.iss.net/security_center/alerts/advise110.php
ISS:20020212 PROTOS Remote SNMP Attack Tool
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006
MS:MS02-006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1048
OVAL:oval:org.mitre.oval:def:1048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A144
OVAL:oval:org.mitre.oval:def:144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A161
OVAL:oval:org.mitre.oval:def:161
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298
OVAL:oval:org.mitre.oval:def:298
http://www.redhat.com/support/errata/RHSA-2001-163.html
REDHAT:RHSA-2001:163
ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
SGI:20020201-01-A
CVE-2002-0013
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
2002-02-18
2018-10-12
CVE-2002-0013
CALDERA:CSSA-2002-SCO.4
http://www.cert.org/advisories/CA-2002-03.html
CERT:CA-2002-03
http://www.kb.cert.org/vuls/id/854306
CERT-VN:VU#854306
http://www.iss.net/security_center/alerts/advise110.php
ISS:20020212 PROTOS Remote SNMP Attack Tool
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006
MS:MS02-006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298
OVAL:oval:org.mitre.oval:def:298
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87
OVAL:oval:org.mitre.oval:def:87
http://www.redhat.com/support/errata/RHSA-2001-163.html
REDHAT:RHSA-2001:163
ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
SGI:20020201-01-A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1
SUNALERT:57404
CVE-2002-0014
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
2003-04-02
2002-07-26
CVE-2002-0014
http://www.securityfocus.com/bid/3815
BID:3815
http://marc.info/?l=bugtraq&m=101027841605918&w=2
BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000460
CONECTIVA:CLA-2002:460
ENGARDE:ESA-20020114-002
FREEBSD:FreeBSD-SA-02:05
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-015
HP:HPSBTL0201-015
http://rhn.redhat.com/errata/RHSA-2002-009.html
REDHAT:RHSA-2002:009
CVE-2002-0015
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0015
CVE-2002-0016
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0016
CVE-2002-0017
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
2003-04-02
2003-03-18
CVE-2002-0017
http://www.securityfocus.com/bid/4421
BID:4421
http://www.iss.net/security_center/alerts/advise113.php
ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P
SGI:20020201-01-P
http://www.iss.net/security_center/static/7846.php
XF:irix-snmp-bo(7846)
CVE-2002-0018
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
2002-06-25
2002-06-15
CVE-2002-0018
http://www.securityfocus.com/bid/3997
BID:3997
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001
MS:MS02-001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159
OVAL:oval:org.mitre.oval:def:159
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64
OVAL:oval:org.mitre.oval:def:64
https://exchange.xforce.ibmcloud.com/vulnerabilities/8023
XF:win-sid-gain-privileges(8023)
CVE-2002-0019
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0019
CVE-2002-0020
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
2002-06-25
2002-03-15
CVE-2002-0020
http://www.securityfocus.com/bid/4061
BID:4061
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-004
MS:MS02-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A424
OVAL:oval:org.mitre.oval:def:424
http://www.iss.net/security_center/static/8094.php
XF:ms-telnet-option-bo(8094)
CVE-2002-0021
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
2002-06-25
2002-06-15
CVE-2002-0021
http://www.securityfocus.com/bid/4045
BID:4045
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-002
MS:MS02-002
http://www.osvdb.org/2041
OSVDB:2041
CVE-2002-0022
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
2002-06-25
2002-06-15
CVE-2002-0022
http://www.securityfocus.com/bid/4080
BID:4080
http://marc.info/?l=bugtraq&m=101362984930597&w=2
BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll
http://online.securityfocus.com/archive/1/258614
BUGTRAQ:20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)
http://www.cert.org/advisories/CA-2002-04.html
CERT:CA-2002-04
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A925
OVAL:oval:org.mitre.oval:def:925
http://www.iss.net/security_center/static/8116.php
XF:ie-html-directive-bo(8116)
CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
2002-06-25
2002-03-15
CVE-2002-0023
http://www.securityfocus.com/bid/3767
BID:3767
http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html
BUGTRAQ:20020101 IE GetObject() problems
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
http://www.osvdb.org/3030
OSVDB:3030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17
OVAL:oval:org.mitre.oval:def:17
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40
OVAL:oval:org.mitre.oval:def:40
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A50
OVAL:oval:org.mitre.oval:def:50
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A77
OVAL:oval:org.mitre.oval:def:77
https://exchange.xforce.ibmcloud.com/vulnerabilities/7758
XF:ie-getobject-directory-traversal(7758)
CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.
2003-04-02
2003-03-18
CVE-2002-0024
http://www.securityfocus.com/bid/4087
BID:4087
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
2002-06-25
2002-06-15
CVE-2002-0025
http://www.securityfocus.com/bid/4085
BID:4085
http://online.securityfocus.com/archive/1/255767
BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
https://exchange.xforce.ibmcloud.com/vulnerabilities/8118
XF:ie-application-invocation(8118)
CVE-2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
2002-06-25
2002-06-15
CVE-2002-0026
http://www.securityfocus.com/bid/4082
BID:4082
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12
OVAL:oval:org.mitre.oval:def:12
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23
OVAL:oval:org.mitre.oval:def:23
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32
OVAL:oval:org.mitre.oval:def:32
CVE-2002-0027
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
2002-06-25
2002-03-15
CVE-2002-0027
http://www.securityfocus.com/bid/3721
BID:3721
http://www.securityfocus.com/archive/1/246522
BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
MS:MS02-005
http://www.osvdb.org/3031
OSVDB:3031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974
OVAL:oval:org.mitre.oval:def:974
CVE-2002-0028
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
2002-06-25
2002-06-15
CVE-2002-0028
http://www.securityfocus.com/bid/3813
BID:3813
http://marc.info/?l=bugtraq&m=101043894627851&w=2
BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability
http://www.cert.org/advisories/CA-2002-02.html
CERT:CA-2002-02
http://www.kb.cert.org/vuls/id/570167
CERT-VN:VU#570167
http://marc.info/?l=vuln-dev&m=101043076806401&w=2
VULN-DEV:20020107 ICQ remote buffer overflow vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7743
XF:aim-game-overflow(7743)
CVE-2002-0029
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
2002-11-21
2003-02-26
CVE-2002-0029
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
APPLE:2002-11-21
http://www.securityfocus.com/bid/6186
BID:6186
http://www.cert.org/advisories/CA-2002-31.html
CERT:CA-2002-31
http://www.kb.cert.org/vuls/id/844360
CERT-VN:VU#844360
http://www.isc.org/products/BIND/bind-security.html
CONFIRM:http://www.isc.org/products/BIND/bind-security.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
NETBSD:NetBSD-SA2002-028
ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
SGI:20021201-01-P
http://www.iss.net/security_center/static/10624.php
XF:bind-dns-libresolv-bo(10624)
CVE-2002-0030
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
2003-03-26
2005-03-21
CVE-2002-0030
http://www.kb.cert.org/vuls/id/549913
CERT-VN:VU#549913
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
CONFIRM:http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
FULLDISC:20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html
VULNWATCH:20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
CVE-2002-0031
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
2002-06-11
2002-06-15
CVE-2002-0031
http://www.securityfocus.com/bid/4837
BID:4837
http://online.securityfocus.com/archive/1/274223
BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/137115
CERT-VN:VU#137115
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
2003-04-02
2003-03-18
CVE-2002-0032
http://www.securityfocus.com/bid/4838
BID:4838
http://online.securityfocus.com/archive/1/274223
BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/172315
CERT-VN:VU#172315
http://www.iss.net/security_center/static/9184.php
XF:yahoo-messenger-script-injection(9184)
CVE-2002-0033
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
2003-04-02
2003-03-18
CVE-2002-0033
http://www.securityfocus.com/bid/4674
BID:4674
http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html
BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
http://www.cert.org/advisories/CA-2002-11.html
CERT:CA-2002-11
http://www.kb.cert.org/vuls/id/635811
CERT-VN:VU#635811
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A124
OVAL:oval:org.mitre.oval:def:124
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A31
OVAL:oval:org.mitre.oval:def:31
http://www.iss.net/security_center/static/8999.php
XF:solaris-cachefsd-name-bo(8999)
CVE-2002-0034
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
2004-01-14
CVE-2002-0034
http://www.kb.cert.org/vuls/id/361065
CERT-VN:VU#361065
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;237399
MS:Q237399
CVE-2002-0035
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-0035
CVE-2002-0036
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
2004-09-01
2004-08-17
CVE-2002-0036
http://www.securityfocus.com/bid/6713
BID:6713
http://www.kb.cert.org/vuls/id/587579
CERT-VN:VU#587579
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
CONECTIVA:CLA-2003:639
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
MANDRAKE:MDKSA-2003:043
http://www.osvdb.org/4896
OSVDB:4896
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-168.html
REDHAT:RHSA-2003:168
https://exchange.xforce.ibmcloud.com/vulnerabilities/11190
XF:kerberos-kdc-neglength-bo(11190)
CVE-2002-0037
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.
2002-04-12
2005-05-27
CVE-2002-0037
http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html
BUGTRAQ:20010917 Lotus Notes: File attachments may be extracted regardless of document security
http://archives.neohapsis.com/archives/bugtraq/2001-09/0150.html
BUGTRAQ:20010917 Re: Lotus Notes: File attachments may be extracted regardless of document security
http://www.kb.cert.org/vuls/id/657899
CERT-VN:VU#657899
http://www.iss.net/security_center/static/10095.php
XF:lotus-domino-nsfdbreadobject(10095)
CVE-2002-0038
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.
2002-06-25
2002-06-15
CVE-2002-0038
http://www.securityfocus.com/bid/3882
BID:3882
ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I
SGI:20020102-01-I
ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I
SGI:20020102-02-I
ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P
SGI:20020102-03-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/7907
XF:irix-nsd-cache-dos(7907)
CVE-2002-0039
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.
2002-03-30
2002-04-05
CVE-2002-0039
ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P
SGI:20020306-01-P
CVE-2002-0040
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.
2002-06-25
2006-06-25
CVE-2002-0040
http://www.securityfocus.com/bid/4388
BID:4388
http://www.osvdb.org/2058
OSVDB:2058
ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P
SGI:20020306-01-P
http://www.iss.net/security_center/static/8669.php
XF:irix-hostaliases-gain-privileges(8669)
CVE-2002-0041
Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump.
2002-04-12
2005-07-06
CVE-2002-0041
http://www.securityfocus.com/bid/4499
BID:4499
http://www.ciac.org/ciac/bulletins/m-067.shtml
CIAC:M-067
ftp://patches.sgi.com/support/free/security/advisories/20020401-01-P
SGI:20020401-01-P
http://www.iss.net/security_center/static/8835.php
XF:irix-mail-core-dump(8835)
CVE-2002-0042
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.
2003-04-02
2002-06-11
CVE-2002-0042
http://www.securityfocus.com/bid/4511
BID:4511
ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P
SGI:20020402-01-P
http://www.iss.net/security_center/static/8839.php
XF:irix-xfs-dos(8839)
CVE-2002-0043
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
2002-06-25
2002-06-15
CVE-2002-0043
http://www.securityfocus.com/bid/3871
BID:3871
http://www.securityfocus.com/archive/1/250168
BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd)
http://marc.info/?l=bugtraq&m=101120193627756&w=2
BUGTRAQ:20020116 Sudo +Postfix Exploit
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
CONECTIVA:CLA-2002:451
http://www.debian.org/security/2002/dsa-101
DEBIAN:DSA-101
ENGARDE:ESA-20020114-001
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
FREEBSD:FreeBSD-SA-02:06
http://www.securityfocus.com/advisories/3800
IMMUNIX:IMNX-2002-70-001-01
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
MANDRAKE:MDKSA-2002:003
http://www.sudo.ws/sudo/alerts/postfix.html
MISC:http://www.sudo.ws/sudo/alerts/postfix.html
http://www.redhat.com/support/errata/RHSA-2002-011.html
REDHAT:RHSA-2002:011
http://www.redhat.com/support/errata/RHSA-2002-013.html
REDHAT:RHSA-2002:013
http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
SUSE:SuSE-SA:2002:002
https://exchange.xforce.ibmcloud.com/vulnerabilities/7891
XF:sudo-unclean-env-root(7891)
CVE-2002-0044
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
2002-06-25
2002-02-02
CVE-2002-0044
http://www.securityfocus.com/bid/3920
BID:3920
http://www.debian.org/security/2002/dsa-105
DEBIAN:DSA-105
http://www.securityfocus.com/advisories/3818
HP:HPSBTL0201-019
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3
MANDRAKE:MDKSA-2002:010
http://www.redhat.com/support/errata/RHSA-2002-012.html
REDHAT:RHSA-2002:012
https://exchange.xforce.ibmcloud.com/vulnerabilities/7932
XF:gnu-enscript-tmpfile-symlink(7932)
CVE-2002-0045
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
2002-06-25
2002-06-15
CVE-2002-0045
http://www.securityfocus.com/bid/3945
BID:3945
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt
CALDERA:CSSA-2002-001.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459
CONECTIVA:CLA-2002:459
http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020
HP:HPSBTL0201-020
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013
MANDRAKE:MDKSA-2002:013
http://www.osvdb.org/5395
OSVDB:5395
http://www.redhat.com/support/errata/RHSA-2002-014.html
REDHAT:RHSA-2002:014
https://exchange.xforce.ibmcloud.com/vulnerabilities/7978
XF:openldap-slapd-delete-attributes(7978)
CVE-2002-0046
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
2002-06-25
2002-06-15
CVE-2002-0046
http://www.securityfocus.com/archive/1/251418
BUGTRAQ:20020120 remote memory reading through tcp/icmp
http://www.osvdb.org/5394
OSVDB:5394
http://www.redhat.com/support/errata/RHSA-2002-007.html
REDHAT:RHSA-2002:007
https://exchange.xforce.ibmcloud.com/vulnerabilities/7998
XF:icmp-read-memory(7998)
CVE-2002-0047
CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.
2002-06-25
2002-02-02
CVE-2002-0047
http://www.debian.org/security/2002/dsa-104
DEBIAN:DSA-104
http://www.redhat.com/support/errata/RHSA-2002-007.html
REDHAT:RHSA-2002:007
https://exchange.xforce.ibmcloud.com/vulnerabilities/7883
XF:cipe-packet-handling-dos(7883)
CVE-2002-0048
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
2002-02-18
2016-10-17
CVE-2002-0048
http://www.securityfocus.com/bid/3958
BID:3958
http://marc.info/?l=bugtraq&m=101223603321315&w=2
BUGTRAQ:20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)
http://marc.info/?l=bugtraq&m=101223214906963&w=2
BUGTRAQ:20020128 TSLSA-2002-0025 - rsync
http://www.caldera.com/support/security/advisories/CSSA-2002-003.0.txt
CALDERA:CSSA-2002-003.0
http://www.kb.cert.org/vuls/id/800635
CERT-VN:VU#800635
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458
CONECTIVA:CLA-2002:458
http://www.debian.org/security/2002/dsa-106
DEBIAN:DSA-106
http://www.linuxsecurity.com/advisories/other_advisory-1853.html
ENGARDE:ESA-20020125-004
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc
FREEBSD:FreeBSD-SA-02:10
http://online.securityfocus.com/advisories/3839
HP:HPSBTL0201-022
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php
MANDRAKE:MDKSA-2002:009
http://www.redhat.com/support/errata/RHSA-2002-018.html
REDHAT:RHSA-2002:018
http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html
SUSE:SuSE-SA:2002:004
http://www.iss.net/security_center/static/7993.php
XF:linux-rsync-root-access(7993)
CVE-2002-0049
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
2002-06-25
2002-03-15
CVE-2002-0049
http://www.securityfocus.com/bid/4053
BID:4053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003
MS:MS02-003
http://www.osvdb.org/2042
OSVDB:2042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022
OVAL:oval:org.mitre.oval:def:1022
https://exchange.xforce.ibmcloud.com/vulnerabilities/8092
XF:exchange-attendant-incorrect-permissions(8092)
CVE-2002-0050
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
2002-06-25
2002-03-01
CVE-2002-0050
http://www.securityfocus.com/bid/4157
BID:4157
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-010
MS:MS02-010
CVE-2002-0051
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
2002-06-25
2002-06-15
CVE-2002-0051
http://www.securityfocus.com/bid/4438
BID:4438
http://online.securityfocus.com/archive/1/244329
BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-016
MS:MS02-016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A38
OVAL:oval:org.mitre.oval:def:38
CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
2002-06-25
2002-03-01
CVE-2002-0052
http://www.securityfocus.com/bid/4158
BID:4158
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009
MS:MS02-009
http://www.osvdb.org/763
OSVDB:763
http://securitytracker.com/id?1003630
SECTRACK:1003630
CVE-2002-0053
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
2002-02-18
2018-10-12
CVE-2002-0053
http://www.cert.org/advisories/CA-2002-03.html
CERT:CA-2002-03
http://www.kb.cert.org/vuls/id/107186
CERT-VN:VU#107186
http://www.kb.cert.org/vuls/id/854306
CERT-VN:VU#854306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012
MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013
MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006
MS:MS02-006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A209
OVAL:oval:org.mitre.oval:def:209
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A402
OVAL:oval:org.mitre.oval:def:402
CVE-2002-0054
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
2003-04-02
2003-03-18
CVE-2002-0054
http://www.securityfocus.com/bid/4205
BID:4205
http://marc.info/?l=bugtraq&m=101501580409373&w=2
BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011
MS:MS02-011
CVE-2002-0055
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
2002-06-25
2002-06-15
CVE-2002-0055
http://www.securityfocus.com/bid/4204
BID:4204
http://marc.info/?l=bugtraq&m=101558498401274&w=2
BUGTRAQ:20020306 Vulnerability Details for MS02-012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012
MS:MS02-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30
OVAL:oval:org.mitre.oval:def:30
http://www.iss.net/security_center/static/8307.php
XF:ms-smtp-data-transfer-dos(8307)
CVE-2002-0056
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
2002-02-21
2018-10-12
CVE-2002-0056
http://www.securityfocus.com/bid/4135
BID:4135
http://marc.info/?l=bugtraq&m=101422555428036&w=2
BUGTRAQ:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
http://www.kb.cert.org/vuls/id/619707
CERT-VN:VU#619707
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-007
MS:MS02-007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A271
OVAL:oval:org.mitre.oval:def:271
http://marc.info/?l=vuln-dev&m=101413924631329&w=2
VULN-DEV:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
2002-06-25
2002-06-15
CVE-2002-0057
http://www.securityfocus.com/bid/3699
BID:3699
http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
BUGTRAQ:20011214 MSIE6 can read local files
http://marc.info/?l=bugtraq&m=101366383408821&w=2
BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008
MS:MS02-008
http://www.osvdb.org/3032
OSVDB:3032
https://exchange.xforce.ibmcloud.com/vulnerabilities/7712
XF:ie-xmlhttp-redirect(7712)
CVE-2002-0058
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
2002-03-07
2018-10-12
CVE-2002-0058
http://marc.info/?l=bugtraq&m=101534535304228&w=2
BUGTRAQ:20020305 Java HTTP proxy vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013
MS:MS02-013
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216
SUN:00216
CVE-2002-0059
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
2002-06-25
2002-06-15
CVE-2002-0059
http://www.securityfocus.com/bid/4267
BID:4267
BUGTRAQ:20020311 security problem fixed in zlib 1.1.4
BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh
BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib)
BUGTRAQ:20020312 exploiting the zlib bug in openssh
BUGTRAQ:20020312 zlib & java
BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability
BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris
BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products
BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected
BUGTRAQ:20020314 about zlib vulnerability
BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability
BUGTRAQ:20020318 TSLSA-2002-0040 - zlib
BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions)
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
CALDERA:CSSA-2002-014.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
CALDERA:CSSA-2002-015.1
http://www.cert.org/advisories/CA-2002-07.html
CERT:CA-2002-07
http://www.kb.cert.org/vuls/id/368819
CERT-VN:VU#368819
CISCO:20020403 Vulnerability in the zlib Compression Library
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
CONECTIVA:CLA-2002:469
http://www.debian.org/security/2002/dsa-122
DEBIAN:DSA-122
ENGARDE:ESA-20020311-008
FREEBSD:FreeBSD-SA-02:18
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
HP:HPSBTL0204-030
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
HP:HPSBTL0204-036
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
HP:HPSBTL0204-037
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
MANDRAKE:MDKSA-2002:022
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
MANDRAKE:MDKSA-2002:023
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
MANDRAKE:MDKSA-2002:024
OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002
http://www.redhat.com/support/errata/RHSA-2002-026.html
REDHAT:RHSA-2002:026
http://www.redhat.com/support/errata/RHSA-2002-027.html
REDHAT:RHSA-2002:027
SUSE:SuSE-SA:2002:010
SUSE:SuSE-SA:2002:011
VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability
VULNWATCH:20020312 exploiting the zlib bug in openssh
https://exchange.xforce.ibmcloud.com/vulnerabilities/8427
XF:zlib-doublefree-memory-corruption(8427)
CVE-2002-0060
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
2002-06-25
2002-03-09
CVE-2002-0060
http://www.securityfocus.com/bid/4188
BID:4188
http://marc.info/?l=bugtraq&m=101483396412051&w=2
BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc
http://www.kb.cert.org/vuls/id/230307
CERT-VN:VU#230307
http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027
HP:HPSBUX0203-027
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041
MANDRAKE:MDKSA-2002:041
http://www.redhat.com/support/errata/RHSA-2002-028.html
REDHAT:RHSA-2002:028
http://marc.info/?l=vuln-dev&m=101486352429653&w=2
VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/8302
XF:linux-dcc-port-access(8302)
CVE-2002-0061
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
2003-04-02
2021-06-06
CVE-2002-0061
http://www.securityfocus.com/bid/4335
BID:4335
http://marc.info/?l=bugtraq&m=101674082427358&w=2
BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution
http://online.securityfocus.com/archive/1/263927
BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd)
http://www.apacheweek.com/issues/02-03-29#apache1324
CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.iss.net/security_center/static/8589.php
XF:apache-dos-batch-command-execution(8589)
CVE-2002-0062
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
2003-04-02
2003-03-18
CVE-2002-0062
http://www.securityfocus.com/bid/2116
BID:2116
http://www.debian.org/security/2002/dsa-113
DEBIAN:DSA-113
http://www.redhat.com/support/errata/RHSA-2002-020.html
REDHAT:RHSA-2002:020
http://www.iss.net/security_center/static/8222.php
XF:gnu-ncurses-window-bo(8222)
CVE-2002-0063
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
2002-06-25
2002-06-15
CVE-2002-0063
http://www.securityfocus.com/bid/4100
BID:4100
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-008.0.txt
CALDERA:CSSA-2002-008.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000471
CONECTIVA:CLA-2002:471
http://www.cups.org/relnotes.html
CONFIRM:http://www.cups.org/relnotes.html
http://www.debian.org/security/2002/dsa-110
DEBIAN:DSA-110
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php
MANDRAKE:MDKSA-2002:015
http://www.redhat.com/support/errata/RHSA-2002-032.html
REDHAT:RHSA-2002:032
http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html
SUSE:SuSE-SA:2002:005
SUSE:SuSE-SA:2002:006
https://exchange.xforce.ibmcloud.com/vulnerabilities/8192
XF:cups-ippread-bo(8192)
CVE-2002-0064
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
2002-06-25
2002-06-15
CVE-2002-0064
http://www.securityfocus.com/bid/4458
BID:4458
http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
http://www.iss.net/security_center/static/8791.php
XF:funk-proxy-insecure-permissions(8791)
CVE-2002-0065
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.
2002-06-25
2002-06-15
CVE-2002-0065
http://www.securityfocus.com/bid/4459
BID:4459
http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
http://www.iss.net/security_center/static/8792.php
XF:funk-proxy-weak-password(8792)
CVE-2002-0066
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
2002-06-25
2002-06-15
CVE-2002-0066
http://www.securityfocus.com/bid/4460
BID:4460
http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
http://www.iss.net/security_center/static/8793.php
XF:funk-proxy-named-pipe(8793)
CVE-2002-0067
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
2003-04-02
2002-08-16
CVE-2002-0067
http://www.securityfocus.com/bid/4150
BID:4150
http://marc.info/?l=bugtraq&m=101431040422095&w=2
BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
http://marc.info/?l=bugtraq&m=101443252627021&w=2
BUGTRAQ:20020222 TSLSA-2002-0031 - squid
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
CALDERA:CSSA-2002-SCO.7
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
CONECTIVA:CLA-2002:464
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
FREEBSD:FreeBSD-SA-02:12
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
MANDRAKE:MDKSA-2002:016
http://www.osvdb.org/5379
OSVDB:5379
http://www.redhat.com/support/errata/RHSA-2002-029.html
REDHAT:RHSA-2002:029
http://www.iss.net/security_center/static/8261.php
XF:squid-htcp-enabled(8261)
CVE-2002-0068
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
2003-04-02
2003-03-18
CVE-2002-0068
http://www.securityfocus.com/bid/4148
BID:4148
http://marc.info/?l=bugtraq&m=101431040422095&w=2
BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
http://marc.info/?l=bugtraq&m=101440163111826&w=2
BUGTRAQ:20020222 Squid buffer overflow
http://marc.info/?l=bugtraq&m=101443252627021&w=2
BUGTRAQ:20020222 TSLSA-2002-0031 - squid
http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
CALDERA:CSSA-2002-010.0
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
CALDERA:CSSA-2002-SCO.7
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
CONECTIVA:CLA-2002:464
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
FREEBSD:FreeBSD-SA-02:12
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
MANDRAKE:MDKSA-2002:016
http://www.osvdb.org/5378
OSVDB:5378
http://www.redhat.com/support/errata/RHSA-2002-029.html
REDHAT:RHSA-2002:029
http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
SUSE:SuSE-SA:2002:008
http://www.iss.net/security_center/static/8258.php
XF:squid-ftpbuildtitleurl-bo(8258)
CVE-2002-0069
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
2003-04-02
2002-08-16
CVE-2002-0069
http://www.securityfocus.com/bid/4146
BID:4146
http://marc.info/?l=bugtraq&m=101431040422095&w=2
BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
http://marc.info/?l=bugtraq&m=101443252627021&w=2
BUGTRAQ:20020222 TSLSA-2002-0031 - squid
http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
CALDERA:CSSA-2002-SCO.7
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
CONECTIVA:CLA-2002:464
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
FREEBSD:FreeBSD-SA-02:12
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
MANDRAKE:MDKSA-2002:016
http://www.redhat.com/support/errata/RHSA-2002-029.html
REDHAT:RHSA-2002:029
http://www.iss.net/security_center/static/8260.php
XF:squid-snmp-dos(8260)
CVE-2002-0070
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
2002-06-25
2002-06-15
CVE-2002-0070
http://www.securityfocus.com/bid/4248
BID:4248
http://marc.info/?l=bugtraq&m=101594127017290&w=2
BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014
MS:MS02-014
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404
NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147
OVAL:oval:org.mitre.oval:def:147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18
OVAL:oval:org.mitre.oval:def:18
VULNWATCH:20020311 ADVISORY: Windows Shell Overflow
http://www.iss.net/security_center/static/8384.php
XF:win-shell-bo(8384)
CVE-2002-0071
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
2003-04-02
2011-07-16
CVE-2002-0071
http://www.atstake.com/research/advisories/2002/a041002-1.txt
ATSTAKE:A041002-1
http://www.securityfocus.com/bid/4474
BID:4474
http://marc.info/?l=bugtraq&m=101854087828265&w=2
BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/363715
CERT-VN:VU#363715
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3325
OSVDB:3325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130
OVAL:oval:org.mitre.oval:def:130
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45
OVAL:oval:org.mitre.oval:def:45
VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
http://www.iss.net/security_center/static/8799.php
XF:iis-htr-isapi-bo(8799)
CVE-2002-0072
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
2003-04-02
2011-07-16
CVE-2002-0072
http://www.securityfocus.com/bid/4479
BID:4479
http://marc.info/?l=bugtraq&m=101853851025208&w=2
BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/521059
CERT-VN:VU#521059
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3326
OSVDB:3326
http://www.iss.net/security_center/static/8800.php
XF:iis-isapi-filter-error-dos(8800)
CVE-2002-0073
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
2003-04-02
2011-07-16
CVE-2002-0073
http://www.securityfocus.com/bid/4482
BID:4482
http://marc.info/?l=bugtraq&m=101901273810598&w=2
BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/412203
CERT-VN:VU#412203
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
http://www.digitaloffense.net/msftpd/advisory.txt
MISC:http://www.digitaloffense.net/msftpd/advisory.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3328
OSVDB:3328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24
OVAL:oval:org.mitre.oval:def:24
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35
OVAL:oval:org.mitre.oval:def:35
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
http://www.iss.net/security_center/static/8801.php
XF:iis-ftp-session-status-dos(8801)
CVE-2002-0074
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
2003-04-02
2011-07-16
CVE-2002-0074
http://www.securityfocus.com/bid/4483
BID:4483
http://seclists.org/bugtraq/2002/Apr/0126.html
BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/883091
CERT-VN:VU#883091
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
http://www.cgisecurity.com/advisory/9.txt
MISC:http://www.cgisecurity.com/advisory/9.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3338
OSVDB:3338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46
OVAL:oval:org.mitre.oval:def:46
http://www.iss.net/security_center/static/8802.php
XF:iis-help-file-css(8802)
CVE-2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
2003-04-02
2011-07-16
CVE-2002-0075
http://www.securityfocus.com/bid/4487
BID:4487
http://marc.info/?l=bugtraq&m=101854677802990&w=2
BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/520707
CERT-VN:VU#520707
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3341
OSVDB:3341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210
OVAL:oval:org.mitre.oval:def:210
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58
OVAL:oval:org.mitre.oval:def:58
http://www.iss.net/security_center/static/8804.php
XF:iis-redirected-url-error-css(8804)
CVE-2002-0076
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
2003-04-02
2003-03-19
CVE-2002-0076
http://www.securityfocus.com/bid/4313
BID:4313
COMPAQ:SSRT0822
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013
MS:MS02-013
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218
SUN:00218
http://www.iss.net/security_center/static/8480.php
XF:java-vm-verifier-variant(8480)
CVE-2002-0077
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
2002-03-30
2018-10-12
CVE-2002-0077
http://marc.info/?l=bugtraq&m=101103188711920&w=2
BUGTRAQ:20020113 Internet Explorer Pop-Up OBJECT Tag Bug
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015
MS:MS02-015
CVE-2002-0078
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
2002-06-25
2002-06-15
CVE-2002-0078
http://www.securityfocus.com/bid/4392
BID:4392
http://marc.info/?l=bugtraq&m=101781180528301&w=2
BUGTRAQ:20020330 IE: Remote webpage can script in local zone
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015
MS:MS02-015
http://www.osvdb.org/3029
OSVDB:3029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96
OVAL:oval:org.mitre.oval:def:96
http://www.iss.net/security_center/static/8701.php
XF:ie-cookie-local-zone(8701)
CVE-2002-0079
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
2003-04-02
2011-07-16
CVE-2002-0079
http://www.securityfocus.com/bid/4485
BID:4485
http://marc.info/?l=bugtraq&m=101846993304518&w=2
BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/610291
CERT-VN:VU#610291
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16
OVAL:oval:org.mitre.oval:def:16
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25
OVAL:oval:org.mitre.oval:def:25
http://www.iss.net/security_center/static/8795.php
XF:iis-asp-chunked-encoding-bo(8795)
CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
2002-06-25
2002-06-15
CVE-2002-0080
http://www.securityfocus.com/bid/4285
BID:4285
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
CALDERA:CSSA-2002-014.1
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
MANDRAKE:MDKSA-2002:024
http://www.redhat.com/support/errata/RHSA-2002-026.html
REDHAT:RHSA-2002:026
http://www.iss.net/security_center/static/8463.php
XF:linux-rsync-inherit-privileges(8463)
CVE-2002-0081
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
2002-06-25
2002-06-15
CVE-2002-0081
http://www.securityfocus.com/bid/4183
BID:4183
http://marc.info/?l=bugtraq&m=101484705523351&w=2
BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities
http://marc.info/?l=bugtraq&m=101497256024338&w=2
BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php
http://marc.info/?l=bugtraq&m=101537076619812&w=2
BUGTRAQ:20020304 Apache+php Proof of Concept Exploit
http://www.cert.org/advisories/CA-2002-05.html
CERT:CA-2002-05
http://www.kb.cert.org/vuls/id/297363
CERT-VN:VU#297363
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
CONECTIVA:CLA-2002:468
http://www.php.net/downloads.php
CONFIRM:http://www.php.net/downloads.php
http://www.debian.org/security/2002/dsa-115
DEBIAN:DSA-115
http://www.linuxsecurity.com/advisories/other_advisory-1924.html
ENGARDE:ESA-20020301-006
http://online.securityfocus.com/advisories/3911
HP:HPSBTL0203-028
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
MANDRAKE:MDKSA-2002:017
http://security.e-matters.de/advisories/012002.html
MISC:http://security.e-matters.de/advisories/012002.html
http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
NTBUGTRAQ:20020227 PHP remote vulnerabilities
http://www.redhat.com/support/errata/RHSA-2002-035.html
REDHAT:RHSA-2002:035
http://www.redhat.com/support/errata/RHSA-2002-040.html
REDHAT:RHSA-2002:040
http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
SUSE:SuSE-SA:2002:007
http://marc.info/?l=vuln-dev&m=101468694824998&w=2
VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits
http://www.iss.net/security_center/static/8281.php
XF:php-file-upload-overflow(8281)
CVE-2002-0082
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
2002-06-25
2019-07-09
CVE-2002-0082
http://www.securityfocus.com/bid/4189
BID:4189
http://online.securityfocus.com/archive/1/258646
BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available)
BUGTRAQ:20020228 TSLSA-2002-0034 - apache
http://marc.info/?l=bugtraq&m=101518491916936&w=2
BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available)
http://marc.info/?l=bugtraq&m=101528358424306&w=2
BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix
http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
CALDERA:CSSA-2002-011.0
http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
COMPAQ:SSRT0817
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
CONECTIVA:CLA-2002:465
http://www.apacheweek.com/issues/02-03-01#security
CONFIRM:http://www.apacheweek.com/issues/02-03-01#security
http://www.debian.org/security/2002/dsa-120
DEBIAN:DSA-120
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
ENGARDE:ESA-20020301-005
http://www.securityfocus.com/advisories/3965
HP:HPSBTL0203-031
http://www.securityfocus.com/advisories/4008
HP:HPSBUX0204-190
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
MANDRAKE:MDKSA-2002:020
http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
MISC:http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
http://www.redhat.com/support/errata/RHSA-2002-041.html
REDHAT:RHSA-2002:041
http://www.redhat.com/support/errata/RHSA-2002-042.html
REDHAT:RHSA-2002:042
http://www.redhat.com/support/errata/RHSA-2002-045.html
REDHAT:RHSA-2002:045
http://www.iss.net/security_center/static/8308.php
XF:apache-modssl-bo(8308)
CVE-2002-0083
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
2002-06-25
2002-06-15
CVE-2002-0083
http://www.securityfocus.com/bid/4241
BID:4241
http://marc.info/?l=bugtraq&m=101553908201861&w=2
BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc)
http://marc.info/?l=bugtraq&m=101552065005254&w=2
BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one
http://marc.info/?l=bugtraq&m=101561384821761&w=2
BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
http://marc.info/?l=bugtraq&m=101586991827622&w=2
BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
BUGTRAQ:20020311 TSLSA-2002-0039 - openssh
http://online.securityfocus.com/archive/1/264657
BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
CALDERA:CSSA-2002-012.0
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
CALDERA:CSSA-2002-SCO.10
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
CALDERA:CSSA-2002-SCO.11
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
CONECTIVA:CLA-2002:467
http://www.openbsd.org/advisories/ssh_channelalloc.txt
CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt
http://www.debian.org/security/2002/dsa-119
DEBIAN:DSA-119
http://www.linuxsecurity.com/advisories/other_advisory-1937.html
ENGARDE:ESA-20020307-007
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
FREEBSD:FreeBSD-SA-02:13
http://online.securityfocus.com/advisories/3960
HP:HPSBTL0203-029
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
MANDRAKE:MDKSA-2002:019
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
NETBSD:NetBSD-SA2002-004
http://www.osvdb.org/730
OSVDB:730
http://www.redhat.com/support/errata/RHSA-2002-043.html
REDHAT:RHSA-2002:043
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
SUSE:SuSE-SA:2002:009
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one
http://www.iss.net/security_center/static/8383.php
XF:openssh-channel-error(8383)
CVE-2002-0084
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
2002-03-07
2017-10-09
CVE-2002-0084
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html
BUGTRAQ:20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/161931
CERT-VN:VU#161931
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
http://www.esecurityonline.com/advisories/eSO4198.asp
MISC:http://www.esecurityonline.com/advisories/eSO4198.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43
OVAL:oval:org.mitre.oval:def:43
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97
OVAL:oval:org.mitre.oval:def:97
CVE-2002-0085
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
2002-03-07
2017-10-09
CVE-2002-0085
http://www.securityfocus.com/bid/4634
BID:4634
http://online.securityfocus.com/archive/1/270122
BUGTRAQ:20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
http://www.esecurityonline.com/advisories/eSO4197.asp
MISC:http://www.esecurityonline.com/advisories/eSO4197.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4329
OVAL:oval:org.mitre.oval:def:4329
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0047.html
VULNWATCH:20020429 eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd denial of service vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/8956
XF:solaris-cachefsd-rpc-dos(8956)
CVE-2002-0086
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.
2002-03-07
2017-07-10
CVE-2002-0086
http://www.securityfocus.com/bid/4317
BID:4317
http://www.securityfocus.com/bid/4319
BID:4319
http://www-1.ibm.com/support/docview.wss?uid=swg21095569
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21095569
http://www-1.ibm.com/support/docview.wss?uid=swg21100441
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21100441
http://www.esecurityonline.com/advisories/eSO4124.asp
MISC:http://www.esecurityonline.com/advisories/eSO4124.asp
http://www.esecurityonline.com/advisories/eSO4126.asp
MISC:http://www.esecurityonline.com/advisories/eSO4126.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/8583
XF:lotus-domino-notes-execdirectory-bo(8583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8585
XF:lotus-domino-path-bo(8585)
CVE-2002-0087
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
2002-03-07
2017-07-10
CVE-2002-0087
http://www.securityfocus.com/bid/4318
BID:4318
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671
http://www.esecurityonline.com/advisories/eSO4125.asp
MISC:http://www.esecurityonline.com/advisories/eSO4125.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/8586
XF:lotus-domino-tmpfile-symlink(8586)
CVE-2002-0088
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
2002-03-07
2017-10-09
CVE-2002-0088
http://www.esecurityonline.com/advisories/eSO4123.asp
MISC:http://www.esecurityonline.com/advisories/eSO4123.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A48
OVAL:oval:org.mitre.oval:def:48
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A60
OVAL:oval:org.mitre.oval:def:60
CVE-2002-0089
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
2002-03-07
2017-10-09
CVE-2002-0089
http://www.securityfocus.com/bid/4624
BID:4624
http://online.securityfocus.com/archive/1/270122
BUGTRAQ:20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
http://www.esecurityonline.com/advisories/eSO2397.asp
MISC:http://www.esecurityonline.com/advisories/eSO2397.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67
OVAL:oval:org.mitre.oval:def:67
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68
OVAL:oval:org.mitre.oval:def:68
http://www.iss.net/security_center/static/8954.php
XF:solaris-admintool-d-bo(8954)
http://www.iss.net/security_center/static/8955.php
XF:solaris-admintool-prodvers-bo(8955)
CVE-2002-0090
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
2004-09-01
2006-10-31
CVE-2002-0090
http://www.securityfocus.com/bid/4633
BID:4633
http://online.securityfocus.com/archive/1/270149
BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/188507
CERT-VN:VU#188507
http://www.esecurityonline.com/advisories/eSO3761.asp
MISC:http://www.esecurityonline.com/advisories/eSO3761.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A179
OVAL:oval:org.mitre.oval:def:179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A86
OVAL:oval:org.mitre.oval:def:86
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842
SUNALERT:44842
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html
VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
http://www.iss.net/security_center/static/8958.php
XF:solaris-lbxproxy-display-bo(8958)
CVE-2002-0091
Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.
2002-03-07
2005-07-06
CVE-2002-0091
http://www.securityfocus.com/bid/4625
BID:4625
http://archives.neohapsis.com/archives/bugtraq/2002-04/0400.html
BUGTRAQ:20020429 eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
http://www.esecurityonline.com/advisories/eSO2408.asp
MISC:http://www.esecurityonline.com/advisories/eSO2408.asp
http://www.iss.net/security_center/static/8953.php
XF:shadow-cgi-execute-commands(8953)
CVE-2002-0092
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
2002-06-25
2002-06-15
CVE-2002-0092
http://www.securityfocus.com/bid/4234
BID:4234
http://www.debian.org/security/2002/dsa-117
DEBIAN:DSA-117
http://www.redhat.com/support/errata/RHSA-2002-026.html
REDHAT:RHSA-2002:026
http://marc.info/?l=vuln-dev&m=101422243817321&w=2
VULN-DEV:20020220 Help needed with bufferoverflow in cvs
http://marc.info/?l=vuln-dev&m=101433077724524&w=2
VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]
http://www.iss.net/security_center/static/8366.php
XF:cvs-global-var-dos(8366)
CVE-2002-0093
Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423.
2002-08-20
2005-03-24
CVE-2002-0093
http://www.securityfocus.com/bid/5241
BID:5241
http://www.kb.cert.org/vuls/id/771155
CERT-VN:VU#771155
http://archives.neohapsis.com/archives/compaq/2002-q3/0010.html
HP:SSRT0794U
http://archives.neohapsis.com/archives/compaq/2002-q3/0010.html
HP:SSRT2275
http://www.iss.net/security_center/static/9613.php
XF:tru64-ipcs-bo(9613)
CVE-2002-0094
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
2003-04-02
2002-03-22
CVE-2002-0094
http://www.securityfocus.com/bid/3776
BID:3776
http://www.securityfocus.com/archive/1/248000
BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
http://bscw.gmd.de/WhatsNew.html
MISC:http://bscw.gmd.de/WhatsNew.html
http://www.iss.net/security_center/static/7774.php
XF:bscw-remote-shell-execution(7774)
CVE-2002-0095
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
2003-04-02
2002-03-22
CVE-2002-0095
http://www.securityfocus.com/bid/3777
BID:3777
http://www.securityfocus.com/archive/1/248000
BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
http://www.iss.net/security_center/static/7775.php
XF:bscw-default-installation-registration(7775)
CVE-2002-0096
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
2002-06-25
2002-03-22
CVE-2002-0096
http://www.securityfocus.com/bid/3783
BID:3783
http://www.securityfocus.com/archive/1/248367
BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3
http://geeklog.sourceforge.net/index.php?topic=Security
CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
http://www.iss.net/security_center/static/7780.php
XF:geeklog-default-admin-privileges(7780)
CVE-2002-0097
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
2002-06-25
2002-03-22
CVE-2002-0097
http://www.securityfocus.com/bid/3844
BID:3844
http://online.securityfocus.com/archive/1/249443
BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3
http://geeklog.sourceforge.net/index.php?topic=Security
CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
http://www.iss.net/security_center/static/7869.php
XF:geeklog-modify-auth-cookie(7869)
CVE-2002-0098
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
2002-06-25
2002-03-22
CVE-2002-0098
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787
BID:3787
http://marc.info/?l=bugtraq&m=101027773404836&w=2
BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow
http://online.securityfocus.com/archive/1/249219
BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released
http://www.boozt.com/news_detail.php?id=3
CONFIRM:http://www.boozt.com/news_detail.php?id=3
http://www.iss.net/security_center/static/7790.php
XF:boozt-long-name-bo(7790)
CVE-2002-0099
Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters.
2002-03-15
2016-10-17
CVE-2002-0099
http://www.securityfocus.com/bid/3788
BID:3788
http://marc.info/?l=bugtraq&m=101027722904078&w=2
BUGTRAQ:20020105 Savant Webserver Buffer Overflow Vulnerability
http://marc.info/?l=ntbugtraq&m=101062823305479&w=2
NTBUGTRAQ:20020109 Savant Webserver Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/7786.php
XF:savant-long-parameter-bo(7786)
CVE-2002-0100
AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.
2002-03-15
2016-10-17
CVE-2002-0100
http://www.securityfocus.com/bid/3791
BID:3791
http://marc.info/?l=bugtraq&m=101038936305397&w=2
BUGTRAQ:20020106 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
http://marc.info/?l=ntbugtraq&m=101062823205474&w=2
NTBUGTRAQ:20020109 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0005.html
VULNWATCH:20020106 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
http://www.iss.net/security_center/static/7825.php
XF:aolserver-protected-file-access(7825)
CVE-2002-0101
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
2002-03-15
2016-10-17
CVE-2002-0101
http://www.securityfocus.com/bid/3789
BID:3789
http://marc.info/?l=bugtraq&m=101039104608083&w=2
BUGTRAQ:20020106 Internet Explorer Javascript Modeless Popup Local Denial of Service
http://www.iss.net/security_center/static/7826.php
XF:ie-modeless-dialog-dos(7826)
CVE-2002-0102
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
2002-03-15
2017-12-18
CVE-2002-0102
http://www.securityfocus.com/bid/3760
BID:3760
http://www.securityfocus.com/bid/3762
BID:3762
http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7765
XF:oracle-appserver-null-dos(7765)
CVE-2002-0103
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
2002-03-15
2016-10-17
CVE-2002-0103
http://www.securityfocus.com/bid/3761
BID:3761
http://www.securityfocus.com/bid/3764
BID:3764
http://marc.info/?l=bugtraq&m=101041510727937&w=2
BUGTRAQ:20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache
http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
http://www.iss.net/security_center/static/7768.php
XF:oracle-appserver-webcache-password(7768)
http://www.iss.net/security_center/static/7766.php
XF:oracle-appserver-webcached-privileges(7766)
CVE-2002-0104
AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump.
2002-03-15
2016-10-17
CVE-2002-0104
http://www.securityfocus.com/bid/3806
BID:3806
http://marc.info/?l=bugtraq&m=101041333323486&w=2
BUGTRAQ:20020107 Aftpd core dump vulnerability
http://www.iss.net/security_center/static/7832.php
XF:aftpd-crash-core-dump(7832)
CVE-2002-0105
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
2002-03-15
2016-10-17
CVE-2002-0105
http://www.securityfocus.com/bid/3818
BID:3818
http://marc.info/?l=bugtraq&m=101060400802428&w=2
BUGTRAQ:20020108 CDE bug in Unixware 7.1
http://www.iss.net/security_center/static/7864.php
XF:unixware-dtlogin-log-symlink(7864)
CVE-2002-0106
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
2002-03-15
2016-10-17
CVE-2002-0106
http://www.securityfocus.com/bid/3816
BID:3816
http://marc.info/?l=bugtraq&m=101050440629269&w=2
BUGTRAQ:20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service
http://www.iss.net/security_center/static/7808.php
XF:weblogic-dos-jsp-dos(7808)
CVE-2002-0107
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
2002-06-25
2002-03-22
CVE-2002-0107
http://www.securityfocus.com/bid/3841
BID:3841
http://marc.info/?l=bugtraq&m=101052887431488&w=2
BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS
http://online.securityfocus.com/archive/1/254167
BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS
http://www.iss.net/security_center/static/7835.php
XF:cachos-insecure-web-interface(7835)
CVE-2002-0108
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
2002-03-15
2005-03-12
CVE-2002-0108
http://www.securityfocus.com/bid/3827
BID:3827
http://online.securityfocus.com/archive/1/249026
BUGTRAQ:20020108 Allaire Forums Vulnerability
http://www.kb.cert.org/vuls/id/575619
CERT-VN:VU#575619
http://www.iss.net/security_center/static/7841.php
XF:allaire-forums-message-spoofing(7841)
CVE-2002-0109
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.
2002-03-15
2016-10-17
CVE-2002-0109
http://www.securityfocus.com/bid/3795
BID:3795
http://www.securityfocus.com/bid/3797
BID:3797
http://marc.info/?l=bugtraq&m=101039288111680&w=2
BUGTRAQ:20020106 Linksys 'routers', SNMP issues
http://www.iss.net/security_center/static/7827.php
XF:linksys-etherfast-default-snmp(7827)
CVE-2002-0110
Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.
2002-03-15
2016-10-17
CVE-2002-0110
http://www.securityfocus.com/bid/3843
BID:3843
http://marc.info/?l=bugtraq&m=101063476715154&w=2
BUGTRAQ:20020109 MiraMail 1.04 can give POP account access and details
http://www.kb.cert.org/vuls/id/245707
CERT-VN:VU#245707
http://www.iss.net/security_center/static/7855.php
XF:miramail-plaintext-auth-info(7855)
CVE-2002-0111
Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.
2002-06-25
2002-03-22
CVE-2002-0111
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861
BID:3861
http://marc.info/?l=bugtraq&m=101062213627501&w=2
BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer
http://www.iss.net/security_center/static/7853.php
XF:dinos-webserver-directory-traversal(7853)
CVE-2002-0112
Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.
2002-03-15
2016-10-17
CVE-2002-0112
http://www.securityfocus.com/bid/3838
BID:3838
http://marc.info/?l=bugtraq&m=101062172226812&w=2
BUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
http://online.securityfocus.com/archive/1/249734
BUGTRAQ:20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)
http://marc.info/?l=ntbugtraq&m=101062823505486&w=2
NTBUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html
VULNWATCH:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
http://www.iss.net/security_center/static/7849.php
XF:eserv-protected-file-access(7849)
CVE-2002-0113
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
2002-03-15
2002-03-22
CVE-2002-0113
http://www.securityfocus.com/bid/3840
BID:3840
http://online.securityfocus.com/archive/1/249420
BUGTRAQ:20020110 Legato Vulnerable
http://www.iss.net/security_center/static/7897.php
XF:legato-nsrd-log-permissions(7897)
CVE-2002-0114
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
2002-03-15
2002-03-22
CVE-2002-0114
http://www.securityfocus.com/bid/3842
BID:3842
http://online.securityfocus.com/archive/1/249420
BUGTRAQ:20020110 Legato Vulnerable
http://www.iss.net/security_center/static/7898.php
XF:legato-nsrd-log-plaintext(7898)
CVE-2002-0115
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
2002-06-25
2002-03-22
CVE-2002-0115
http://www.securityfocus.com/bid/3849
BID:3849
http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1
BUGTRAQ:20020110 Re: Snort core dumped
http://online.securityfocus.com/archive/1/249340
BUGTRAQ:20020110 Snort core dumped
http://www.osvdb.org/2022
OSVDB:2022
http://www.iss.net/security_center/static/7874.php
XF:snort-icmp-dos(7874)
CVE-2002-0116
Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap.
2002-03-15
2016-10-17
CVE-2002-0116
http://www.securityfocus.com/bid/3847
BID:3847
http://marc.info/?l=bugtraq&m=101069677929208&w=2
BUGTRAQ:20020110 Handspring Visor D.O.S
http://marc.info/?l=bugtraq&m=101070523119956&w=2
BUGTRAQ:20020110 Re: Handspring Visor D.O.S
http://www.iss.net/security_center/static/7865.php
XF:palmos-nmap-dos(7865)
CVE-2002-0117
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
2002-06-25
2002-06-15
CVE-2002-0117
http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
BID:3828
http://online.securityfocus.com/archive/1/249031
BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
http://www.yabbforum.com/
CONFIRM:http://www.yabbforum.com/
http://www.osvdb.org/2019
OSVDB:2019
http://www.iss.net/security_center/static/7840.php
XF:yabb-encoded-css(7840)
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
2002-03-15
2002-03-22
CVE-2002-0118
http://www.securityfocus.com/bid/3829
BID:3829
http://online.securityfocus.com/archive/1/249031
BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
http://www.iss.net/security_center/static/7838.php
XF:ultimatebb-encoded-css(7838)
CVE-2002-0119
Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.
2002-03-15
2002-03-22
CVE-2002-0119
http://www.securityfocus.com/bid/3851
BID:3851
http://online.securityfocus.com/archive/1/249746
BUGTRAQ:20020111 Bug in alcatel speed touch home adsl modem
http://www.iss.net/security_center/static/7893.php
XF:alcatel-speedtouch-nmap-dos(7893)
CVE-2002-0120
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.
2003-04-02
2002-03-22
CVE-2002-0120
http://www.securityfocus.com/bid/3863
BID:3863
http://online.securityfocus.com/archive/1/250093
BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X
http://www.iss.net/security_center/static/7937.php
XF:palm-macos-backup-permissions(7937)
CVE-2002-0121
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
2002-06-25
2002-03-22
CVE-2002-0121
http://www.securityfocus.com/bid/3873
BID:3873
http://online.securityfocus.com/archive/1/250196
BUGTRAQ:20020113 PHP 4.x session spoofing
http://www.iss.net/security_center/static/7908.php
XF:php-session-temp-disclosure(7908)
CVE-2002-0122
Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.
2002-03-15
2002-03-22
CVE-2002-0122
http://www.securityfocus.com/bid/3870
BID:3870
http://online.securityfocus.com/archive/1/250115
BUGTRAQ:20020114 Siemens Mobie SMS Exceptional Character Vulnerability
http://www.iss.net/security_center/static/7902.php
XF:siemens-invalid-sms-dos(7902)
CVE-2002-0123
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
2003-04-02
2002-03-22
CVE-2002-0123
http://www.securityfocus.com/bid/3874
BID:3874
http://online.securityfocus.com/archive/1/250242
BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
http://www.iss.net/security_center/static/7879.php
XF:ws4d-long-url-dos(7879)
CVE-2002-0124
MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request.
2002-03-15
2002-03-22
CVE-2002-0124
http://www.securityfocus.com/bid/3872
BID:3872
http://online.securityfocus.com/archive/1/250231
BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability
http://www.iss.net/security_center/static/7878.php
XF:ws4d-dot-directory-traversal(7878)
CVE-2002-0125
Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable.
2002-03-15
2002-03-22
CVE-2002-0125
http://www.securityfocus.com/bid/3877
BID:3877
http://online.securityfocus.com/archive/1/250414
BUGTRAQ:20020114 Clanlib overflow / Super Methane Brothers overflow
http://www.iss.net/security_center/static/7905.php
XF:clanlib-long-env-bo(7905)
CVE-2002-0126
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD.
2002-03-15
2002-03-22
CVE-2002-0126
http://www.securityfocus.com/bid/3884
BID:3884
http://online.securityfocus.com/archive/1/250543
BUGTRAQ:20020115 BlackMoon FTPd Buffer Overflow Vulnerability
http://members.rogers.com/blackmoon2k/pages/news_page.html
MISC:http://members.rogers.com/blackmoon2k/pages/news_page.html
http://www.iss.net/security_center/static/7895.php
XF:blackmoon-ftpd-static-bo(7895)
CVE-2002-0127
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.
2002-03-15
2002-03-22
CVE-2002-0127
http://www.securityfocus.com/bid/3876
BID:3876
http://online.securityfocus.com/archive/1/250405
BUGTRAQ:20020115 Vulnerability Netgear RP-114 Router - nmap causes DOS
CVE-2002-0128
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
2002-06-25
2002-03-22
CVE-2002-0128
http://www.securityfocus.com/bid/3885
BID:3885
http://www.securityfocus.com/archive/1/250545
BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability
http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.iss.net/security_center/static/7894.php
XF:sambar-cgitest-dos(7894)
CVE-2002-0129
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message.
2002-03-15
2016-10-17
CVE-2002-0129
http://www.securityfocus.com/bid/3895
BID:3895
http://seclists.org/bugtraq/2002/Jan/0212.html
BUGTRAQ:20020116 Re: efax
http://marc.info/?l=vuln-dev&m=101114350330912&w=2
VULN-DEV:20020116 efax
http://www.iss.net/security_center/static/7921.php
XF:efax-d-read-files(7921)
CVE-2002-0130
Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument.
2002-03-15
2016-10-17
CVE-2002-0130
http://www.securityfocus.com/bid/3894
BID:3894
http://seclists.org/bugtraq/2002/Jan/0212.html
BUGTRAQ:20020116 Re: efax
http://marc.info/?l=vuln-dev&m=101133782204289&w=2
VULN-DEV:20020117 Re: efax - Exploitation info
http://www.iss.net/security_center/static/7920.php
XF:efax-x-bo(7920)
CVE-2002-0131
ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.
2002-03-15
2016-10-17
CVE-2002-0131
http://www.securityfocus.com/bid/3893
BID:3893
http://marc.info/?t=101113015900001&r=1&w=2
BUGTRAQ:20020115 Serious privacy leak in Python for Windows
http://www.securityfocus.com/archive/1/250814
BUGTRAQ:20020116 Re: Serious privacy leak in Python for Windows
http://www.iss.net/security_center/static/7910.php
XF:activepython-activex-read-files(7910)
CVE-2002-0132
Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable.
2002-03-15
2002-03-22
CVE-2002-0132
http://www.securityfocus.com/bid/3896
BID:3896
http://online.securityfocus.com/archive/1/250815
BUGTRAQ:20020116 Chinput Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/7911.php
XF:chinput-long-env-bo(7911)
CVE-2002-0133
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
2002-03-15
2016-10-17
CVE-2002-0133
http://www.securityfocus.com/bid/3904
BID:3904
http://www.securityfocus.com/bid/3905
BID:3905
http://online.securityfocus.com/archive/1/251055
BUGTRAQ:20020117 Avirt Proxy Buffer Overflow Vulnerabilities
http://marc.info/?l=bugtraq&m=101164598828092&w=2
BUGTRAQ:20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)
http://marc.info/?l=bugtraq&m=101366658112809&w=2
BUGTRAQ:20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept
http://marc.info/?l=bugtraq&m=101424723728817&w=2
BUGTRAQ:20020220 Avirt 4.2 question
http://www.iss.net/security_center/static/7916.php
XF:avirt-http-proxy-bo(7916)
http://www.iss.net/security_center/static/7918.php
XF:avirt-telnet-proxy-bo(7918)
CVE-2002-0134
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
2002-03-15
2016-10-17
CVE-2002-0134
http://www.securityfocus.com/bid/3901
BID:3901
http://marc.info/?l=bugtraq&m=101131669102843&w=2
BUGTRAQ:20020117 Avirt Gateway Suite Remote SYSTEM Level Compromise
http://marc.info/?l=bugtraq&m=101424723728817&w=2
BUGTRAQ:20020220 Avirt 4.2 question
http://www.iss.net/security_center/static/7915.php
XF:avirt-gateway-telnet-access(7915)
CVE-2002-0135
Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420).
2002-03-15
2002-03-22
CVE-2002-0135
http://www.securityfocus.com/bid/3918
BID:3918
http://online.securityfocus.com/archive/1/251582
BUGTRAQ:20020118 Timbuktu 6.0.1 and Older DoS Advisory
http://www.iss.net/security_center/static/7935.php
XF:timbuktu-multiple-conn-dos(7935)
CVE-2002-0136
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
2002-03-15
2017-07-10
CVE-2002-0136
http://www.securityfocus.com/bid/3892
BID:3892
http://online.securityfocus.com/archive/1/250592
BUGTRAQ:20020115 IE FORM DOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/7938
XF:ie-html-form-dos(7938)
CVE-2002-0137
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
2002-03-15
2016-10-17
CVE-2002-0137
http://www.securityfocus.com/bid/3865
BID:3865
http://marc.info/?l=bugtraq&m=101102759631000&w=2
BUGTRAQ:20020112 cdrdao insecure filehandling
CVE-2002-0138
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command.
2002-03-15
2016-10-17
CVE-2002-0138
http://marc.info/?l=bugtraq&m=101102759631000&w=2
BUGTRAQ:20020112 cdrdao insecure filehandling
http://marc.info/?l=bugtraq&m=101111688819855&w=2
BUGTRAQ:20020115 Re: cdrdao insecure filehandling
CVE-2002-0139
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
2002-06-25
2002-03-22
CVE-2002-0139
http://www.securityfocus.com/bid/3910
BID:3910
http://online.securityfocus.com/archive/1/251422
BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1
http://www.pi-soft.com/spoonftp/index.shtml
CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
http://www.iss.net/security_center/static/7943.php
XF:spoonftp-ftp-bounce(7943)
CVE-2002-0140
Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions.
2002-03-15
2005-07-06
CVE-2002-0140
http://www.securityfocus.com/bid/3928
BID:3928
http://online.securityfocus.com/archive/1/251619
BUGTRAQ:20020120 dnrd 2.10 dos
http://www.iss.net/security_center/static/7957.php
XF:dnrd-dns-dos(7957)
CVE-2002-0141
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
2002-03-15
2002-03-22
CVE-2002-0141
http://www.securityfocus.com/bid/3911
BID:3911
http://online.securityfocus.com/archive/1/251419
BUGTRAQ:20020120 Maelstrom 1.4.3 abartity file overwrite
http://www.iss.net/security_center/static/7939.php
XF:maelstrom-tmp-symlink(7939)
CVE-2002-0142
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters.
2002-03-15
2016-10-17
CVE-2002-0142
http://www.securityfocus.com/bid/3866
BID:3866
http://online.securityfocus.com/archive/1/250126
BUGTRAQ:20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
http://marc.info/?l=bugtraq&m=101164598828093&w=2
BUGTRAQ:20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753
http://marc.info/?l=ntbugtraq&m=101102275316307&w=2
NTBUGTRAQ:20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/7880.php
XF:pi3web-long-parameter-bo(7880)
CVE-2002-0143
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
2002-06-25
2002-03-22
CVE-2002-0143
http://www.securityfocus.com/bid/3868
BID:3868
http://online.securityfocus.com/archive/1/250145
BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local)
http://online.securityfocus.com/archive/1/251597
BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local)
http://www.iss.net/security_center/static/7896.php
XF:eterm-home-bo(7896)
CVE-2002-0144
Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack.
2002-03-15
2002-03-22
CVE-2002-0144
http://www.securityfocus.com/bid/3937
BID:3937
http://online.securityfocus.com/archive/1/251763
BUGTRAQ:20020121 security vulnerability in chuid
http://www.iss.net/security_center/static/7976.php
XF:chuid-unauthorized-ownership-change(7976)
CVE-2002-0145
chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root.
2002-03-15
2017-07-10
CVE-2002-0145
http://www.securityfocus.com/bid/3938
BID:3938
http://online.securityfocus.com/archive/1/251763
BUGTRAQ:20020121 security vulnerability in chuid
https://exchange.xforce.ibmcloud.com/vulnerabilities/7976
XF:chuid-unauthorized-ownership-change(7976)
CVE-2002-0146
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
2003-04-02
2002-08-16
CVE-2002-0146
http://www.securityfocus.com/bid/4788
BID:4788
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
CALDERA:CSSA-2002-027.0
http://online.securityfocus.com/advisories/4145
HP:HPSBTL0205-042
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
MANDRAKE:MDKSA-2002:036
http://www.redhat.com/support/errata/RHSA-2002-047.html
REDHAT:RHSA-2002:047
http://www.iss.net/security_center/static/9133.php
XF:fetchmail-imap-msgnum-bo(9133)
CVE-2002-0147
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
2003-04-02
2011-07-16
CVE-2002-0147
http://www.securityfocus.com/bid/4490
BID:4490
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/669779
CERT-VN:VU#669779
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3301
OSVDB:3301
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22
OVAL:oval:org.mitre.oval:def:22
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A72
OVAL:oval:org.mitre.oval:def:72
http://www.iss.net/security_center/static/8796.php
XF:iis-asp-data-transfer-bo(8796)
CVE-2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
2003-04-02
2011-07-16
CVE-2002-0148
http://www.securityfocus.com/bid/4486
BID:4486
BUGTRAQ:20020410 IIS allows universal CrossSiteScripting
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/886699
CERT-VN:VU#886699
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3339
OSVDB:3339
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81
OVAL:oval:org.mitre.oval:def:81
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92
OVAL:oval:org.mitre.oval:def:92
http://www.iss.net/security_center/static/8803.php
XF:iis-http-error-page-css(8803)
CVE-2002-0149
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
2003-04-02
2011-07-16
CVE-2002-0149
http://www.securityfocus.com/bid/4478
BID:4478
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/721963
CERT-VN:VU#721963
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3320
OSVDB:3320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132
OVAL:oval:org.mitre.oval:def:132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95
OVAL:oval:org.mitre.oval:def:95
http://www.iss.net/security_center/static/8798.php
XF:iis-ssi-safety-check-bo(8798)
CVE-2002-0150
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
2003-04-02
2011-07-16
CVE-2002-0150
http://www.securityfocus.com/bid/4476
BID:4476
http://www.cert.org/advisories/CA-2002-09.html
CERT:CA-2002-09
http://www.kb.cert.org/vuls/id/454091
CERT-VN:VU#454091
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
MS:MS02-018
http://www.osvdb.org/3316
OSVDB:3316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137
OVAL:oval:org.mitre.oval:def:137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39
OVAL:oval:org.mitre.oval:def:39
http://www.iss.net/security_center/static/8797.php
XF:iis-asp-http-header-bo(8797)
CVE-2002-0151
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
2002-06-25
2002-06-15
CVE-2002-0151
http://www.securityfocus.com/bid/4426
BID:4426
http://marc.info/?l=bugtraq&m=101793727306282&w=2
BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-017
MS:MS02-017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A145
OVAL:oval:org.mitre.oval:def:145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A89
OVAL:oval:org.mitre.oval:def:89
VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
http://www.iss.net/security_center/static/8752.php
XF:win-mup-bo(8752)
CVE-2002-0152
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
2002-06-25
2002-06-15
CVE-2002-0152
http://www.securityfocus.com/bid/4517
BID:4517
http://marc.info/?l=bugtraq&m=101897994314015&w=2
BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019
MS:MS02-019
http://www.osvdb.org/5357
OSVDB:5357
http://www.iss.net/security_center/static/8850.php
XF:ms-mac-html-file-bo(8850)
CVE-2002-0153
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
2002-06-25
2002-06-15
CVE-2002-0153
http://www.securityfocus.com/bid/3935
BID:3935
http://www.securityfocus.com/archive/1/251805
BUGTRAQ:20020122 Macinosh IE file execuion
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019
MS:MS02-019
http://www.osvdb.org/5356
OSVDB:5356
http://www.iss.net/security_center/static/8851.php
XF:ie-mac-applescript-execution(8851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7969
XF:ie-macos-file-execution(7969)
CVE-2002-0154
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
2002-04-27
2018-10-12
CVE-2002-0154
http://marc.info/?l=bugtraq&m=101535353331625&w=2
BUGTRAQ:20020305 Another Sql Server 7 Buffer Overflow
http://www.securityfocus.com/archive/1/261775
BUGTRAQ:20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows
http://www.cert.org/advisories/CA-2002-22.html
CERT:CA-2002-22
http://www.kb.cert.org/vuls/id/627275
CERT-VN:VU#627275
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-020
MS:MS02-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A121
OVAL:oval:org.mitre.oval:def:121
CVE-2002-0155
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
2003-04-02
2003-03-19
CVE-2002-0155
http://www.securityfocus.com/bid/4707
BID:4707
http://marc.info/?l=bugtraq&m=102089960531919&w=2
BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow
http://www.cert.org/advisories/CA-2002-13.html
CERT:CA-2002-13
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022
MS:MS02-022
VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow
http://www.iss.net/security_center/static/9041.php
XF:msn-chatcontrol-resdll-bo(9041)
CVE-2002-0157
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
2003-04-02
2002-05-09
CVE-2002-0157
http://www.securityfocus.com/bid/4373
BID:4373
http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0
BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability
http://www.redhat.com/support/errata/RHSA-2002-064.html
REDHAT:RHSA-2002:064
http://www.iss.net/security_center/static/8995.php
XF:nautilus-metafile-xml-symlink(8995)
CVE-2002-0158
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
2004-09-01
2006-10-31
CVE-2002-0158
http://www.securityfocus.com/bid/4408
BID:4408
http://marc.info/?l=bugtraq&m=101776858410652&w=2
BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14
OVAL:oval:org.mitre.oval:def:14
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A33
OVAL:oval:org.mitre.oval:def:33
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/8703
XF:solaris-xsun-co-bo(8703)
CVE-2002-0159
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
2002-06-25
2002-06-15
CVE-2002-0159
http://www.securityfocus.com/bid/4416
BID:4416
http://marc.info/?l=bugtraq&m=101787248913611&w=2
BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
http://www.osvdb.org/2062
OSVDB:2062
http://www.iss.net/security_center/static/8742.php
XF:ciscosecure-acs-format-string(8742)
CVE-2002-0160
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
2002-06-25
2002-05-03
CVE-2002-0160
http://marc.info/?l=bugtraq&m=101786689128667&w=2
BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
http://www.osvdb.org/5352
OSVDB:5352
CVE-2002-0161
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0161
CVE-2002-0162
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
2002-03-30
2016-10-17
CVE-2002-0162
http://www.securityfocus.com/bid/4374
BID:4374
http://marc.info/?l=bugtraq&m=101724766216872
BUGTRAQ:20020327 Root compromise through LogWatch 2.1.1
http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html
CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html
REDHAT:RHSA-2002:053
REDHAT:RHSA-2002:054
http://online.securityfocus.com/archive/82/264233
VULN-DEV:20020327 Root compromise through LogWatch 2.1.1
http://www.iss.net/security_center/static/8652.php
XF:logwatch-tmp-race-condition(8652)
CVE-2002-0163
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
2003-04-02
2003-03-19
CVE-2002-0163
http://www.securityfocus.com/bid/4363
BID:4363
http://marc.info/?l=bugtraq&m=101716495023226&w=2
BUGTRAQ:20020326 updated squid advisory
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt
CALDERA:CSSA-2002-017.1
CALDERA:CSSA-2002-SCO.26
http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc
FREEBSD:FreeBSD-SA-02:19
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php
MANDRAKE:MDKSA-2002:027
http://rhn.redhat.com/errata/RHSA-2002-051.html
REDHAT:RHSA-2002:051
http://www.iss.net/security_center/static/8628.php
XF:squid-dns-reply-dos(8628)
CVE-2002-0164
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
2002-04-05
2017-07-10
CVE-2002-0164
http://www.securityfocus.com/bid/4396
BID:4396
http://marc.info/?l=bugtraq&m=103547625009363&w=2
BUGTRAQ:20021024 GLSA: xfree
http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
CALDERA:CSSA-2002-009.0
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
CALDERA:CSSA-2002-SCO.14
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
CONECTIVA:CLSA-2002:529
http://www.debian.org/security/2003/dsa-380
DEBIAN:DSA-380
http://www.redhat.com/support/errata/RHSA-2003-067.html
REDHAT:RHSA-2003:067
ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P
SGI:20021001-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1
SUNALERT:1017429
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1
SUNALERT:228529
https://exchange.xforce.ibmcloud.com/vulnerabilities/8706
XF:xfree86-mitshm-memory-access(8706)
CVE-2002-0165
LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.
2002-04-05
2016-10-17
CVE-2002-0165
http://marc.info/?l=bugtraq&m=101787227513000&w=2
BUGTRAQ:20020403 LogWatch 2.5 still vulnerable
http://list.kaybee.org/archives/logwatch-announce/2002-March/000003.html
CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000003.html
REDHAT:RHSA-2002:053
REDHAT:RHSA-2002:054
http://www.iss.net/security_center/static/8652.php
XF:logwatch-tmp-race-condition(8652)
CVE-2002-0166
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
2002-06-25
2002-06-15
CVE-2002-0166
http://www.securityfocus.com/bid/4389
BID:4389
http://www.debian.org/security/2002/dsa-125
DEBIAN:DSA-125
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
FREEBSD:FreeBSD-SN-02:02
http://www.osvdb.org/2059
OSVDB:2059
http://www.redhat.com/support/errata/RHSA-2002-059.html
REDHAT:RHSA-2002:059
http://www.iss.net/security_center/static/8656.php
XF:analog-logfile-css(8656)
CVE-2002-0167
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.
2002-06-25
2002-06-15
CVE-2002-0167
http://www.securityfocus.com/bid/4339
BID:4339
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
CALDERA:CSSA-2002-019.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
CONECTIVA:CLA-2002:470
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
MANDRAKE:MDKSA-2002:029
http://www.redhat.com/support/errata/RHSA-2002-048.html
REDHAT:RHSA-2002:048
http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html
SUSE:SuSE-SA:2002:015
CVE-2002-0168
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
2002-06-25
2002-06-15
CVE-2002-0168
http://www.securityfocus.com/bid/4336
BID:4336
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
CALDERA:CSSA-2002-019.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
CONECTIVA:CLA-2002:470
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
MANDRAKE:MDKSA-2002:029
http://www.redhat.com/support/errata/RHSA-2002-048.html
REDHAT:RHSA-2002:048
http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html
SUSE:SuSE-SA:2002:015
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
2003-04-02
2002-08-16
CVE-2002-0169
http://www.securityfocus.com/bid/4654
BID:4654
http://online.securityfocus.com/advisories/4095
HP:HPSBTL0205-038
http://www.osvdb.org/5349
OSVDB:5349
http://www.redhat.com/support/errata/RHSA-2002-062.html
REDHAT:RHSA-2002:062
http://www.iss.net/security_center/static/8983.php
XF:linux-docbook-stylesheet-insecure(8983)
CVE-2002-0170
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
2003-04-02
2003-03-19
CVE-2002-0170
http://www.securityfocus.com/bid/4229
BID:4229
http://marc.info/?l=bugtraq&m=101503023511996&w=2
BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
http://www.zope.org/Products/Zope/hotfixes/
CONFIRM:http://www.zope.org/Products/Zope/hotfixes/
http://www.osvdb.org/5350
OSVDB:5350
http://www.redhat.com/support/errata/RHSA-2002-060.html
REDHAT:RHSA-2002:060
http://www.iss.net/security_center/static/8334.php
XF:zope-proxy-role-privileges(8334)
CVE-2002-0171
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
2003-04-02
2003-03-19
CVE-2002-0171
http://www.securityfocus.com/bid/4588
BID:4588
http://www.kb.cert.org/vuls/id/498707
CERT-VN:VU#498707
http://www.osvdb.org/5351
OSVDB:5351
ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P
SGI:20020406-01-P
http://www.iss.net/security_center/static/8933.php
XF:irix-irisconsole-icadmin-access(8933)
CVE-2002-0172
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
2003-04-02
2003-03-19
CVE-2002-0172
http://www.securityfocus.com/bid/4648
BID:4648
http://www.kb.cert.org/vuls/id/770891
CERT-VN:VU#770891
http://www.osvdb.org/4695
OSVDB:4695
ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I
SGI:20020408-01-I
http://www.iss.net/security_center/static/8960.php
XF:irix-ipfilter-dos(8960)
CVE-2002-0173
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
2003-04-02
2003-03-19
CVE-2002-0173
http://www.securityfocus.com/bid/4644
BID:4644
http://www.osvdb.org/5359
OSVDB:5359
ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I
SGI:20020409-01-I
http://www.iss.net/security_center/static/8959.php
XF:irix-cpr-bo(8959)
CVE-2002-0174
nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.
2003-04-02
2003-03-19
CVE-2002-0174
http://www.securityfocus.com/bid/4655
BID:4655
ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I
SGI:20020501-01-I
http://www.iss.net/security_center/static/8981.php
XF:irix-nsd-symlink(8981)
CVE-2002-0175
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.
2002-06-25
2002-06-15
CVE-2002-0175
http://www.securityfocus.com/bid/4326
BID:4326
http://online.securityfocus.com/archive/1/263121
BUGTRAQ:20020320 Bypassing libsafe format string protection
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
MANDRAKE:MDKSA-2002:026
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
http://www.iss.net/security_center/static/8593.php
XF:libsafe-flagchar-protection-bypass(8593)
CVE-2002-0176
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
2002-06-25
2002-06-15
CVE-2002-0176
http://www.securityfocus.com/bid/4327
BID:4327
http://online.securityfocus.com/archive/1/263121
BUGTRAQ:20020320 Bypassing libsafe format string protection
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
MANDRAKE:MDKSA-2002:026
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
http://www.iss.net/security_center/static/8594.php
XF:libsafe-argnum-protection-bypass(8594)
CVE-2002-0177
Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.
2002-04-18
2016-10-17
CVE-2002-0177
http://www.securityfocus.com/bid/4415
BID:4415
http://marc.info/?l=bugtraq&m=101780890326179&w=2
BUGTRAQ:20020402 icecast 1.3.11 remote shell/root exploit - #temp
http://marc.info/?l=bugtraq&m=101786838300906&w=2
BUGTRAQ:20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)
http://marc.info/?l=bugtraq&m=101793704306035&w=2
BUGTRAQ:20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11
http://www.kb.cert.org/vuls/id/596387
CERT-VN:VU#596387
http://www.xiph.org/archives/icecast/2616.html
CONFIRM:http://www.xiph.org/archives/icecast/2616.html
CVE-2002-0178
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
2003-04-02
2003-03-19
CVE-2002-0178
http://www.securityfocus.com/bid/4742
BID:4742
http://marc.info/?l=bugtraq&m=103599320902432&w=2
BUGTRAQ:20021030 GLSA: sharutils
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
CALDERA:CSSA-2002-040.0
http://www.kb.cert.org/vuls/id/336083
CERT-VN:VU#336083
COMPAQ:SSRT2301
http://online.securityfocus.com/advisories/4132
HP:HPSBTL0205-040
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
MANDRAKE:MDKSA-2002:052
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
http://www.osvdb.org/8274
OSVDB:8274
http://www.redhat.com/support/errata/RHSA-2002-065.html
REDHAT:RHSA-2002:065
http://www.redhat.com/support/errata/RHSA-2003-180.html
REDHAT:RHSA-2003:180
http://www.iss.net/security_center/static/9075.php
XF:sharutils-uudecode-symlink(9075)
CVE-2002-0179
Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code.
2002-06-25
2002-06-15
CVE-2002-0179
http://www.securityfocus.com/bid/4534
BID:4534
http://www.debian.org/security/2002/dsa-127
DEBIAN:DSA-127
http://www.iss.net/security_center/static/8852.php
XF:xpilot-server-bo(8852)
CVE-2002-0180
Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.
2002-04-18
2017-07-10
CVE-2002-0180
http://www.securityfocus.com/bid/4504
BID:4504
http://marc.info/?l=bugtraq&m=101888467527673&w=2
BUGTRAQ:20020415 Remote buffer overflow in Webalizer
http://www.kb.cert.org/vuls/id/582923
CERT-VN:VU#582923
http://www.mrunix.net/webalizer/news.html
CONFIRM:http://www.mrunix.net/webalizer/news.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8837
XF:webalizer-reverse-dns-bo(8837)
CVE-2002-0181
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
2003-04-02
2002-08-16
CVE-2002-0181
http://www.securityfocus.com/bid/4444
BID:4444
http://marc.info/?l=bugtraq&m=101828033830744&w=2
BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released
http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt
CALDERA:CSSA-2002-016.1
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473
CONECTIVA:CLA-2001:473
http://www.debian.org/security/2002/dsa-126
DEBIAN:DSA-126
http://bugs.horde.org/show_bug.cgi?id=916
MISC:http://bugs.horde.org/show_bug.cgi?id=916
http://www.osvdb.org/5345
OSVDB:5345
http://www.iss.net/security_center/static/8769.php
XF:imp-status-php3-css(8769)
CVE-2002-0182
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0182
CVE-2002-0184
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
2003-04-02
2021-03-16
CVE-2002-0184
http://www.securityfocus.com/bid/4593
BID:4593
http://marc.info/?l=bugtraq&m=101975443619600&w=2
BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd)
http://marc.info/?l=bugtraq&m=101974610509912&w=2
BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt
http://marc.info/?l=bugtraq&m=101979472822196&w=2
BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability
http://marc.info/?l=bugtraq&m=102010164413135&w=2
BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
http://www.kb.cert.org/vuls/id/820083
CERT-VN:VU#820083
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
CONECTIVA:CLA-2002:475
http://www.debian.org/security/2002/dsa-128
DEBIAN:DSA-128
http://www.linuxsecurity.com/advisories/other_advisory-2040.html
ENGARDE:ESA-20020429-010
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
MANDRAKE:MDKSA-2002:028
http://www.redhat.com/support/errata/RHSA-2002-071.html
REDHAT:RHSA-2002:071
http://www.redhat.com/support/errata/RHSA-2002-072.html
REDHAT:RHSA-2002:072
http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html
SUSE:SuSE-SA:2002:014
http://marc.info/?l=bugtraq&m=102010164413135&w=2
TRUSTIX:TSLSA-2002-0046
http://www.iss.net/security_center/static/8936.php
XF:sudo-password-expansion-overflow(8936)
CVE-2002-0185
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
2003-04-02
2003-03-19
CVE-2002-0185
http://www.securityfocus.com/bid/4656
BID:4656
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
CONECTIVA:CLA-2002:477
http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
http://www.redhat.com/support/errata/RHSA-2002-070.html
REDHAT:RHSA-2002:070
http://www.iss.net/security_center/static/8997.php
XF:modpython-imported-module-access(8997)
CVE-2002-0186
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
2003-04-02
2003-03-19
CVE-2002-0186
http://www.securityfocus.com/bid/5004
BID:5004
http://marc.info/?l=bugtraq&m=102397345410856&w=2
BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
http://www.kb.cert.org/vuls/id/811371
CERT-VN:VU#811371
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030
MS:MS02-030
http://www.osvdb.org/5347
OSVDB:5347
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A484
OVAL:oval:org.mitre.oval:def:484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A489
OVAL:oval:org.mitre.oval:def:489
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
http://www.iss.net/security_center/static/9328.php
XF:mssql-sqlxml-isapi-bo(9328)
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
2003-04-02
2002-07-26
CVE-2002-0187
http://marc.info/?l=bugtraq&m=102397345410856&w=2
BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030
MS:MS02-030
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
CVE-2002-0188
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
2004-09-01
2003-03-19
CVE-2002-0188
http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
http://www.lac.co.jp/security/english/snsadv_e/48_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
http://www.iss.net/security_center/static/9086.php
XF:ie-content-disposition-variant2(9086)
CVE-2002-0189
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
2002-05-17
2018-10-12
CVE-2002-0189
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19
OVAL:oval:org.mitre.oval:def:19
CVE-2002-0190
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
2003-04-02
2003-03-19
CVE-2002-0190
http://www.securityfocus.com/bid/4753
BID:4753
http://www.kb.cert.org/vuls/id/242891
CERT-VN:VU#242891
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A923
OVAL:oval:org.mitre.oval:def:923
http://www.iss.net/security_center/static/9084.php
XF:ie-netbios-incorrect-security-zone(9084)
CVE-2002-0191
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
2003-04-02
2002-06-11
CVE-2002-0191
http://www.securityfocus.com/bid/4411
BID:4411
http://marc.info/?l=bugtraq&m=101778302030981&w=2
BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
http://www.iss.net/security_center/static/8740.php
XF:ie-css-read-files (8740)
CVE-2002-0192
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This candidate was published with a description that identified a different vulnerability than what was identified in the original authoritative reference. Notes: Consult CVE-2002-0193 or CVE-2002-1564 to find the identifier for the proper issue.
2002-05-17
2005-02-03
CVE-2002-0192
CVE-2002-0193
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
2004-09-01
2006-10-31
CVE-2002-0193
http://www.securityfocus.com/bid/4752
BID:4752
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27
OVAL:oval:org.mitre.oval:def:27
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99
OVAL:oval:org.mitre.oval:def:99
https://exchange.xforce.ibmcloud.com/vulnerabilities/9085
XF:ie-content-disposition-variant(9085)
CVE-2002-0194
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0194
CVE-2002-0195
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0195
CVE-2002-0196
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
2002-06-25
2007-02-06
CVE-2002-0196
http://www.securityfocus.com/bid/3924
BID:3924
http://online.securityfocus.com/archive/1/251699
BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
http://sourceforge.net/forum/forum.php?forum_id=144966
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966
http://www.iss.net/security_center/static/7981.php
XF:cwpapi-getrelativepath-view-files(7981)
CVE-2002-0197
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
2002-06-25
2002-05-09
CVE-2002-0197
http://www.securityfocus.com/bid/3931
BID:3931
http://marc.info/?l=bugtraq&m=101173478806580&w=2
BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals
http://online.securityfocus.com/archive/1/251832
BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal
http://www.iss.net/security_center/static/7985.php
XF:psybnc-view-encrypted-messages(7985)
CVE-2002-0198
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
2002-05-03
2016-10-17
CVE-2002-0198
http://www.securityfocus.com/bid/3941
BID:3941
http://marc.info/?l=bugtraq&m=101182636812381&w=2
BUGTRAQ:20020122 pldaniels - ripMime 1.2.6 and lower?
http://pldaniels.org/ripmime/CHANGELOG
CONFIRM:http://pldaniels.org/ripmime/CHANGELOG
http://www.iss.net/security_center/static/7983.php
XF:ripmime-long-filename-bo(7983)
CVE-2002-0199
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
2002-05-03
2016-10-17
CVE-2002-0199
http://www.securityfocus.com/bid/3934
BID:3934
http://marc.info/?l=bugtraq&m=101167484012724&w=2
BUGTRAQ:20020119 Shoutcast server 1.8.3 win32
CVE-2002-0200
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
2002-05-03
2016-10-17
CVE-2002-0200
http://www.securityfocus.com/bid/3929
BID:3929
http://marc.info/?l=bugtraq&m=101174569103289&w=2
BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks
http://www.iss.net/security_center/static/7959.php
XF:cyberstop-device-name-dos(7959)
CVE-2002-0201
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
2002-05-03
2016-10-17
CVE-2002-0201
http://www.securityfocus.com/bid/3930
BID:3930
http://marc.info/?l=bugtraq&m=101174569103289&w=2
BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks
http://www.iss.net/security_center/static/7960.php
XF:cyberstop-long-request-dos(7960)
CVE-2002-0202
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
2002-05-03
2002-05-09
CVE-2002-0202
http://www.securityfocus.com/bid/3948
BID:3948
http://online.securityfocus.com/archive/1/251985
BUGTRAQ:20020123 Vulnerabilty in PaintBBS v1.2
http://www.iss.net/security_center/static/7982.php
XF:paintbbs-insecure-permissions(7982)
CVE-2002-0203
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.
2002-05-03
2016-10-17
CVE-2002-0203
http://marc.info/?l=bugtraq&m=101190195430376&w=2
BUGTRAQ:20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability
http://www.tarantella.com/security/bulletin-03.html
CONFIRM:http://www.tarantella.com/security/bulletin-03.html
CVE-2002-0204
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
2002-05-03
2016-10-17
CVE-2002-0204
http://www.securityfocus.com/bid/3949
BID:3949
http://marc.info/?l=bugtraq&m=101189688815514&w=2
BUGTRAQ:20020124 gnuchess buffer overflow vulnerabilty
http://www.iss.net/security_center/static/7991.php
XF:gnu-chess-bo(7991)
CVE-2002-0205
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
2002-05-03
2016-10-17
CVE-2002-0205
http://www.securityfocus.com/bid/3799
BID:3799
http://marc.info/?l=bugtraq&m=101189911121808&w=2
BUGTRAQ:20020124 Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
http://online.securityfocus.com/archive/82/248396
VULN-DEV:20020104 Cross-Site Scripting in PlumTree?
http://www.iss.net/security_center/static/7817.php
XF:plumtree-css-error(7817)
CVE-2002-0206
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
2002-05-03
2017-07-10
CVE-2002-0206
http://www.securityfocus.com/bid/3889
BID:3889
http://marc.info/?l=bugtraq&m=101121913914205&w=2
BUGTRAQ:20020116 PHP-Nuke allows Command Execution & Much more
http://www.kb.cert.org/vuls/id/221683
CERT-VN:VU#221683
https://exchange.xforce.ibmcloud.com/vulnerabilities/7914
XF:phpnuke-index-command-execution(7914)
CVE-2002-0207
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
2002-06-25
2002-05-09
CVE-2002-0207
http://www.securityfocus.com/bid/3809
BID:3809
http://online.securityfocus.com/archive/1/252414
BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability
http://online.securityfocus.com/archive/1/252425
BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]
http://sentinelchicken.com/advisories/realplayer/
MISC:http://sentinelchicken.com/advisories/realplayer/
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html
VULN-DEV:20020105 RealPlayer Buffer Problem
http://www.iss.net/security_center/static/7839.php
XF:realplayer-file-header-bo(7839)
CVE-2002-0208
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
2002-05-03
2002-05-09
CVE-2002-0208
http://www.securityfocus.com/bid/3961
BID:3961
http://online.securityfocus.com/archive/1/252407
BUGTRAQ:20020125 Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall installed (no need to be enabled) on Microsoft Windows Based OSs
http://www.iss.net/security_center/static/8008.php
XF:pgpfire-icmp-fingerprint(8008)
CVE-2002-0209
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
2002-06-25
2002-05-09
CVE-2002-0209
http://www.securityfocus.com/bid/3964
BID:3964
http://online.securityfocus.com/archive/1/252455
BUGTRAQ:20020125 Alteon ACEdirector signature/security bug
http://online.securityfocus.com/archive/1/261548
BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug
http://www.iss.net/security_center/static/8010.php
XF:acedirector-http-reveal-ip(8010)
CVE-2002-0210
setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.
2002-05-03
2002-05-09
CVE-2002-0210
http://www.securityfocus.com/bid/3970
BID:3970
http://online.securityfocus.com/archive/1/252614
BUGTRAQ:20020126 bru backup program
http://www.iss.net/security_center/static/8003.php
XF:bru-tmp-file-symlink(8003)
CVE-2002-0211
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
2002-06-25
2002-05-09
CVE-2002-0211
http://www.securityfocus.com/bid/3966
BID:3966
http://marc.info/?l=bugtraq&m=101208650722179&w=2
BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3.
http://online.securityfocus.com/archive/1/265845
BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)
http://www.tarantella.com/security/bulletin-04.html
CONFIRM:http://www.tarantella.com/security/bulletin-04.html
http://www.iss.net/security_center/static/7996.php
XF:tarantella-gunzip-tmp-race(7996)
CVE-2002-0212
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
2002-05-03
2016-10-17
CVE-2002-0212
http://www.securityfocus.com/bid/3971
BID:3971
http://marc.info/?l=bugtraq&m=101224151705897&w=2
BUGTRAQ:20020126 [ARL02-A01] Vulnerability in Hosting Controller
http://hostingcontroller.com/English/patches/ForAll/index.html
MISC:http://hostingcontroller.com/English/patches/ForAll/index.html
http://www.iss.net/security_center/static/8006.php
XF:hosting-controller-brute-force(8006)
CVE-2002-0213
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
2003-04-02
2003-03-19
CVE-2002-0213
http://www.securityfocus.com/bid/3969
BID:3969
http://marc.info/?l=bugtraq&m=101223525118717&w=2
BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability
ftp://patches.sgi.com/support/free/security/advisories/20020604-01-I
SGI:20020604-01-I
http://www.iss.net/security_center/static/8002.php
XF:kashare-xkas-icon-symlink(8002)
CVE-2002-0214
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.
2002-05-03
2002-05-09
CVE-2002-0214
http://www.securityfocus.com/bid/3968
BID:3968
http://online.securityfocus.com/archive/1/252607
BUGTRAQ:20020128 Intel WLAN Driver storing 128bit WEP-Key in plain text!
http://www.iss.net/security_center/static/8015.php
XF:intel-wlan-wep-plaintext(8015)
CVE-2002-0215
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
2002-05-03
2002-05-09
CVE-2002-0215
http://www.securityfocus.com/bid/3976
BID:3976
http://online.securityfocus.com/archive/1/252761
BUGTRAQ:20020128 [SUPERPETZ ADVISORY #001 - agora.cgi Secret Path Disclosure Vulnerability]
http://www.iss.net/security_center/static/8011.php
XF:agora-cgi-revel-path(8011)
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
2002-05-03
2002-05-09
CVE-2002-0216
http://www.securityfocus.com/bid/3977
BID:3977
http://online.securityfocus.com/archive/1/252827
BUGTRAQ:20020129 Xoops SQL fragment disclosure and SQL injection vulnerability
http://www.iss.net/security_center/static/8028.php
XF:xoops-userinfo-information-disclosure(8028)
CVE-2002-0217
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
2002-05-03
2002-05-09
CVE-2002-0217
http://www.securityfocus.com/bid/3978
BID:3978
http://www.securityfocus.com/bid/3981
BID:3981
http://online.securityfocus.com/archive/1/252828
BUGTRAQ:20020129 Xoops Private Message System Script injection
http://www.iss.net/security_center/static/8030.php
XF:xoops-pmlite-image-css(8030)
http://www.iss.net/security_center/static/8025.php
XF:xoops-private-message-css(8025)
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
2002-05-03
2005-07-02
CVE-2002-0218
http://www.securityfocus.com/bid/3980
BID:3980
http://online.securityfocus.com/archive/1/252847
BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
http://online.securityfocus.com/archive/1/252891
BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
http://www.sas.com/service/techsup/unotes/SN/004/004201.html
MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html
VULNWATCH:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
http://www.iss.net/security_center/static/8018.php
XF:sas-sastcpd-spawner-format-string(8018)
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
2002-05-03
2005-07-02
CVE-2002-0219
http://www.securityfocus.com/bid/3979
BID:3979
http://online.securityfocus.com/archive/1/252847
BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
http://online.securityfocus.com/archive/1/252891
BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
http://www.sas.com/service/techsup/unotes/SN/004/004201.html
MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html
VULNWATCH:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
http://www.iss.net/security_center/static/8017.php
XF:sas-sastcpd-spawner-bo(8017)
CVE-2002-0220
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.
2002-05-03
2002-05-09
CVE-2002-0220
http://www.securityfocus.com/bid/3982
BID:3982
http://online.securityfocus.com/archive/1/252918
BUGTRAQ:20020129 PhpSmsSend remote execute commands bug
http://www.iss.net/security_center/static/8019.php
XF:phpsmssend-command-execution(8019)
CVE-2002-0221
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.
2002-05-03
2002-05-09
CVE-2002-0221
http://www.securityfocus.com/bid/3983
BID:3983
http://online.securityfocus.com/archive/1/252944
BUGTRAQ:20020129 Vulnerabilities in EServ 2.97
http://www.iss.net/security_center/static/8020.php
XF:eserv-pasv-dos(8020)
CVE-2002-0222
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
2002-05-03
2002-05-09
CVE-2002-0222
http://www.securityfocus.com/bid/3986
BID:3986
http://online.securityfocus.com/archive/1/252944
BUGTRAQ:20020129 Vulnerabilities in EServ 2.97
http://www.iss.net/security_center/static/8021.php
XF:eserv-ftp-bounce(8021)
CVE-2002-0223
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.
2002-05-03
2002-05-09
CVE-2002-0223
http://www.securityfocus.com/bid/3993
BID:3993
http://online.securityfocus.com/archive/1/253172
BUGTRAQ:20020130 [ WWWThreads, UBBThreads ] Security Hole in upload system
http://www.iss.net/security_center/static/8022.php
XF:ubbthreads-file-upload(8022)
CVE-2002-0224
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
2002-05-03
2005-07-04
CVE-2002-0224
http://www.securityfocus.com/bid/4006
BID:4006
http://online.securityfocus.com/archive/1/253360
BUGTRAQ:20020131 msdtc on 3372
http://online.securityfocus.com/archive/1/268593
BUGTRAQ:20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
http://www.iss.net/security_center/static/8046.php
XF:msdtc-default-port-dos(8046)
CVE-2002-0225
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
2002-05-03
2002-05-09
CVE-2002-0225
http://www.securityfocus.com/bid/4003
BID:4003
http://online.securityfocus.com/archive/1/253288
BUGTRAQ:20020130 tac_plus version F4.0.4.alpha on at least Solaris 8 sparc
http://www.iss.net/security_center/static/8061.php
XF:tacplus-insecure-accounting-files(8061)
CVE-2002-0226
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
2002-06-25
2002-05-09
CVE-2002-0226
http://www.securityfocus.com/bid/4014
BID:4014
http://marc.info/?l=bugtraq&m=101258311519504&w=2
BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com
http://www.dcscripts.com/bugtrac/DCForumID7/3.html
CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html
http://www.osvdb.org/2038
OSVDB:2038
http://www.osvdb.org/3866
OSVDB:3866
http://www.iss.net/security_center/static/8044.php
XF:dcforum-cgi-recover-passwords(8044)
CVE-2002-0227
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
2002-05-03
2016-10-17
CVE-2002-0227
http://www.securityfocus.com/bid/4018
BID:4018
http://marc.info/?l=bugtraq&m=101266856410129&w=2
BUGTRAQ:20020201 KICQ 2.0.0b1 can be remotely crashed
http://www.iss.net/security_center/static/8064.php
XF:kicq-telnet-dos(8064)
CVE-2002-0228
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
2002-05-03
2002-05-09
CVE-2002-0228
http://www.securityfocus.com/bid/4028
BID:4028
http://online.securityfocus.com/archive/1/254021
BUGTRAQ:20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)
http://www.iss.net/security_center/static/8084.php
XF:msn-messenger-reveal-information(8084)
CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
2002-05-03
2016-10-17
CVE-2002-0229
http://www.securityfocus.com/bid/4026
BID:4026
http://marc.info/?l=bugtraq&m=101286577109716&w=2
BUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem
http://marc.info/?l=bugtraq&m=101304702002321&w=2
BUGTRAQ:20020206 DW020203-PHP clarification
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
NTBUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
NTBUGTRAQ:20020205 Re: PHP Safe Mode Filesystem Circumvention Problem
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
NTBUGTRAQ:20020206 DW020203-PHP clarification
http://www.iss.net/security_center/static/8105.php
XF:php-mysql-safemode-bypass(8105)
CVE-2002-0230
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
2002-05-03
2016-10-17
CVE-2002-0230
http://marc.info/?l=bugtraq&m=101285834018701&w=2
BUGTRAQ:20020204 [SUPERPETZ ADVISORY #002- Faq-O-Matic Cross-Site Scripting Vulnerability]
http://marc.info/?l=bugtraq&m=101293973111873&w=2
BUGTRAQ:20020205 Faq-O-Matic Cross-Site Scripting
http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
http://www.debian.org/security/2002/dsa-109
DEBIAN:DSA-109
CVE-2002-0231
Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.
2002-05-03
2016-10-17
CVE-2002-0231
http://www.securityfocus.com/bid/4027
BID:4027
http://marc.info/?l=bugtraq&m=101286747013955&w=2
BUGTRAQ:20020203 Buffer overflow in mIRC allowing arbitary code to be executed.
http://online.securityfocus.com/archive/1/254105
BUGTRAQ:20020204 Re: Buffer overflow in mIRC allowing arbitary code to be executed.
http://www.uuuppz.com/research/adv-001-mirc.htm
MISC:http://www.uuuppz.com/research/adv-001-mirc.htm
http://www.iss.net/security_center/static/8083.php
XF:mirc-nickname-bo(8083)
CVE-2002-0232
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
2002-05-03
2016-10-17
CVE-2002-0232
http://www.securityfocus.com/bid/4017
BID:4017
http://marc.info/?l=bugtraq&m=101266821909189&w=2
BUGTRAQ:20020202 new advisory
http://www.iss.net/security_center/static/8062.php
XF:mrtg-cgi-view-files(8062)
CVE-2002-0233
Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
2002-05-03
2016-10-17
CVE-2002-0233
http://www.securityfocus.com/bid/4029
BID:4029
http://marc.info/?l=bugtraq&m=101292885809975&w=2
BUGTRAQ:20020205 Viewing arbitrary file from the file system using Eshare Expressions 4 server
http://www.iss.net/security_center/static/8079.php
XF:expressions-dot-directory-traversal(8079)
CVE-2002-0234
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
2002-05-03
2016-10-17
CVE-2002-0234
http://www.securityfocus.com/bid/4015
BID:4015
http://marc.info/?l=bugtraq&m=101258281818524&w=2
BUGTRAQ:20020201 NetScreen ScreenOS 2.6 Subject to Trust Interface DoS
http://marc.info/?l=bugtraq&m=101258887105690&w=2
BUGTRAQ:20020201 RE: NetScreen ScreenOS 2.6 Subject to Trust Interface DoS
http://online.securityfocus.com/archive/1/254268
BUGTRAQ:20020205 NetScreen Response to ScreenOS Port Scan DoS Vulnerability
http://www.iss.net/security_center/static/8057.php
XF:netscreen-screenos-scan-dos(8057)
CVE-2002-0235
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
2002-05-03
2002-05-09
CVE-2002-0235
http://www.securityfocus.com/bid/4030
BID:4030
http://online.securityfocus.com/archive/1/254168
BUGTRAQ:20020205 Castelle Faxpress: Password used for NT Print queue can be discl osed in Plain Text
http://www.iss.net/security_center/static/8086.php
XF:faxpress-plaintext-password(8086)
CVE-2002-0236
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
2002-05-03
2016-10-17
CVE-2002-0236
http://www.securityfocus.com/bid/3784
BID:3784
http://marc.info/?l=bugtraq&m=101294507827698&w=2
BUGTRAQ:20020205 Published Report of Vulnerability in Lucent VitalSuite Software
http://www.iss.net/security_center/static/7936.php
XF:vitalnet-unauth-access(7936)
CVE-2002-0237
Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.
2002-06-25
2002-05-09
CVE-2002-0237
http://www.securityfocus.com/bid/4025
BID:4025
http://marc.info/?l=bugtraq&m=101286393404301&w=2
BUGTRAQ:20020204 Vulnerability in Black ICE Defender
http://marc.info/?l=bugtraq&m=101302424803268&w=2
BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note
http://marc.info/?l=bugtraq&m=101321744807452&w=2
BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
http://www.iss.net/security_center/alerts/advise109.php
ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products
http://marc.info/?l=ntbugtraq&m=101353165915171&w=2
NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
http://www.iss.net/security_center/static/8058.php
XF:blackice-ping-flood-dos(8058)
CVE-2002-0238
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
2002-05-03
2016-10-17
CVE-2002-0238
http://www.securityfocus.com/bid/4024
BID:4024
http://marc.info/?l=bugtraq&m=101286360203461&w=2
BUGTRAQ:20020203 Netgear RT311/RT314
http://www.iss.net/security_center/static/8082.php
XF:netgear-web-interface-css(8082)
CVE-2002-0239
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
2002-05-03
2016-10-17
CVE-2002-0239
http://www.securityfocus.com/bid/4050
BID:4050
http://marc.info/?l=bugtraq&m=101310874106455&w=2
BUGTRAQ:20020207 Overflow Vulnerabilities in hanterm
http://online.securityfocus.com/archive/1/255168
BUGTRAQ:20020207 another hanterm exploit
http://www.debian.org/security/2002/dsa-112
DEBIAN:DSA-112
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:41.hanterm.asc
FREEBSD:FreeBSD-SA-01:41
http://securitytracker.com/id?1001950
SECTRACK:1001950
http://www.iss.net/security_center/static/8109.php
XF:hanterm-command-line-bo(8109)
CVE-2002-0240
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
2002-05-03
2016-10-17
CVE-2002-0240
http://www.securityfocus.com/bid/4057
BID:4057
http://marc.info/?l=bugtraq&m=101311746611160&w=2
BUGTRAQ:20020207 PHP Advisory #2
http://www.iss.net/security_center/static/8119.php
XF:apache-php-options-information(8119)
CVE-2002-0241
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
2003-04-02
2002-05-09
CVE-2002-0241
http://www.securityfocus.com/bid/4048
BID:4048
http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml
CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability
http://www.iss.net/security_center/static/8106.php
XF:ciscosecure-nds-authentication(8106)
CVE-2002-0242
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
2002-05-03
2016-10-17
CVE-2002-0242
http://marc.info/?l=bugtraq&m=101309907709138&w=2
BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
CVE-2002-0243
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
2002-05-03
2016-10-17
CVE-2002-0243
http://marc.info/?l=bugtraq&m=101309907709138&w=2
BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
CVE-2002-0244
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
2002-05-03
2017-07-10
CVE-2002-0244
http://www.securityfocus.com/bid/4051
BID:4051
http://marc.info/?l=bugtraq&m=101310622531303&w=2
BUGTRAQ:20020207 AtheOS: escaping from a chroot jail
https://exchange.xforce.ibmcloud.com/vulnerabilities/8108
XF:atheos-dot-directory-traversal(8108)
CVE-2002-0245
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
2002-05-03
2016-10-17
CVE-2002-0245
http://www.securityfocus.com/bid/4049
BID:4049
http://marc.info/?l=bugtraq&m=101310812804716&w=2
BUGTRAQ:20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F
CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F
http://www.iss.net/security_center/static/8160.php
XF:lotus-domino-reveal-information(8160)
CVE-2002-0246
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.
2003-04-02
2002-05-09
CVE-2002-0246
http://www.securityfocus.com/bid/4060
BID:4060
http://online.securityfocus.com/archive/1/255414
BUGTRAQ:20020210 Unixware Message catalog exploit code
ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
CALDERA:CSSA-2002-SCO.3
http://www.iss.net/security_center/static/8113.php
XF:unixware-msg-catalog-format-string(8113)
CVE-2002-0247
Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.
2002-05-03
2002-05-09
CVE-2002-0247
http://www.securityfocus.com/bid/4054
BID:4054
http://www.debian.org/security/2002/dsa-108
DEBIAN:DSA-108
http://www.iss.net/security_center/static/8111.php
XF:wmtv-local-bo(8111)
CVE-2002-0248
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.
2002-05-03
2002-05-09
CVE-2002-0248
http://www.securityfocus.com/bid/4052
BID:4052
http://www.debian.org/security/2002/dsa-108
DEBIAN:DSA-108
http://www.iss.net/security_center/static/8110.php
XF:wmtv-config-file-symlink(8110)
CVE-2002-0249
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
2002-05-03
2016-10-17
CVE-2002-0249
http://www.securityfocus.com/bid/4056
BID:4056
http://marc.info/?l=bugtraq&m=101311698909691&w=2
BUGTRAQ:20020207 Security Advisory - #1
http://www.iss.net/security_center/static/8121.php
XF:php-123-path-information(8121)
CVE-2002-0250
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
2003-04-02
2002-05-09
CVE-2002-0250
http://www.securityfocus.com/bid/4062
BID:4062
http://marc.info/?l=bugtraq&m=101318469216213&w=2
BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
http://online.securityfocus.com/advisories/3870
HP:HPSBUX0202-185
VULNWATCH:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
http://www.iss.net/security_center/static/8124.php
XF:hp-advancestack-bypass-auth(8124)
CVE-2002-0251
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".
2002-06-25
2002-05-09
CVE-2002-0251
http://www.securityfocus.com/bid/4036
BID:4036
http://marc.info/?l=bugtraq&m=101301254432079&w=2
BUGTRAQ:20020206 -Possible- licq D.o.S
http://marc.info/?l=bugtraq&m=101318594420200&w=2
BUGTRAQ:20020208 RE: -Possible- licq D.o.S
http://www.iss.net/security_center/static/8107.php
XF:licq-static-bo(8107)
CVE-2002-0252
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
2002-05-03
2017-10-09
CVE-2002-0252
http://www.securityfocus.com/bid/4064
BID:4064
http://marc.info/?l=bugtraq&m=101320742616105&w=2
BUGTRAQ:20020208 [SPSadvisory#46]Apple QuickTime Player "Content-Type" Buffer Overflow
https://www.exploit-db.com/exploits/4673
EXPLOIT-DB:4673
http://www.iss.net/security_center/static/8126.php
XF:quicktime-content-header-bo(8126)
CVE-2002-0253
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
2002-05-03
2016-10-17
CVE-2002-0253
http://www.securityfocus.com/bid/4063
BID:4063
http://marc.info/?l=bugtraq&m=101318944130790&w=2
BUGTRAQ:20020207 Advisory #3 - PHP & JSP
http://www.iss.net/security_center/static/8122.php
XF:php-slash-path-information(8122)
CVE-2002-0254
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
2002-05-03
2016-10-17
CVE-2002-0254
http://marc.info/?l=bugtraq&m=101320492009565&w=2
BUGTRAQ:20020208 -possible- Bufferoverflow in ICQ 2001b
CVE-2002-0255
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.
2002-05-03
2016-10-17
CVE-2002-0255
http://www.securityfocus.com/bid/4066
BID:4066
http://marc.info/?l=bugtraq&m=101323620111951&w=2
BUGTRAQ:20020208 arescom 800 authentification flaw
http://www.iss.net/security_center/static/8125.php
XF:netdsl-telnet-bypass-authentication(8125)
CVE-2002-0256
The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop.
2002-05-03
2016-10-17
CVE-2002-0256
http://www.securityfocus.com/bid/4067
BID:4067
http://marc.info/?l=bugtraq&m=101328827420630&w=2
BUGTRAQ:20020209 Arescom NetDSL-1000 telnetd DoS
http://www.iss.net/security_center/static/8123.php
XF:netdsl-telnet-dos(8123)
CVE-2002-0257
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
2002-05-03
2016-10-17
CVE-2002-0257
http://www.securityfocus.com/bid/4069
BID:4069
http://marc.info/?l=bugtraq&m=101328880521775&w=2
BUGTRAQ:20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30
http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
CONFIRM:http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
http://www.iss.net/security_center/static/8161.php
XF:makebid-description-css(8161)
CVE-2002-0258
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
2002-05-03
2016-10-17
CVE-2002-0258
http://marc.info/?l=bugtraq&m=101328887821909&w=2
BUGTRAQ:20020209 Security Issue in Icewarp
CVE-2002-0259
InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
2002-05-03
2016-10-17
CVE-2002-0259
http://www.securityfocus.com/bid/4076
BID:4076
http://marc.info/?l=bugtraq&m=101329397901071&w=2
BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
http://www.instantservers.com/releases.html
CONFIRM:http://www.instantservers.com/releases.html
http://www.iss.net/security_center/static/8170.php
XF:miniportal-plaintext-information(8170)
CVE-2002-0260
Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.
2002-05-03
2016-10-17
CVE-2002-0260
http://www.securityfocus.com/bid/4073
BID:4073
http://marc.info/?l=bugtraq&m=101329397901071&w=2
BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
http://www.instantservers.com/releases.html
CONFIRM:http://www.instantservers.com/releases.html
http://www.iss.net/security_center/static/8172.php
XF:miniportal-ftp-login-bo(8172)
CVE-2002-0261
Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.
2002-05-03
2016-10-17
CVE-2002-0261
http://www.securityfocus.com/bid/4075
BID:4075
http://marc.info/?l=bugtraq&m=101329397901071&w=2
BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
http://www.instantservers.com/releases.html
CONFIRM:http://www.instantservers.com/releases.html
http://www.iss.net/security_center/static/8171.php
XF:miniportal-ftp-directory-traversal(8171)
CVE-2002-0262
Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
2002-05-03
2016-10-17
CVE-2002-0262
http://www.securityfocus.com/bid/4071
BID:4071
http://marc.info/?l=bugtraq&m=101344812311216&w=2
BUGTRAQ:20020210 Sybex E-Trainer Directory Traversal Vulnerability
http://www.iss.net/security_center/static/8175.php
XF:sybex-etrainer-directory-traversal(8175)
CVE-2002-0263
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
2002-05-03
2016-10-17
CVE-2002-0263
http://www.securityfocus.com/bid/4068
BID:4068
http://marc.info/?l=bugtraq&m=101345069220199&w=2
BUGTRAQ:20020211 EasyBoard 2000 Remote Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/8162.php
XF:ezboard-bbs-contenttype-bo(8162)
CVE-2002-0264
PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.
2002-05-03
2016-10-17
CVE-2002-0264
http://www.securityfocus.com/bid/4074
BID:4074
http://marc.info/?l=bugtraq&m=101361745222207&w=2
BUGTRAQ:20020211 PowerFTP Personal FTP Server Multiple Vulnerabilities
http://www.iss.net/security_center/static/8183.php
XF:powerftp-ftpserver-ini-plaintext(8183)
CVE-2002-0265
Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.
2002-06-25
2002-05-09
CVE-2002-0265
http://www.securityfocus.com/bid/4077
BID:4077
http://marc.info/?l=bugtraq&m=101346206921270&w=2
BUGTRAQ:20020211 Vulnerability in Sawmill for Solaris v. 6.2.14
http://www.sawmill.net/version_history.html
CONFIRM:http://www.sawmill.net/version_history.html
http://www.iss.net/security_center/static/8173.php
XF:sawmill-admin-password-insecure(8173)
CVE-2002-0266
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.
2002-05-03
2016-10-17
CVE-2002-0266
http://www.securityfocus.com/bid/4035
BID:4035
http://marc.info/?l=bugtraq&m=101301228031165&w=2
BUGTRAQ:20020206 texis(CGI) Path Disclosure Vulnerability
http://marc.info/?l=bugtraq&m=101346478229431&w=2
BUGTRAQ:20020211 Re: texis(CGI) Path Disclosure Vulnerability
http://www.iss.net/security_center/static/8103.php
XF:texis-cgi-information-disclosure(8103)
CVE-2002-0267
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
2003-04-02
2003-03-19
CVE-2002-0267
http://www.securityfocus.com/bid/4097
BID:4097
http://marc.info/?l=bugtraq&m=101363233905645&w=2
BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access.
http://sips.sourceforge.net/adminvul.html
CONFIRM:http://sips.sourceforge.net/adminvul.html
http://www.iss.net/security_center/static/8193.php
XF:sips-theme-admin-access(8193)
CVE-2002-0268
Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.
2002-05-03
2016-10-17
CVE-2002-0268
http://www.securityfocus.com/bid/4101
BID:4101
http://marc.info/?l=bugtraq&m=101366270807034&w=2
BUGTRAQ:20020212 Identix BioLogon 3
http://www.iss.net/security_center/static/8201.php
XF:biologon3-gina-bypass-authentication(8201)
CVE-2002-0269
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
2002-05-03
2016-10-17
CVE-2002-0269
http://marc.info/?l=bugtraq&m=101363764421623&w=2
BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting
CVE-2002-0270
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
2002-05-03
2016-10-17
CVE-2002-0270
http://marc.info/?l=bugtraq&m=101363764421623&w=2
BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting
CVE-2002-0271
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
2002-05-03
2016-10-17
CVE-2002-0271
http://www.securityfocus.com/bid/4086
BID:4086
http://marc.info/?l=bugtraq&m=101353440624007&w=2
BUGTRAQ:20020212 RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT
CVE-2002-0272
Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.
2002-05-03
2016-10-17
CVE-2002-0272
http://www.securityfocus.com/bid/4091
BID:4091
http://marc.info/?l=bugtraq&m=101366518310823&w=2
BUGTRAQ:20020213 Re: mpg321
http://sourceforge.net/project/shownotes.php?release_id=79237
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=79237
http://marc.info/?l=vuln-dev&m=101355590918475&w=2
VULN-DEV:20020212 mpg321
CVE-2002-0273
Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.
2002-05-03
2016-10-17
CVE-2002-0273
http://www.securityfocus.com/bid/4093
BID:4093
http://marc.info/?l=bugtraq&m=101362100602008&w=2
BUGTRAQ:20020213 NetWin CWMail.exe Buffer Overflow
http://www.iss.net/security_center/static/8185.php
XF:cwmail-item-bo(8185)
CVE-2002-0274
Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
2003-04-02
2003-03-19
CVE-2002-0274
http://www.securityfocus.com/bid/4096
BID:4096
http://marc.info/?l=bugtraq&m=101362618118598&w=2
BUGTRAQ:20020213 Exim 3.34 and lower (fwd)
MLIST:[exim-announce] 20020219 Exim 3.35 released
http://www.redhat.com/support/errata/RHSA-2002-208.html
REDHAT:RHSA-2002:208
http://www.iss.net/security_center/static/8194.php
XF:exim-config-arg-bo(8194)
CVE-2002-0275
Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
2004-09-01
2004-07-24
CVE-2002-0275
http://www.securityfocus.com/bid/4099
BID:4099
http://marc.info/?l=bugtraq&m=101363946626951&w=2
BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability
http://marc.info/?l=bugtraq&m=102253858809370&w=2
BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html
VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/8189
XF:falcon-protected-dir-access(8189)
CVE-2002-0276
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.
2003-04-02
2003-03-19
CVE-2002-0276
http://www.securityfocus.com/bid/4104
BID:4104
http://marc.info/?l=bugtraq&m=101370874219511&w=2
BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise
http://ettercap.sourceforge.net/index.php?s=history
CONFIRM:http://ettercap.sourceforge.net/index.php?s=history
VULNWATCH:20020213 [VulnWatch] [NGSEC-2002-1] Ettercap, remote root compromise
http://www.iss.net/security_center/static/8200.php
XF:ettercap-memcpy-bo(8200)
CVE-2002-0277
Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter.
2002-05-03
2016-10-17
CVE-2002-0277
http://www.securityfocus.com/bid/4105
BID:4105
http://marc.info/?l=bugtraq&m=101371994219708&w=2
BUGTRAQ:20020214 Add2it Mailman command execution
http://www.add2it.com/scripts/mailman-free-history.shtml
CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml
http://www.iss.net/security_center/static/8202.php
XF:mailman-open-execute-commands(8202)
CVE-2002-0278
Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter.
2002-05-03
2016-10-17
CVE-2002-0278
http://marc.info/?l=bugtraq&m=101371994219708&w=2
BUGTRAQ:20020214 Add2it Mailman command execution
http://www.add2it.com/scripts/mailman-free-history.shtml
CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml
http://www.iss.net/security_center/static/8202.php
XF:mailman-open-execute-commands(8202)
CVE-2002-0279
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
2002-05-03
2017-10-09
CVE-2002-0279
http://www.securityfocus.com/bid/4094
BID:4094
http://www.kb.cert.org/vuls/id/726187
CERT-VN:VU#726187
http://marc.info/?l=bugtraq&m=101372194225046&w=2
HP:HPSBUX0202-183
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5469
OVAL:oval:org.mitre.oval:def:5469
http://www.iss.net/security_center/static/8195.php
XF:hpux-setrlimit-kernel-panic(8195)
CVE-2002-0280
Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.
2002-05-03
2016-10-17
CVE-2002-0280
http://marc.info/?l=bugtraq&m=101392671306875&w=2
BUGTRAQ:20020215 codeblue remote root
http://freshmeat.net/releases/71514/
MISC:http://freshmeat.net/releases/71514/
CVE-2002-0281
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
2002-05-03
2017-07-10
CVE-2002-0281
http://www.securityfocus.com/bid/4112
BID:4112
http://marc.info/?l=bugtraq&m=101379217032525&w=2
BUGTRAQ:20020215 [ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability
http://www.dcp-portal.com/contents.php?id=18
MISC:http://www.dcp-portal.com/contents.php?id=18
https://exchange.xforce.ibmcloud.com/vulnerabilities/8197
XF:dcpportal-userupdate-css(8197)
CVE-2002-0282
DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.
2002-05-03
2017-07-10
CVE-2002-0282
http://www.securityfocus.com/bid/4113
BID:4113
http://marc.info/?l=bugtraq&m=101379160830631&w=2
BUGTRAQ:20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability
http://marc.info/?l=bugtraq&m=101494497608620&w=2
BUGTRAQ:20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure
http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1
CONFIRM:http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1
https://exchange.xforce.ibmcloud.com/vulnerabilities/8196
XF:dcpportal-adduser-path-disclosure(8196)
http://www.iss.net/security_center/static/8310.php
XF:dcpportal-language-path-disclosure(8310)
CVE-2002-0283
Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.
2002-05-03
2016-10-17
CVE-2002-0283
http://marc.info/?l=bugtraq&m=101408718030099&w=2
BUGTRAQ:20020215 Windows XP Remote DOS attacks with SYN Flag. Make CPU 100%
CVE-2002-0284
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
2002-05-03
2016-10-17
CVE-2002-0284
http://marc.info/?l=bugtraq&m=101408781031527&w=2
BUGTRAQ:20020215 winamp and wma Song Licenses
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
2002-05-03
2016-10-17
CVE-2002-0285
http://www.securityfocus.com/bid/4092
BID:4092
http://marc.info/?l=bugtraq&m=101362077701164&w=2
BUGTRAQ:20020212 Outlook will see non-existing attachments
http://www.iss.net/security_center/static/8198.php
XF:outlook-express-return-bypass(8198)
CVE-2002-0286
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
2002-05-03
2017-07-10
CVE-2002-0286
http://www.securityfocus.com/bid/4046
BID:4046
http://marc.info/?l=bugtraq&m=101388393808699&w=2
BUGTRAQ:20020216 SiteNews remote add user exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/8181
XF:sitenews-getpassword-add-users(8181)
CVE-2002-0287
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
2003-04-02
2003-03-19
CVE-2002-0287
http://www.securityfocus.com/bid/4114
BID:4114
http://marc.info/?l=bugtraq&m=101389284625019&w=2
BUGTRAQ:20020216 pforum: mysql-injection-bug
http://www.powie.de/news/index.php
CONFIRM:http://www.powie.de/news/index.php
http://www.iss.net/security_center/static/8203.php
XF:pforum-quotes-sql-injection(8203)
CVE-2002-0288
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
2002-05-03
2016-10-17
CVE-2002-0288
http://www.securityfocus.com/bid/4117
BID:4117
http://marc.info/?l=bugtraq&m=101408906001958&w=2
BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
CVE-2002-0289
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
2002-05-03
2016-10-17
CVE-2002-0289
http://www.securityfocus.com/bid/4118
BID:4118
http://www.securityfocus.com/bid/4119
BID:4119
http://marc.info/?l=bugtraq&m=101408906001958&w=2
BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
CVE-2002-0290
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.
2003-04-02
2003-03-19
CVE-2002-0290
http://www.securityfocus.com/bid/4124
BID:4124
http://marc.info/?l=bugtraq&m=101413521417638&w=2
BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)
ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
http://www.iss.net/security_center/static/8220.php
XF:webnews-cgi-group-bo(8220)
CVE-2002-0291
Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.
2002-05-03
2016-10-17
CVE-2002-0291
http://www.securityfocus.com/bid/4123
BID:4123
http://marc.info/?l=bugtraq&m=101415416513746&w=2
BUGTRAQ:20020218 Dino's Webserver v1.2 DoS, possible overflow
http://www.iss.net/security_center/static/8233.php
XF:dino-log-tag-bo(8233)
CVE-2002-0292
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
2003-04-02
2003-03-19
CVE-2002-0292
http://www.securityfocus.com/bid/4116
BID:4116
http://marc.info/?l=bugtraq&m=101414005501708&w=2
BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability
http://www.iss.net/security_center/static/8221.php
XF:slashcode-site-xss(8221)
CVE-2002-0293
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
2002-05-03
2017-07-10
CVE-2002-0293
http://marc.info/?l=bugtraq&m=101413767925869&w=2
BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
https://exchange.xforce.ibmcloud.com/vulnerabilities/8225
XF:omnipcx-ftp-root-access(8225)
CVE-2002-0294
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
2002-05-03
2016-10-17
CVE-2002-0294
http://www.securityfocus.com/bid/4130
BID:4130
http://marc.info/?l=bugtraq&m=101413767925869&w=2
BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
CVE-2002-0295
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
2002-05-03
2016-10-17
CVE-2002-0295
http://www.securityfocus.com/bid/4133
BID:4133
http://marc.info/?l=bugtraq&m=101413767925869&w=2
BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
CVE-2002-0296
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
2002-05-03
2017-07-10
CVE-2002-0296
http://www.securityfocus.com/bid/4115
BID:4115
http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.html
BUGTRAQ:20020219 Another local root vulnerability during installation of Tarantella Enterprise 3.
http://marc.info/?l=bugtraq&m=101467193803592&w=2
BUGTRAQ:20020224 Exploit for Tarantella Enterprise installation (bid 4115)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8223
XF:tarantella-tmp-spinning-symlink(8223)
CVE-2002-0297
Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
2002-05-03
2016-10-17
CVE-2002-0297
http://www.securityfocus.com/bid/4128
BID:4128
http://marc.info/?l=bugtraq&m=101415883727615&w=2
BUGTRAQ:20020219 ScriptEase MiniWeb Server DoS Vulnerability
CVE-2002-0298
ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character.
2002-05-03
2016-10-17
CVE-2002-0298
http://www.securityfocus.com/bid/4145
BID:4145
http://marc.info/?l=bugtraq&m=101424439220931&w=2
BUGTRAQ:20020219 Four More ScriptEase MiniWeb Server v0.95 DoS Attacks
CVE-2002-0299
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.
2003-04-02
2003-03-19
CVE-2002-0299
http://www.securityfocus.com/bid/3975
BID:3975
http://marc.info/?l=bugtraq&m=101438631921749&w=2
BUGTRAQ:20020220 CNet CatchUp arbitrary code execution
http://www.iss.net/security_center/static/8035.php
XF:cnet-catchup-gain-privileges(8035)
CVE-2002-0300
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
2003-04-02
2002-08-16
CVE-2002-0300
http://www.securityfocus.com/bid/4125
BID:4125
http://marc.info/?l=bugtraq&m=101415804625292&w=2
BUGTRAQ:20020219 gnujsp: dir- and script-disclosure
http://marc.info/?l=bugtraq&m=101422432123898&w=2
BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure
http://www.debian.org/security/2002/dsa-114
DEBIAN:DSA-114
http://www.iss.net/security_center/static/8240.php
XF:gnujsp-jserv-information-disclosure(8240)
CVE-2002-0301
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
2002-05-03
2016-10-17
CVE-2002-0301
http://www.securityfocus.com/bid/4142
BID:4142
http://marc.info/?l=bugtraq&m=101424947801895&w=2
BUGTRAQ:20020220 Re: Citrix NFuse 1.6 - additional network exposure
CVE-2002-0302
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.
2003-04-02
2003-03-19
CVE-2002-0302
http://www.securityfocus.com/bid/4139
BID:4139
http://marc.info/?l=bugtraq&m=101424225814604&w=2
BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP
http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8253
XF:sef-snmp-notify-loss(8253)
CVE-2002-0303
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
2002-05-03
2016-10-17
CVE-2002-0303
http://www.securityfocus.com/bid/4154
BID:4154
http://marc.info/?l=bugtraq&m=101425369510983&w=2
BUGTRAQ:20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice
CVE-2002-0304
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
2002-05-03
2016-10-17
CVE-2002-0304
http://www.securityfocus.com/bid/4153
BID:4153
http://marc.info/?l=bugtraq&m=101432338000591&w=2
BUGTRAQ:20020220 SecurityOffice Security Advisory:// LilHTTP Web Server Protected File Access Vulnerability
http://marc.info/?l=bugtraq&m=101665069500433&w=2
BUGTRAQ:20020320 LilHTTP Web Server Protected File Access Vulnerability (Solution)
http://www.summitcn.com/lilhttp/lildocs.html#WhatsNew
MISC:http://www.summitcn.com/lilhttp/lildocs.html#WhatsNew
CVE-2002-0305
Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.
2002-05-03
2017-07-10
CVE-2002-0305
http://www.securityfocus.com/bid/4155
BID:4155
http://marc.info/?l=bugtraq&m=101432416503293&w=2
BUGTRAQ:20020221 Zero One Tech (ZOT) P100s PrintServer and SNMP
https://exchange.xforce.ibmcloud.com/vulnerabilities/8270
XF:zot-default-snmp-string(8270)
CVE-2002-0306
ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.
2002-05-03
2016-10-17
CVE-2002-0306
http://www.securityfocus.com/bid/4149
BID:4149
http://marc.info/?l=bugtraq&m=101430868616112&w=2
BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl
CVE-2002-0307
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
2002-05-03
2016-10-17
CVE-2002-0307
http://www.securityfocus.com/bid/4147
BID:4147
http://marc.info/?l=bugtraq&m=101430868616112&w=2
BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl
CVE-2002-0308
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
2002-05-03
2017-07-10
CVE-2002-0308
http://www.securityfocus.com/bid/4152
BID:4152
http://marc.info/?l=bugtraq&m=101430885516675&w=2
BUGTRAQ:20020221 AdMentor Login Flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/8245
XF:admentor-asp-gain-access(8245)
CVE-2002-0309
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.
2003-04-02
2003-03-19
CVE-2002-0309
http://www.securityfocus.com/bid/4141
BID:4141
http://marc.info/?l=bugtraq&m=101424307617060&w=2
BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
http://marc.info/?l=bugtraq&m=101430810813853&w=2
BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
http://www.iss.net/security_center/static/8251.php
XF:sef-smtp-proxy-information(8251)
CVE-2002-0310
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.
2002-05-03
2017-07-10
CVE-2002-0310
http://www.securityfocus.com/bid/4156
BID:4156
http://marc.info/?l=bugtraq&m=101432236729631&w=2
BUGTRAQ:20020221 Netwin Webnews 1.1k
https://exchange.xforce.ibmcloud.com/vulnerabilities/8255
XF:webnews-cgi-default-accounts(8255)
CVE-2002-0311
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.
2002-05-03
2002-05-09
CVE-2002-0311
http://www.securityfocus.com/bid/3936
BID:3936
http://online.securityfocus.com/archive/1/251747
BUGTRAQ:20020120 Unixware 7.1.1 scoadminreg.cgi local exploit
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/CSSA-2002-SCO.6.txt
CALDERA:CSSA-2002-SCO.6
http://www.iss.net/security_center/static/7977.php
XF:unixware-webtop-execute-commands(7977)
CVE-2002-0312
Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
2002-05-03
2016-10-17
CVE-2002-0312
http://www.securityfocus.com/bid/4160
BID:4160
http://marc.info/?l=bugtraq&m=101439734827908&w=2
BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability
http://online.securityfocus.com/archive/1/258365
BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201
NTBUGTRAQ:20020222 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
http://www.iss.net/security_center/static/8248.php
XF:essentia-server-directory-traversal(8248)
CVE-2002-0313
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.
2004-09-01
2004-07-24
CVE-2002-0313
http://www.securityfocus.com/bid/4159
BID:4159
http://marc.info/?l=bugtraq&m=101440530023617&w=2
BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
http://online.securityfocus.com/archive/1/258365
BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006231.html
FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
http://www.iss.net/security_center/static/8249.php
XF:essentia-server-long-request-dos(8249)
CVE-2002-0314
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
2002-05-03
2016-10-17
CVE-2002-0314
http://www.securityfocus.com/bid/4122
BID:4122
http://marc.info/?l=bugtraq&m=101441689224760&w=2
BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.
http://www.iss.net/security_center/static/8273.php
XF:fasttrack-message-service-dos(8273)
CVE-2002-0315
fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.
2002-05-03
2016-10-17
CVE-2002-0315
http://www.securityfocus.com/bid/4121
BID:4121
http://marc.info/?l=bugtraq&m=101441689224760&w=2
BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.
http://www.iss.net/security_center/static/8272.php
XF:fasttrack-message-service-spoof(8272)
CVE-2002-0316
Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
2002-05-03
2021-04-29
CVE-2002-0316
http://www.securityfocus.com/bid/4167
BID:4167
http://marc.info/?l=bugtraq&m=101447886404876&w=2
BUGTRAQ:20020222 XMB cross-scripting vulnerability
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
MISC:https://docs.xmbforum2.com/index.php?title=Security_Issue_History
http://www.iss.net/security_center/static/8262.php
XF:xmb-php-css(8262)
CVE-2002-0317
Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.
2002-05-03
2016-10-17
CVE-2002-0317
http://www.securityfocus.com/bid/4161
BID:4161
http://marc.info/?l=bugtraq&m=101438671922874&w=2
BUGTRAQ:20020220 Gator installer Plugin allows any software to be installed
http://www.gator.com/update/
MISC:http://www.gator.com/update/
http://www.iss.net/security_center/static/8266.php
XF:gator-activex-install(8266)
CVE-2002-0318
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
2003-04-02
2003-03-19
CVE-2002-0318
http://marc.info/?l=bugtraq&m=101440113410083&w=2
BUGTRAQ:20020221 DoS Attack against many RADIUS servers
http://www.iss.net/security_center/static/9968.php
XF:freeradius-access-request-dos(9968)
CVE-2002-0319
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
2002-05-03
2016-10-17
CVE-2002-0319
http://www.securityfocus.com/bid/4165
BID:4165
http://marc.info/?l=bugtraq&m=101446366708757&w=2
BUGTRAQ:20020222 pforum: cross-site-scripting bug
http://www.iss.net/security_center/static/8263.php
XF:pforum-username-css(8263)
CVE-2002-0320
Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.
2002-05-03
2016-10-17
CVE-2002-0320
http://www.securityfocus.com/bid/4162
BID:4162
http://www.securityfocus.com/bid/4163
BID:4163
http://marc.info/?l=bugtraq&m=101439616623230&w=2
BUGTRAQ:20020221 Remote crashes in Yahoo messenger
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/419419
CERT-VN:VU#419419
http://www.kb.cert.org/vuls/id/887319
CERT-VN:VU#887319
http://www.iss.net/security_center/static/8265.php
XF:yahoo-messenger-imvironment-bo(8265)
http://www.iss.net/security_center/static/8264.php
XF:yahoo-messenger-message-bo(8264)
CVE-2002-0321
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
2002-05-03
2016-10-17
CVE-2002-0321
http://www.securityfocus.com/bid/4164
BID:4164
http://marc.info/?l=bugtraq&m=101439616623230&w=2
BUGTRAQ:20020221 Remote crashes in Yahoo messenger
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/952875
CERT-VN:VU#952875
http://www.iss.net/security_center/static/8267.php
XF:yahoo-messenger-username-spoof(8267)
CVE-2002-0322
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
2002-05-03
2016-10-17
CVE-2002-0322
http://www.securityfocus.com/bid/4173
BID:4173
http://marc.info/?l=bugtraq&m=101467298107635&w=2
BUGTRAQ:20020223 Re: Re: Remote crashes in Yahoo messenger
http://marc.info/?l=bugtraq&m=101466489113920&w=2
BUGTRAQ:20020223 Re: Remote crashes in Yahoo messenger
CVE-2002-0323
comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL.
2002-05-03
2016-10-17
CVE-2002-0323
http://marc.info/?l=bugtraq&m=101465709621105&w=2
BUGTRAQ:20020224 ScriptEase:WebServer Edition vulnerability
CVE-2002-0324
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
2002-05-03
2016-10-17
CVE-2002-0324
http://www.securityfocus.com/bid/4169
BID:4169
http://marc.info/?l=bugtraq&m=101465343308249&w=2
BUGTRAQ:20020224 Greymatter 1.21c and earlier - remote login/pass exposure
http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm
MISC:http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm
http://www.iss.net/security_center/static/8277.php
XF:greymatter-gmrightclick-account-information(8277)
CVE-2002-0325
Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.
2002-05-03
2016-10-17
CVE-2002-0325
http://www.securityfocus.com/bid/4179
BID:4179
http://marc.info/?l=bugtraq&m=101474689126219&w=2
BUGTRAQ:20020226 BadBlue Yet Another Directory Traversal
http://www.iss.net/security_center/static/8295.php
XF:badblue-dotdotdot-directory-traversal(8295)
CVE-2002-0326
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
2002-05-03
2016-10-17
CVE-2002-0326
http://www.securityfocus.com/bid/4180
BID:4180
http://marc.info/?l=bugtraq&m=101474387016066&w=2
BUGTRAQ:20020226 BadBlue XSS vulnerabilities / Filesharing Server Worm
http://www.iss.net/security_center/static/8294.php
XF:badblue-url-css(8294)
CVE-2002-0327
Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.
2002-05-03
2016-10-17
CVE-2002-0327
http://www.securityfocus.com/bid/4174
BID:4174
http://marc.info/?l=bugtraq&m=101477608215471&w=2
BUGTRAQ:20020227 Century Software Term Exploit
http://online.securityfocus.com/archive/82/257731
VULN-DEV:20020222 Censoft TERM Emu bOf
http://www.iss.net/security_center/static/8291.php
XF:term-tty-bo(8291)
CVE-2002-0328
Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag.
2002-05-03
2016-10-17
CVE-2002-0328
http://www.securityfocus.com/bid/4182
BID:4182
http://marc.info/?l=bugtraq&m=101475420818274&w=2
BUGTRAQ:20020226 Re: Open Bulletin Board javascript bug.
CVE-2002-0329
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
2003-04-02
2002-05-09
CVE-2002-0329
http://www.securityfocus.com/bid/4192
BID:4192
http://marc.info/?l=bugtraq&m=101485184605149&w=2
BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug.
http://online.securityfocus.com/archive/1/258981
BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
http://www.kb.cert.org/vuls/id/132011
CERT-VN:VU#132011
http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
http://www.iss.net/security_center/static/8309.php
XF:snitz-img-css(8309)
CVE-2002-0330
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
2003-04-02
2002-05-09
CVE-2002-0330
http://www.securityfocus.com/bid/4171
BID:4171
http://marc.info/?l=bugtraq&m=101466092601554&w=2
BUGTRAQ:20020225 Open Bulletin Board javascript bug.
http://community.iansoft.net/read.php?TID=5159
CONFIRM:http://community.iansoft.net/read.php?TID=5159
http://www.osvdb.org/5658
OSVDB:5658
http://www.iss.net/security_center/static/8278.php
XF:openbb-img-css(8278)
CVE-2002-0331
Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
2002-05-03
2016-10-17
CVE-2002-0331
http://www.securityfocus.com/bid/4198
BID:4198
http://marc.info/?l=bugtraq&m=101486044323352&w=2
BUGTRAQ:20020227 BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY
http://www.iss.net/security_center/static/8300.php
XF:bpm-http-directory-traversal(8300)
CVE-2002-0332
Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
2002-05-03
2016-10-17
CVE-2002-0332
http://www.securityfocus.com/bid/4193
BID:4193
http://marc.info/?l=bugtraq&m=101494896516467&w=2
BUGTRAQ:20020227 Remote exploit against xtelld and other fun
http://www.debian.org/security/2002/dsa-121
DEBIAN:DSA-121
http://www.iss.net/security_center/static/8312.php
XF:xtell-bo(8312)
CVE-2002-0333
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
2002-05-03
2016-10-17
CVE-2002-0333
http://www.securityfocus.com/bid/4194
BID:4194
http://marc.info/?l=bugtraq&m=101494896516467&w=2
BUGTRAQ:20020227 Remote exploit against xtelld and other fun
http://www.debian.org/security/2002/dsa-121
DEBIAN:DSA-121
http://www.iss.net/security_center/static/8313.php
XF:xtell-tty-directory-traversal(8313)
CVE-2002-0334
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.
2002-05-03
2016-10-17
CVE-2002-0334
http://www.securityfocus.com/bid/4197
BID:4197
http://marc.info/?l=bugtraq&m=101494896516467&w=2
BUGTRAQ:20020227 Remote exploit against xtelld and other fun
http://www.debian.org/security/2002/dsa-121
DEBIAN:DSA-121
http://www.iss.net/security_center/static/8314.php
XF:xtell-log-symlink(8314)
CVE-2002-0335
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.
2002-05-03
2016-10-17
CVE-2002-0335
http://www.securityfocus.com/bid/4186
BID:4186
http://marc.info/?l=bugtraq&m=101484128203523&w=2
BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup
http://www.iss.net/security_center/static/8298.php
XF:worldgroup-http-get-bo(8298)
CVE-2002-0336
Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.
2002-05-03
2016-10-17
CVE-2002-0336
http://www.securityfocus.com/bid/4185
BID:4185
http://marc.info/?l=bugtraq&m=101484128203523&w=2
BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup
http://www.iss.net/security_center/static/8297.php
XF:worldgroup-ftp-list-bo(8297)
CVE-2002-0337
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
2002-05-03
2016-10-17
CVE-2002-0337
http://www.securityfocus.com/bid/4200
BID:4200
http://marc.info/?l=bugtraq&m=101495354424868&w=2
BUGTRAQ:20020227 2K, with RealPlayer Installed 100 % CPU utilization
http://www.iss.net/security_center/static/8320.php
XF:realplayer-mp3-invalid-dos(8320)
CVE-2002-0338
The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.
2002-05-03
2016-10-17
CVE-2002-0338
http://www.securityfocus.com/bid/4187
BID:4187
http://marc.info/?l=bugtraq&m=101483832026841&w=2
BUGTRAQ:20020227 SECURITY.NNOV: Special device access in The Bat!
http://www.iss.net/security_center/static/8303.php
XF:thebat-msdos-device-dos(8303)
CVE-2002-0339
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
2003-04-02
2009-03-01
CVE-2002-0339
http://www.securityfocus.com/bid/4191
BID:4191
http://www.kb.cert.org/vuls/id/310387
CERT-VN:VU#310387
http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
http://www.osvdb.org/806
OSVDB:806
http://www.iss.net/security_center/static/8296.php
XF:ios-cef-information-leak(8296)
CVE-2002-0340
Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.
2002-05-03
2016-10-17
CVE-2002-0340
http://marc.info/?l=bugtraq&m=101447771102582&w=2
BUGTRAQ:20020222 Windows Media Player executes WMF content in .MP3 files.
CVE-2002-0341
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
2002-05-03
2016-10-17
CVE-2002-0341
http://marc.info/?l=bugtraq&m=101494830315071&w=2
BUGTRAQ:20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability
CVE-2002-0342
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
2002-05-03
2016-10-17
CVE-2002-0342
http://www.securityfocus.com/bid/4177
BID:4177
http://marc.info/?l=bugtraq&m=101475683425671&w=2
BUGTRAQ:20020226 BUG: Kmail client DoS
http://www.iss.net/security_center/static/8283.php
XF:kmail-message-body-dos(8283)
CVE-2002-0343
Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords.
2002-05-03
2016-10-17
CVE-2002-0343
http://www.securityfocus.com/bid/4210
BID:4210
http://marc.info/?l=bugtraq&m=101495128121299&w=2
BUGTRAQ:20020228 Hotline Client Plain password vuln.
http://www.iss.net/security_center/static/8327.php
XF:hotline-connect-plaintext-password(8327)
CVE-2002-0344
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
2002-05-03
2016-10-17
CVE-2002-0344
http://www.securityfocus.com/bid/4170
BID:4170
http://marc.info/?l=bugtraq&m=101466781122312&w=2
BUGTRAQ:20020225 Symantec LiveUpdate
http://marc.info/?l=bugtraq&m=101496301307285&w=2
BUGTRAQ:20020228 Re: "Javier Sanchez" jsanchez157@hotmail.com 02/25/2002 11:14 AM, Symantec
http://www.iss.net/security_center/static/8282.php
XF:nav-liveupdate-plaintext-account(8282)
CVE-2002-0345
Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
2002-05-03
2016-10-17
CVE-2002-0345
http://www.securityfocus.com/bid/4181
BID:4181
http://online.securityfocus.com/archive/1/258293
BUGTRAQ:20020226 RE: Symantec LiveUpdate
http://marc.info/?l=bugtraq&m=101529792821615&w=2
BUGTRAQ:20020301 Re: "Peter Miller" pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE: Symantec
http://www.iss.net/security_center/static/8305.php
XF:ghost-plaintext-account(8305)
CVE-2002-0346
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
2002-05-03
2016-10-17
CVE-2002-0346
http://www.securityfocus.com/bid/4211
BID:4211
http://marc.info/?l=bugtraq&m=101495944202452&w=2
BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
http://www.iss.net/security_center/static/8321.php
XF:cobalt-raq-css(8321)
CVE-2002-0347
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
2002-05-03
2016-10-17
CVE-2002-0347
http://www.securityfocus.com/bid/4208
BID:4208
http://marc.info/?l=bugtraq&m=101495944202452&w=2
BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
http://www.iss.net/security_center/static/8322.php
XF:cobalt-raq-directory-traversal(8322)
CVE-2002-0348
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
2002-05-03
2016-10-17
CVE-2002-0348
http://www.securityfocus.com/bid/4209
BID:4209
http://marc.info/?l=bugtraq&m=101495944202452&w=2
BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
http://www.iss.net/security_center/static/8323.php
XF:cobalt-raq-service-dos(8323)
CVE-2002-0349
Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.
2002-05-03
2016-10-17
CVE-2002-0349
http://www.securityfocus.com/bid/4207
BID:4207
http://marc.info/?l=bugtraq&m=101494587110288&w=2
BUGTRAQ:20020228 ... Tiny Personal Firewall ...
http://www.iss.net/security_center/static/8324.php
XF:tinyfw-popup-gain-access(8324)
CVE-2002-0350
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
2002-05-03
2016-10-17
CVE-2002-0350
http://www.securityfocus.com/bid/4212
BID:4212
http://marc.info/?l=bugtraq&m=101500123900612&w=2
BUGTRAQ:20020301 DoS on HP ProCurve 4000M switch (possibly others)
http://www.iss.net/security_center/static/8329.php
XF:hp-procurve-portscan-dos(8329)
CVE-2002-0351
Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code.
2002-05-03
2002-05-09
CVE-2002-0351
http://www.securityfocus.com/bid/4219
BID:4219
http://www.debian.org/security/2002/dsa-116
DEBIAN:DSA-116
http://www.iss.net/security_center/static/8330.php
XF:cfs-bo(8330)
CVE-2002-0352
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
2002-05-03
2016-10-17
CVE-2002-0352
http://www.securityfocus.com/bid/4226
BID:4226
http://marc.info/?l=bugtraq&m=101508207206900&w=2
BUGTRAQ:20020302 Phorum Discussion Board Security Bug (Email Disclosure)
http://www.iss.net/security_center/static/8344.php
XF:phorum-admin-users-information(8344)
CVE-2002-0353
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.
2002-05-03
2002-08-16
CVE-2002-0353
http://www.securityfocus.com/bid/4604
BID:4604
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474
CONECTIVA:CLA-2002:474
http://www.ethereal.com/appnotes/enpa-sa-00003.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00003.html
http://www.debian.org/security/2002/dsa-130
DEBIAN:DSA-130
http://www.redhat.com/support/errata/RHSA-2002-088.html
REDHAT:RHSA-2002:088
http://www.iss.net/security_center/static/8952.php
XF:ethereal-asn1-dos(8952)
CVE-2002-0354
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
2002-05-03
2016-10-17
CVE-2002-0354
http://marc.info/?l=bugtraq&m=102017952204097&w=2
BUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)
http://marc.info/?l=ntbugtraq&m=102020343728766&w=2
NTBUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)
CVE-2002-0355
netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.
2003-04-02
2002-06-11
CVE-2002-0355
http://www.securityfocus.com/bid/4682
BID:4682
ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I
SGI:20020503-01-I
http://www.iss.net/security_center/static/9023.php
XF:irix-netstat-file-existence(9023)
CVE-2002-0356
Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.
2003-04-02
2003-03-19
CVE-2002-0356
http://www.securityfocus.com/bid/4706
BID:4706
ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I
SGI:20020504-01-I
http://www.iss.net/security_center/static/9042.php
XF:irix-fsrxfs-gain-privileges(9042)
CVE-2002-0357
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.
2004-09-01
2003-03-19
CVE-2002-0357
http://www.securityfocus.com/bid/4939
BID:4939
http://www.kb.cert.org/vuls/id/430419
CERT-VN:VU#430419
http://www.ciac.org/ciac/bulletins/m-087.shtml
CIAC:M-087
http://www.osvdb.org/834
OSVDB:834
ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P
SGI:20020601-01-P
http://www.iss.net/security_center/static/9261.php
XF:irix-rpcpasswd-gain-privileges(9261)
CVE-2002-0358
MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges.
2003-04-02
2003-03-19
CVE-2002-0358
http://www.securityfocus.com/bid/4959
BID:4959
ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I
SGI:20020602-01-I
http://www.iss.net/security_center/static/9292.php
XF:irix-mediamail-core-dump(9292)
CVE-2002-0359
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.
2003-04-02
2003-03-19
CVE-2002-0359
http://www.securityfocus.com/bid/5072
BID:5072
http://marc.info/?l=bugtraq&m=102459162909825&w=2
BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
http://www.kb.cert.org/vuls/id/521147
CERT-VN:VU#521147
ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
SGI:20020606-01-I
http://www.iss.net/security_center/static/9401.php
XF:irix-xfsmd-bypass-authentication(9401)
CVE-2002-0360
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program.
2002-05-21
2016-10-17
CVE-2002-0360
http://www.securityfocus.com/bid/4784
BID:4784
http://marc.info/?l=bugtraq&m=102198846905064&w=2
BUGTRAQ:20020520 eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability
http://www.eSecurityOnline.com/advisories/eSO5063.asp
MISC:http://www.eSecurityOnline.com/advisories/eSO5063.asp
http://marc.info/?l=vulnwatch&m=102194510509450&w=2
VULNWATCH:20020520 [VulnWatch] eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability
http://www.iss.net/security_center/static/9117.php
XF:sun-answerbook2-gettransbitmap-bo(9117)
CVE-2002-0361
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0361
CVE-2002-0362
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.
2004-09-01
2004-07-24
CVE-2002-0362
http://www.securityfocus.com/bid/4677
BID:4677
http://marc.info/?l=bugtraq&m=102071080509955&w=2
BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2
VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2
http://www.iss.net/security_center/static/9017.php
XF:aim-addexternalapp-bo(9017)
CVE-2002-0363
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
2003-04-02
2002-08-16
CVE-2002-0363
http://www.securityfocus.com/bid/4937
BID:4937
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt
CALDERA:CSSA-2002-026.0
http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
http://www.redhat.com/support/errata/RHSA-2002-083.html
REDHAT:RHSA-2002:083
http://www.redhat.com/support/errata/RHSA-2002-123.html
REDHAT:RHSA-2002:123
http://www.redhat.com/support/errata/RHSA-2003-209.html
REDHAT:RHSA-2003:209
http://www.iss.net/security_center/static/9254.php
XF:ghostscript-postscript-command-execution(9254)
CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
2003-04-02
2003-03-19
CVE-2002-0364
http://www.securityfocus.com/bid/4855
BID:4855
http://marc.info/?l=bugtraq&m=102392069305962&w=2
BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
http://online.securityfocus.com/archive/1/276767
BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
http://www.kb.cert.org/vuls/id/313819
CERT-VN:VU#313819
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028
MS:MS02-028
http://marc.info/?l=ntbugtraq&m=102392308608100&w=2
NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182
OVAL:oval:org.mitre.oval:def:182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29
OVAL:oval:org.mitre.oval:def:29
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
VULNWATCH:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
http://www.iss.net/security_center/static/9327.php
XF:iis-htr-chunked-encoding-bo(9327)
CVE-2002-0365
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0365
CVE-2002-0366
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
2003-04-02
2003-03-19
CVE-2002-0366
http://www.securityfocus.com/bid/4852
BID:4852
http://online.securityfocus.com/archive/1/276776
BUGTRAQ:20020613 Microsoft RASAPI32.DLL
http://online.securityfocus.com/archive/1/278145
BUGTRAQ:20020620 VPN and Q318138
http://www.nextgenss.com/vna/ms-ras.txt
MISC:http://www.nextgenss.com/vna/ms-ras.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-029
MS:MS02-029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A61
OVAL:oval:org.mitre.oval:def:61
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A63
OVAL:oval:org.mitre.oval:def:63
CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
2003-04-02
2002-06-11
CVE-2002-0367
http://www.securityfocus.com/bid/4287
BID:4287
http://www.securityfocus.com/archive/1/262074
BUGTRAQ:20020314 Fwd: DebPloit (exploit)
http://www.securityfocus.com/archive/1/264441
BUGTRAQ:20020326 Re: DebPloit (exploit)
http://www.securityfocus.com/archive/1/264927
BUGTRAQ:20020327 Local Security Vulnerability in Windows NT and Windows 2000
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
MS:MS02-024
http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
NTBUGTRAQ:20020314 DebPloit (exploit)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
OVAL:oval:org.mitre.oval:def:158
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
OVAL:oval:org.mitre.oval:def:76
http://www.iss.net/security_center/static/8462.php
XF:win-debug-duplicate-handles(8462)
CVE-2002-0368
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
2003-04-02
2003-03-19
CVE-2002-0368
http://www.securityfocus.com/bid/4881
BID:4881
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-025
MS:MS02-025
http://www.iss.net/security_center/static/9195.php
XF:exchange-msg-attribute-dos(9195)
CVE-2002-0369
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
2003-04-02
2003-03-19
CVE-2002-0369
http://www.securityfocus.com/bid/4958
BID:4958
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-026
MS:MS02-026
http://www.iss.net/security_center/static/9276.php
XF:ms-aspdotnet-stateserver-bo(9276)
CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
2002-10-05
2018-10-12
CVE-2002-0370
http://www.securityfocus.com/bid/5873
BID:5873
http://marc.info/?l=bugtraq&m=103428193409223&w=2
BUGTRAQ:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
http://www.kb.cert.org/vuls/id/383779
CERT-VN:VU#383779
http://www.info-zip.org/FAQ.html
CONFIRM:http://www.info-zip.org/FAQ.html
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054
MS:MS02-054
http://securityreason.com/securityalert/587
SREASON:587
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
VULNWATCH:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
http://www.iss.net/security_center/static/10251.php
XF:win-zip-decompression-bo(10251)
CVE-2002-0371
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
2002-06-15
2018-10-12
CVE-2002-0371
http://www.securityfocus.com/bid/4930
BID:4930
http://marc.info/?l=bugtraq&m=102320516707940&w=2
BUGTRAQ:20020604 Buffer overflow in MSIE gopher code
http://online.securityfocus.com/archive/1/276848
BUGTRAQ:20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70
http://marc.info/?l=bugtraq&m=102397955217618&w=2
BUGTRAQ:20020613 Microsoft releases critical fix that breaks their own software!
http://www.kb.cert.org/vuls/id/440275
CERT-VN:VU#440275
http://www.pivx.com/workaround_fail.html
MISC:http://www.pivx.com/workaround_fail.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-027
MS:MS02-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A98
OVAL:oval:org.mitre.oval:def:98
http://www.iss.net/security_center/static/9247.php
XF:ie-gopher-bo(9247)
CVE-2002-0372
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
2003-04-02
2003-03-19
CVE-2002-0372
http://www.securityfocus.com/bid/5107
BID:5107
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
MS:MS02-032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A281
OVAL:oval:org.mitre.oval:def:281
http://www.iss.net/security_center/static/9420.php
XF:mediaplayer-cache-code-execution(9420)
CVE-2002-0373
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
2003-04-02
2003-03-19
CVE-2002-0373
http://www.securityfocus.com/bid/5109
BID:5109
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
MS:MS02-032
http://www.iss.net/security_center/static/9421.php
XF:mediaplayer-wmdm-privilege-elevation(9421)
CVE-2002-0374
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
2003-04-02
2002-08-16
CVE-2002-0374
http://www.securityfocus.com/bid/4679
BID:4679
BUGTRAQ:20020506 ldap vulnerabilities
http://marc.info/?l=bugtraq&m=103601912505261&w=2
BUGTRAQ:20021030 GLSA: pam_ldap
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt
CALDERA:CSSA-2002-041.0
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
MANDRAKE:MDKSA-2002:075
http://www.redhat.com/support/errata/RHSA-2002-084.html
REDHAT:RHSA-2002:084
http://www.redhat.com/support/errata/RHSA-2002-141.html
REDHAT:RHSA-2002:141
http://www.redhat.com/support/errata/RHSA-2002-175.html
REDHAT:RHSA-2002:175
http://www.redhat.com/support/errata/RHSA-2002-180.html
REDHAT:RHSA-2002:180
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
VULNWATCH:20020506 ldap vulnerabilities
http://www.iss.net/security_center/static/9018.php
XF:pamldap-config-format-string(9018)
CVE-2002-0375
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
2002-05-09
2017-07-10
CVE-2002-0375
http://marc.info/?l=bugtraq&m=102107488402057&w=2
BUGTRAQ:20020510 Fix available for Sgdynamo
http://www.osvdb.org/3458
OSVDB:3458
http://marc.info/?l=vuln-dev&m=101908986415768&w=2
VULN-DEV:20020417 Smalls holes on 5 products #1
https://exchange.xforce.ibmcloud.com/vulnerabilities/9830
XF:sgdynamo-htname-parameter-xss(9830)
CVE-2002-0376
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field.
2004-09-01
2003-01-10
CVE-2002-0376
http://www.atstake.com/research/advisories/2002/a091002-1.txt
ATSTAKE:A091002-1
http://www.securityfocus.com/bid/5685
BID:5685
http://online.securityfocus.com/archive/1/293095
BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory
http://www.iss.net/security_center/static/10077.php
XF:quicktime-activex-pluginspage-bo(10077)
CVE-2002-0377
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
2003-04-02
2003-03-19
CVE-2002-0377
http://www.securityfocus.com/bid/4730
BID:4730
http://marc.info/?l=bugtraq&m=102130733815285&w=2
BUGTRAQ:20020512 Gaim abritary Email Reading
http://gaim.sourceforge.net/ChangeLog
CONFIRM:http://gaim.sourceforge.net/ChangeLog
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html
VULN-DEV:20020511 Gaim abritary Email Reading
http://www.iss.net/security_center/static/9061.php
XF:gaim-email-access(9061)
CVE-2002-0378
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
2002-06-15
2002-08-16
CVE-2002-0378
http://www.securityfocus.com/bid/4980
BID:4980
http://online.securityfocus.com/advisories/4205
HP:HPSBTL0206-048
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-042.php
MANDRAKE:MDKSA-2002:042
http://www.redhat.com/support/errata/RHSA-2002-089.html
REDHAT:RHSA-2002:089
http://www.iss.net/security_center/static/9322.php
XF:lprng-remote-jobs-dos(9322)
CVE-2002-0379
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
2003-04-02
2007-10-13
CVE-2002-0379
http://www.securityfocus.com/bid/4713
BID:4713
http://marc.info/?l=bugtraq&m=102107222100529&w=2
BUGTRAQ:20020510 wu-imap buffer overflow condition
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
CALDERA:CSSA-2002-021.0
http://www.kb.cert.org/vuls/id/961489
CERT-VN:VU#961489
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
CONECTIVA:CLA-2002:487
http://www.washington.edu/imap/buffer.html
CONFIRM:http://www.washington.edu/imap/buffer.html
http://www.linuxsecurity.com/advisories/other_advisory-2120.html
ENGARDE:ESA-20020607-013
http://online.securityfocus.com/advisories/4167
HP:HPSBTL0205-043
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
MANDRAKE:MDKSA-2002:034
http://www.redhat.com/support/errata/RHSA-2002-092.html
REDHAT:RHSA-2002:092
https://exchange.xforce.ibmcloud.com/vulnerabilities/10803
XF:wuimapd-authenticated-user-bo(10803)
http://www.iss.net/security_center/static/9055.php
XF:wuimapd-partial-mailbox-bo(9055)
CVE-2002-0380
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
2004-09-01
2004-08-17
CVE-2002-0380
http://www.securityfocus.com/bid/4890
BID:4890
http://marc.info/?l=bugtraq&m=102339541014226&w=2
BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
CALDERA:CSSA-2002-025.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491
CONECTIVA:CLA-2002:491
http://www.debian.org/security/2003/dsa-255
DEBIAN:DSA-255
http://marc.info/?l=bugtraq&m=102650721503642&w=2
FREEBSD:FreeBSD-SA-02:29
http://online.securityfocus.com/advisories/4169
HP:HPSBTL0205-044
http://www.redhat.com/support/errata/RHSA-2002-094.html
REDHAT:RHSA-2002:094
http://www.redhat.com/support/errata/RHSA-2002-121.html
REDHAT:RHSA-2002:121
http://www.redhat.com/support/errata/RHSA-2003-214.html
REDHAT:RHSA-2003:214
http://www.iss.net/security_center/static/9216.php
XF:tcpdump-nfs-bo(9216)
CVE-2002-0381
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
2003-04-02
2002-06-11
CVE-2002-0381
http://www.securityfocus.com/bid/4309
BID:4309
http://online.securityfocus.com/archive/1/262733
BUGTRAQ:20020317 TCP Connections to a Broadcast Address on BSD-Based Systems
http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022
MISC:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022
http://www.osvdb.org/5308
OSVDB:5308
ftp://patches.sgi.com/support/free/security/advisories/20030604-01-I
SGI:20030604-01-I
http://www.iss.net/security_center/static/8485.php
XF:bsd-broadcast-address(8485)
CVE-2002-0382
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.
2003-04-02
2003-03-19
CVE-2002-0382
http://www.securityfocus.com/bid/4376
BID:4376
http://marc.info/?l=bugtraq&m=101725430425490&w=2
BUGTRAQ:20020327 Xchat /dns command execution vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526
CONECTIVA:CLA-2002:526
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php
MANDRAKE:MDKSA-2002:051
http://www.redhat.com/support/errata/RHSA-2002-097.html
REDHAT:RHSA-2002:097
http://www.redhat.com/support/errata/RHSA-2002-124.html
REDHAT:RHSA-2002:124
http://www.iss.net/security_center/static/8704.php
XF:xchat-dns-execute-commands(8704)
CVE-2002-0383
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0383
CVE-2002-0384
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
2004-09-01
2004-08-17
CVE-2002-0384
http://www.securityfocus.com/bid/5406
BID:5406
http://online.securityfocus.com/advisories/4358
HP:HPSBTL0208-057
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054
MANDRAKE:MDKSA-2002:054
http://www.osvdb.org/3729
OSVDB:3729
http://www.redhat.com/support/errata/RHSA-2002-098.html
REDHAT:RHSA-2002:098
http://www.redhat.com/support/errata/RHSA-2002-107.html
REDHAT:RHSA-2002:107
http://www.redhat.com/support/errata/RHSA-2002-122.html
REDHAT:RHSA-2002:122
http://www.redhat.com/support/errata/RHSA-2003-156.html
REDHAT:RHSA-2003:156
http://www.iss.net/security_center/static/9766.php
XF:gaim-jabber-module-bo(9766)
CVE-2002-0385
Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.
2004-04-16
2017-07-10
CVE-2002-0385
http://www.atstake.com/research/advisories/2003/a040703-1.txt
ATSTAKE:A040703-1
http://www.securityfocus.com/bid/7296
BID:7296
https://exchange.xforce.ibmcloud.com/vulnerabilities/11725
XF:storyserver-tcl-information-disclosure(11725)
CVE-2002-0386
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
2002-10-29
2005-06-09
CVE-2002-0386
http://www.atstake.com/research/advisories/2002/a102802-1.txt
ATSTAKE:A102802-1
http://www.securityfocus.com/bid/5902
BID:5902
http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf
http://www.iss.net/security_center/static/10284.php
XF:oracle-appserver-webcachemanager-dos(10284)
CVE-2002-0387
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.
2004-09-01
2007-11-12
CVE-2002-0387
http://www.atstake.com/research/advisories/2003/a031303-1.txt
ATSTAKE:A031303-1
http://www.securityfocus.com/bid/7082
BID:7082
http://www.ciac.org/ciac/bulletins/n-064.shtml
CIAC:N-064
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022
SUNALERT:52022
https://exchange.xforce.ibmcloud.com/vulnerabilities/11529
XF:sunone-gxnsapi6-bo(11529)
CVE-2002-0388
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
2002-05-31
2009-07-15
CVE-2002-0388
http://www.securityfocus.com/bid/4826
BID:4826
http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html
CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html
CVE-2002-0389
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
2003-04-02
2003-03-24
CVE-2002-0389
http://www.securityfocus.com/bid/4538
BID:4538
http://marc.info/?l=bugtraq&m=101902003314968&w=2
BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability
http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
http://rhn.redhat.com/errata/RHSA-2015-1417.html
REDHAT:RHSA-2015:1417
http://www.iss.net/security_center/static/8874.php
XF:pipermail-view-archives(8874)
CVE-2002-0390
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2019-07-21
2019-07-21
CVE-2002-0390
CVE-2002-0391
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
2003-04-02
2003-03-19
CVE-2002-0391
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
AIXAPAR:IY34194
http://www.securityfocus.com/bid/5356
BID:5356
http://marc.info/?l=bugtraq&m=102813809232532&w=2
BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
http://marc.info/?l=bugtraq&m=102821785316087&w=2
BUGTRAQ:20020801 RPC analysis
http://marc.info/?l=bugtraq&m=102831443208382&w=2
BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin
http://online.securityfocus.com/archive/1/285740
BUGTRAQ:20020802 kerberos rpc xdr_array
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
http://marc.info/?l=bugtraq&m=103158632831416&w=2
BUGTRAQ:20020909 GLSA: glibc
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
CALDERA:CSSA-2002-055.0
http://www.cert.org/advisories/CA-2002-25.html
CERT:CA-2002-25
http://www.kb.cert.org/vuls/id/192995
CERT-VN:VU#192995
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
CONECTIVA:CLA-2002:515
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
CONECTIVA:CLA-2002:535
http://www.debian.org/security/2002/dsa-142
DEBIAN:DSA-142
http://www.debian.org/security/2002/dsa-143
DEBIAN:DSA-143
http://www.debian.org/security/2002/dsa-146
DEBIAN:DSA-146
http://www.debian.org/security/2002/dsa-149
DEBIAN:DSA-149
http://www.debian.org/security/2003/dsa-333
DEBIAN:DSA-333
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
ENGARDE:ESA-20021003-021
http://marc.info/?l=bugtraq&m=102821928418261&w=2
FREEBSD:FreeBSD-SA-02:34.rpc
http://online.securityfocus.com/advisories/4402
HP:HPSBTL0208-061
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
HP:HPSBUX0209-215
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
MANDRAKE:MDKSA-2002:057
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
MS:MS02-057
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
NETBSD:NetBSD-SA2002-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
OVAL:oval:org.mitre.oval:def:42
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
OVAL:oval:org.mitre.oval:def:4728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
OVAL:oval:org.mitre.oval:def:9
http://rhn.redhat.com/errata/RHSA-2002-166.html
REDHAT:RHSA-2002:166
http://www.redhat.com/support/errata/RHSA-2002-167.html
REDHAT:RHSA-2002:167
http://rhn.redhat.com/errata/RHSA-2002-172.html
REDHAT:RHSA-2002:172
http://www.redhat.com/support/errata/RHSA-2002-173.html
REDHAT:RHSA-2002:173
http://www.redhat.com/support/errata/RHSA-2003-168.html
REDHAT:RHSA-2003:168
http://www.redhat.com/support/errata/RHSA-2003-212.html
REDHAT:RHSA-2003:212
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
SGI:20020801-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
SGI:20020801-01-P
SUSE:SuSE-SA:2002:031
http://www.iss.net/security_center/static/9170.php
XF:sunrpc-xdr-array-bo(9170)
CVE-2002-0392
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
2003-04-02
2021-06-06
CVE-2002-0392
http://www.securityfocus.com/bid/20005
BID:20005
http://www.securityfocus.com/bid/5033
BID:5033
BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server
BUGTRAQ:20020618 Fixed version of Apache 1.3 available
BUGTRAQ:20020619 Implications of Apache vuln for Oracle
BUGTRAQ:20020619 Remote Apache 1.3.x Exploit
http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
BUGTRAQ:20020620 Apache Exploit
BUGTRAQ:20020620 TSLSA-2002-0056 - apache
http://online.securityfocus.com/archive/1/278149
BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
BUGTRAQ:20020622 Ending a few arguments with one simple attachment.
BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
CALDERA:CSSA-2002-029.0
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
CALDERA:CSSA-2002-SCO.31
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
CALDERA:CSSA-2002-SCO.32
http://www.cert.org/advisories/CA-2002-17.html
CERT:CA-2002-17
http://www.kb.cert.org/vuls/id/944335
CERT-VN:VU#944335
COMPAQ:SSRT2253
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
CONECTIVA:CLSA-2002:498
http://httpd.apache.org/info/security_bulletin_20020617.txt
CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt
http://www.debian.org/security/2002/dsa-131
DEBIAN:DSA-131
http://www.debian.org/security/2002/dsa-132
DEBIAN:DSA-132
http://www.debian.org/security/2002/dsa-133
DEBIAN:DSA-133
http://www.linuxsecurity.com/advisories/other_advisory-2137.html
ENGARDE:ESA-20020619-014
http://www.frsirt.com/english/advisories/2006/3598
FRSIRT:ADV-2006-3598
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
HP:HPSBMA02149
http://online.securityfocus.com/advisories/4240
HP:HPSBTL0206-049
http://online.securityfocus.com/advisories/4257
HP:HPSBUX0207-197
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
HP:SSRT050968
ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
MANDRAKE:MDKSA-2002:039
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.osvdb.org/838
OSVDB:838
http://rhn.redhat.com/errata/RHSA-2002-103.html
REDHAT:RHSA-2002:103
http://rhn.redhat.com/errata/RHSA-2002-117.html
REDHAT:RHSA-2002:117
http://rhn.redhat.com/errata/RHSA-2002-118.html
REDHAT:RHSA-2002:118
http://www.redhat.com/support/errata/RHSA-2002-126.html
REDHAT:RHSA-2002:126
http://www.redhat.com/support/errata/RHSA-2002-150.html
REDHAT:RHSA-2002:150
http://www.redhat.com/support/errata/RHSA-2003-106.html
REDHAT:RHSA-2003:106
http://secunia.com/advisories/21917
SECUNIA:21917
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
SGI:20020605-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
SGI:20020605-01-I
http://www.novell.com/linux/security/advisories/2002_22_apache.html
SUSE:SuSE-SA:2002:022
VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding
http://www.iss.net/security_center/static/9249.php
XF:apache-chunked-encoding-bo(9249)
CVE-2002-0393
Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.
2002-06-11
2017-07-10
CVE-2002-0393
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
http://www.securityfocus.com/bid/4942
BID:4942
https://exchange.xforce.ibmcloud.com/vulnerabilities/9262
XF:redm-1050ap-web-dos(9262)
CVE-2002-0394
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.
2003-04-02
2003-03-24
CVE-2002-0394
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
http://www.iss.net/security_center/static/9263.php
XF:redm-1050ap-insecure-passwords(9263)
CVE-2002-0395
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
2004-09-01
2004-07-24
CVE-2002-0395
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/9264
XF:redm-1050ap-tftp-bruteforce(9264)
CVE-2002-0396
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.
2004-09-01
2004-07-24
CVE-2002-0396
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
http://www.securityfocus.com/bid/4940
BID:4940
https://exchange.xforce.ibmcloud.com/vulnerabilities/9265
XF:redm-1050ap-insecure-session(9265)
CVE-2002-0397
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
2004-09-01
2004-07-24
CVE-2002-0397
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/9266
XF:redm-1050ap-device-existence(9266)
CVE-2002-0398
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.
2004-09-01
2004-07-24
CVE-2002-0398
http://www.atstake.com/research/advisories/2002/a060502-1.txt
ATSTAKE:A060502-1
http://www.securityfocus.com/bid/4943
BID:4943
https://exchange.xforce.ibmcloud.com/vulnerabilities/9267
XF:redm-1050ap-ppp-dos(9267)
CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
2002-10-01
2018-10-19
CVE-2002-0399
http://www.securityfocus.com/bid/5834
BID:5834
http://marc.info/?l=bugtraq&m=103419290219680&w=2
BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
http://www.securityfocus.com/archive/1/477731/100/0/threaded
BUGTRAQ:20070825 rPSA-2007-0172-1 tar
http://www.securityfocus.com/archive/1/477865/100/0/threaded
BUGTRAQ:20070827 FLEA-2007-0049-1 tar
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
CONECTIVA:CLA-2002:538
https://issues.rpath.com/browse/RPL-1631
CONFIRM:https://issues.rpath.com/browse/RPL-1631
http://www.linuxsecurity.com/advisories/other_advisory-2400.html
ENGARDE:ESA-20021003-022
http://www.mandriva.com/security/advisories?name=MDKSA-2002:066
MANDRAKE:MDKSA-2002:066
http://www.redhat.com/support/errata/RHSA-2002-096.html
REDHAT:RHSA-2002:096
http://secunia.com/advisories/19130
SECUNIA:19130
http://secunia.com/advisories/26604
SECUNIA:26604
http://secunia.com/advisories/26673
SECUNIA:26673
http://secunia.com/advisories/26987
SECUNIA:26987
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
SUNALERT:1000928
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
SUNALERT:47800
http://www.novell.com/linux/security/advisories/2006_05_sr.html
SUSE:SUSE-SR:2006:005
http://www.novell.com/linux/security/advisories/2007_19_sr.html
SUSE:SUSE-SR:2007:019
http://www.iss.net/security_center/static/10224.php
XF:archive-extraction-directory-traversal(10224)
CVE-2002-0400
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
2004-09-01
2004-08-17
CVE-2002-0400
http://www.securityfocus.com/bid/4936
BID:4936
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
CALDERA:CSSA-2002-SCO.24
http://www.cert.org/advisories/CA-2002-15.html
CERT:CA-2002-15
http://www.kb.cert.org/vuls/id/739123
CERT-VN:VU#739123
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
CONECTIVA:CLA-2002:494
http://www.isc.org/index.pl?/sw/bind/bind-security.php
CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
HP:HPSBUX0207-202
ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
MANDRAKE:MDKSA-2002:038
http://www.redhat.com/support/errata/RHSA-2002-105.html
REDHAT:RHSA-2002:105
http://www.redhat.com/support/errata/RHSA-2002-119.html
REDHAT:RHSA-2002:119
http://www.redhat.com/support/errata/RHSA-2003-154.html
REDHAT:RHSA-2003:154
http://www.novell.com/linux/security/advisories/2002_21_bind9.html
SUSE:SuSE-SA:2002:021
http://www.iss.net/security_center/static/9250.php
XF:bind-findtype-dos(9250)
CVE-2002-0401
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
2003-04-02
2003-03-20
CVE-2002-0401
http://www.securityfocus.com/bid/4806
BID:4806
http://marc.info/?l=bugtraq&m=102268626526119&w=2
BUGTRAQ:20020529 Potential security issues in Ethereal
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
CALDERA:CSSA-2002-037.0
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
CONECTIVA:CLSA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00004.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.debian.org/security/2002/dsa-130
DEBIAN:DSA-130
http://www.redhat.com/support/errata/RHSA-2002-036.html
REDHAT:RHSA-2002:036
http://www.redhat.com/support/errata/RHSA-2002-088.html
REDHAT:RHSA-2002:088
http://www.iss.net/security_center/static/9204.php
XF:ethereal-smb-dissector-dos(9204)
CVE-2002-0402
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.
2003-04-02
2003-03-20
CVE-2002-0402
http://www.securityfocus.com/bid/4805
BID:4805
http://marc.info/?l=bugtraq&m=102268626526119&w=2
BUGTRAQ:20020529 Potential security issues in Ethereal
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
CALDERA:CSSA-2002-037.0
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
CONECTIVA:CLSA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00004.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.debian.org/security/2002/dsa-130
DEBIAN:DSA-130
http://www.redhat.com/support/errata/RHSA-2002-036.html
REDHAT:RHSA-2002:036
http://www.redhat.com/support/errata/RHSA-2002-088.html
REDHAT:RHSA-2002:088
http://www.redhat.com/support/errata/RHSA-2002-170.html
REDHAT:RHSA-2002:170
http://www.iss.net/security_center/static/9203.php
XF:ethereal-x11-dissector-bo(9203)
CVE-2002-0403
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
2003-04-02
2003-03-20
CVE-2002-0403
http://www.securityfocus.com/bid/4807
BID:4807
http://marc.info/?l=bugtraq&m=102268626526119&w=2
BUGTRAQ:20020529 Potential security issues in Ethereal
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
CALDERA:CSSA-2002-037.0
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
CONECTIVA:CLSA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00004.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.debian.org/security/2002/dsa-130
DEBIAN:DSA-130
http://www.redhat.com/support/errata/RHSA-2002-036.html
REDHAT:RHSA-2002:036
http://www.redhat.com/support/errata/RHSA-2002-088.html
REDHAT:RHSA-2002:088
http://www.redhat.com/support/errata/RHSA-2002-170.html
REDHAT:RHSA-2002:170
http://www.iss.net/security_center/static/9205.php
XF:ethereal-dns-dissector-dos(9205)
CVE-2002-0404
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
2003-04-02
2003-03-20
CVE-2002-0404
http://www.securityfocus.com/bid/4808
BID:4808
http://marc.info/?l=bugtraq&m=102268626526119&w=2
BUGTRAQ:20020529 Potential security issues in Ethereal
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
CALDERA:CSSA-2002-037.0
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
CONECTIVA:CLSA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00004.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.debian.org/security/2002/dsa-130
DEBIAN:DSA-130
http://www.redhat.com/support/errata/RHSA-2002-036.html
REDHAT:RHSA-2002:036
http://www.redhat.com/support/errata/RHSA-2002-088.html
REDHAT:RHSA-2002:088
http://www.redhat.com/support/errata/RHSA-2002-170.html
REDHAT:RHSA-2002:170
http://www.iss.net/security_center/static/9206.php
XF:ethereal-giop-dissector-dos(9206)
CVE-2002-0405
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
2002-06-11
2017-12-18
CVE-2002-0405
http://www.securityfocus.com/bid/4864
BID:4864
http://online.securityfocus.com/archive/1/274279
BUGTRAQ:20020527 Problems with various windows FTP servers
https://exchange.xforce.ibmcloud.com/vulnerabilities/6673
XF:broker-ftp-dot-bo(6673)
CVE-2002-0406
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
2003-04-02
2002-06-15
CVE-2002-0406
http://www.securityfocus.com/bid/4258
BID:4258
http://online.securityfocus.com/archive/1/259334
BUGTRAQ:20020302 Denial of Service in Sphereserver
http://www.iss.net/security_center/static/8338.php
XF:sphereserver-connections-dos(8338)
CVE-2002-0407
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
2002-06-11
2016-10-17
CVE-2002-0407
http://www.securityfocus.com/bid/4406
BID:4406
http://marc.info/?l=bugtraq&m=101310812804716&w=2
BUGTRAQ:20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
http://www.securityfocus.com/archive/1/265380
BUGTRAQ:20020402 KPMG-2002006: Lotus Domino Physical Path Revealed
http://www.iss.net/security_center/static/8160.php
XF:lotus-domino-reveal-information(8160)
CVE-2002-0408
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
2002-06-11
2016-10-17
CVE-2002-0408
http://www.securityfocus.com/bid/4049
BID:4049
http://marc.info/?l=bugtraq&m=101310812804716&w=2
BUGTRAQ:20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
http://marc.info/?l=bugtraq&m=101785616526383&w=2
BUGTRAQ:20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed
CVE-2002-0409
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
2002-06-11
2016-10-17
CVE-2002-0409
http://marc.info/?l=bugtraq&m=101518860823788&w=2
BUGTRAQ:20020303 iBuySpy store hole
CVE-2002-0410
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
2002-06-11
2002-06-15
CVE-2002-0410
http://www.securityfocus.com/bid/4214
BID:4214
http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
BUGTRAQ:20020303 AeroMail multiple vulnerabilities
http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
CONFIRM:http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
http://the.cushman.net/projects/aeromail/download/
MISC:http://the.cushman.net/projects/aeromail/download/
http://www.iss.net/security_center/static/8345.php
XF:aeromail-obtain-files(8345)
CVE-2002-0411
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
2002-06-11
2002-06-15
CVE-2002-0411
http://www.securityfocus.com/bid/4215
BID:4215
http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
BUGTRAQ:20020303 AeroMail multiple vulnerabilities
http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
CONFIRM:http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
http://www.iss.net/security_center/static/8346.php
XF:aeromail-subject-css(8346)
CVE-2002-0412
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
2003-04-02
2002-06-15
CVE-2002-0412
http://www.securityfocus.com/bid/4225
BID:4225
http://online.securityfocus.com/archive/1/259642
BUGTRAQ:20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop
http://marc.info/?l=bugtraq&m=101854261030453&w=2
BUGTRAQ:20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
http://marc.info/?l=bugtraq&m=101856541322245&w=2
BUGTRAQ:20020411 re: gobbles ntop alert
http://marc.info/?l=bugtraq&m=101908224609740&w=2
BUGTRAQ:20020417 segfault in ntop
http://snapshot.ntop.org/
CONFIRM:http://snapshot.ntop.org/
http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html
MISC:http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html
http://www.osvdb.org/5307
OSVDB:5307
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html
VULNWATCH:20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop
http://www.iss.net/security_center/static/8347.php
XF:ntop-traceevent-format-string(8347)
CVE-2002-0413
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
2002-06-11
2002-06-15
CVE-2002-0413
http://www.securityfocus.com/bid/4220
BID:4220
http://online.securityfocus.com/archive/1/259464
BUGTRAQ:20020304 ReBB javascripts vulnerability
http://www.iss.net/security_center/static/8353.php
XF:rebb-img-css(8353)
CVE-2002-0414
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
2003-04-02
2002-06-15
CVE-2002-0414
http://www.securityfocus.com/bid/4224
BID:4224
http://www.securityfocus.com/archive/1/259598
BUGTRAQ:20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
CONFIRM:http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
http://www.osvdb.org/5304
OSVDB:5304
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html
VULNWATCH:20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
http://www.iss.net/security_center/static/8416.php
XF:kame-forged-packet-forwarding(8416)
CVE-2002-0415
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
2002-06-11
2002-06-15
CVE-2002-0415
http://www.securityfocus.com/bid/4221
BID:4221
http://www.securityfocus.com/archive/1/259333
BUGTRAQ:20020302 RealPlayer bug
http://www.iss.net/security_center/static/8336.php
XF:realplayer-http-directory-traversal(8336)
CVE-2002-0416
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
2002-06-11
2002-06-15
CVE-2002-0416
http://www.securityfocus.com/bid/4232
BID:4232
http://www.securityfocus.com/archive/1/259818
BUGTRAQ:20020305 Buffer Overflows in sh39.com
http://www.iss.net/security_center/static/8379.php
XF:sh39-mailserver-dos(8379)
CVE-2002-0417
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
2002-06-11
2002-06-15
CVE-2002-0417
http://www.securityfocus.com/bid/4222
BID:4222
http://online.securityfocus.com/archive/1/259730
BUGTRAQ:20020305 Endymion SakeMail and MailMan File Disclosure Vulnerability
http://www.endymion.com/products/mailman/history.htm
CONFIRM:http://www.endymion.com/products/mailman/history.htm
http://www.iss.net/security_center/static/8357.php
XF:mailman-alternate-templates-traversal(8357)
CVE-2002-0418
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
2002-06-11
2002-06-15
CVE-2002-0418
http://www.securityfocus.com/bid/4223
BID:4223
http://online.securityfocus.com/archive/1/259730
BUGTRAQ:20020305 Endymion SakeMail and MailMan File Disclosure Vulnerability
http://www.iss.net/security_center/static/8358.php
XF:sakemail-paramname-directory-traversal(8358)
CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
2002-06-11
2016-10-17
CVE-2002-0419
http://www.securityfocus.com/bid/4235
BID:4235
http://marc.info/?l=bugtraq&m=101535399100534&w=2
BUGTRAQ:20020305 Considerations for IIS Authentication (#NISR05032002C)
http://www.iss.net/security_center/static/8382.php
XF:iis-authentication-error-messages(8382)
CVE-2002-0420
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
2002-06-11
2002-06-15
CVE-2002-0420
http://www.securityfocus.com/bid/4237
BID:4237
http://archives.neohapsis.com/archives/bugtraq/2002-03/0056.html
BUGTRAQ:20020305 PureTLS Security Announcement: Upgrade to 0.9b2
http://www.iss.net/security_center/static/8386.php
XF:puretls-injection-attack(8386)
CVE-2002-0421
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
2002-06-11
2002-06-15
CVE-2002-0421
http://www.securityfocus.com/bid/4236
BID:4236
http://online.securityfocus.com/archive/1/259963
BUGTRAQ:20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.
http://www.iss.net/security_center/static/8388.php
XF:winnt-pw-policy-bypass(8388)
CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
2002-06-11
2016-10-17
CVE-2002-0422
http://marc.info/?l=bugtraq&m=101536634207324&w=2
BUGTRAQ:20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
http://marc.info/?l=ntbugtraq&m=101535147125320&w=2
NTBUGTRAQ:20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
http://www.osvdb.org/13431
OSVDB:13431
http://www.iss.net/security_center/static/8385.php
XF:iis-request-ip-disclosure(8385)
CVE-2002-0423
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
2003-04-02
2002-06-15
CVE-2002-0423
http://www.securityfocus.com/bid/4239
BID:4239
http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz
CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz
http://www.iss.net/security_center/static/8380.php
XF:efingerd-reverse-lookup-bo(8380)
CVE-2002-0424
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
2003-04-02
2002-06-15
CVE-2002-0424
http://www.securityfocus.com/bid/4240
BID:4240
http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
http://www.iss.net/security_center/static/8381.php
XF:efingerd-file-execution(8381)
CVE-2002-0425
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
2003-04-02
2002-06-15
CVE-2002-0425
http://www.securityfocus.com/bid/4247
BID:4247
http://online.securityfocus.com/archive/1/260244
BUGTRAQ:20020306 mIRC DCC Server Security Flaw
http://www.osvdb.org/5301
OSVDB:5301
http://www.iss.net/security_center/static/8393.php
XF:mirc-dcc-reveal-info(8393)
CVE-2002-0426
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
2002-06-11
2002-06-15
CVE-2002-0426
http://www.securityfocus.com/bid/4250
BID:4250
http://online.securityfocus.com/archive/1/260613
BUGTRAQ:20020308 Linksys BEFVP41 VPN Server does not follow proper VPN standards
ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip
MISC:ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip
http://www.iss.net/security_center/static/8397.php
XF:linksys-etherfast-weak-encryption(8397)
CVE-2002-0427
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
2002-06-11
2002-06-15
CVE-2002-0427
http://www.securityfocus.com/bid/4251
BID:4251
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
FREEBSD:FreeBSD-SA-02:17
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php
MANDRAKE:MDKSA-2002:021
http://www.iss.net/security_center/static/8400.php
XF:apache-modfrontpage-bo(8400)
CVE-2002-0428
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
2002-06-11
2002-06-15
CVE-2002-0428
http://www.securityfocus.com/bid/4253
BID:4253
http://online.securityfocus.com/archive/1/260662
BUGTRAQ:20020308 Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)
http://www.iss.net/security_center/static/8423.php
XF:fw1-authentication-bypass-timeouts(8423)
CVE-2002-0429
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
2003-04-02
2003-03-20
CVE-2002-0429
http://www.securityfocus.com/bid/4259
BID:4259
http://marc.info/?l=bugtraq&m=101561298818888&w=2
BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
http://www.openwall.com/linux/
CONFIRM:http://www.openwall.com/linux/
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://www.redhat.com/support/errata/RHSA-2002-158.html
REDHAT:RHSA-2002:158
http://www.iss.net/security_center/static/8420.php
XF:linux-ibcs-lcall-process(8420)
CVE-2002-0430
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
2002-06-11
2002-06-15
CVE-2002-0430
http://www.securityfocus.com/bid/4252
BID:4252
http://archives.neohapsis.com/archives/bugtraq/2002-03/0081.html
BUGTRAQ:20020308 Remote Cobalt Raq XTR vulns
CVE-2002-0431
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.
2003-04-02
2002-06-15
CVE-2002-0431
http://www.securityfocus.com/bid/4260
BID:4260
http://online.securityfocus.com/archive/1/260912
BUGTRAQ:20020309 xtux server DoS.
https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206
MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206
http://www.iss.net/security_center/static/8422.php
XF:xtux-server-dos(8422)
CVE-2002-0432
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
2002-06-11
2002-06-15
CVE-2002-0432
http://www.securityfocus.com/bid/4263
BID:4263
http://online.securityfocus.com/archive/1/260934
BUGTRAQ:20020309 Citadel/UX Server Remote DoS attack Vulnerability
http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz
CONFIRM:http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz
http://www.iss.net/security_center/static/8426.php
XF:citadel-helo-bo(8426)
CVE-2002-0433
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
2002-06-11
2002-06-15
CVE-2002-0433
http://www.securityfocus.com/bid/4262
BID:4262
http://online.securityfocus.com/archive/1/260734
BUGTRAQ:20020310 Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
http://www.iss.net/security_center/static/8429.php
XF:pi3web-asterisk-view-files(8429)
CVE-2002-0434
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
2002-06-11
2002-06-15
CVE-2002-0434
http://www.securityfocus.com/bid/4278
BID:4278
http://www.securityfocus.com/archive/1/261512
BUGTRAQ:20020310 Marcus S. Xenakis "directory.php" allows arbitrary code execution
http://www.iss.net/security_center/static/8440.php
XF:xenakis-directory-execute-commands(8440)
CVE-2002-0435
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
2003-04-02
2003-03-20
CVE-2002-0435
http://www.securityfocus.com/bid/4266
BID:4266
http://www.securityfocus.com/archive/1/260936
BUGTRAQ:20020310 GNU fileutils - recursive directory removal race condition
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
CALDERA:CSSA-2002-018.1
http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
CONFIRM:http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php
MANDRAKE:MDKSA-2002:031
http://www.redhat.com/support/errata/RHSA-2003-015.html
REDHAT:RHSA-2003:015
http://www.redhat.com/support/errata/RHSA-2003-016.html
REDHAT:RHSA-2003:016
http://www.iss.net/security_center/static/8432.php
XF:gnu-fileutils-race-condition(8432)
CVE-2002-0436
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
2002-06-11
2002-06-15
CVE-2002-0436
http://www.securityfocus.com/bid/4269
BID:4269
http://www.securityfocus.com/archive/1/261544
BUGTRAQ:20020311 SunSolve CD cgi scripts...
http://www.iss.net/security_center/static/8435.php
XF:sunsolve-cd-command-execution(8435)
CVE-2002-0437
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
2003-04-02
2002-06-15
CVE-2002-0437
http://www.securityfocus.com/bid/4268
BID:4268
http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
BUGTRAQ:20020311 SMStools vulnerabilities in release before 1.4.8
http://www.isis.de/members/~s.frings/smstools/history.html
CONFIRM:http://www.isis.de/members/~s.frings/smstools/history.html
http://www.iss.net/security_center/static/8433.php
XF:sms-tools-format-string(8433)
CVE-2002-0438
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
2002-06-11
2002-06-15
CVE-2002-0438
http://www.securityfocus.com/bid/4272
BID:4272
http://www.securityfocus.com/archive/1/261411
BUGTRAQ:20020311 ZyXEL ZyWALL10 DoS
ftp://ftp.zyxel.com/public/zywall10/firmware/zywall10_V3.50%28WA.2%29C0_Standard.zip
MISC:ftp://ftp.zyxel.com/public/zywall10/firmware/zywall10_V3.50(WA.2)C0_Standard.zip
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0067.html
VULNWATCH:20020312 [VulnWatch] ZyXEL ZyWALL10 DoS
http://www.iss.net/security_center/static/8436.php
XF:zyxel-zywall10-arp-dos(8436)
CVE-2002-0439
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
2002-06-11
2002-06-15
CVE-2002-0439
http://www.securityfocus.com/bid/4270
BID:4270
http://www.securityfocus.com/archive/1/261218
BUGTRAQ:20020311 CaupoShop: cross-site-scripting bug
http://www.iss.net/security_center/static/8431.php
XF:cauposhop-user-info-css(8431)
CVE-2002-0440
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.
2002-06-11
2005-07-06
CVE-2002-0440
http://www.securityfocus.com/bid/4265
BID:4265
http://seclists.org/lists/bugtraq/2002/Mar/0162.html
BUGTRAQ:20020311 VirusWall HTTP proxy content scanning circumvention
http://www.inside-security.de/vwall_cl0.html
MISC:http://www.inside-security.de/vwall_cl0.html
http://www.iss.net/security_center/static/8425.php
XF:interscan-viruswall-http-proxy-bypass(8425)
CVE-2002-0441
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.
2003-04-02
2002-06-15
CVE-2002-0441
http://www.securityfocus.com/bid/4276
BID:4276
http://www.securityfocus.com/archive/1/261221
BUGTRAQ:20020311 Directory traversal vulnerability in phpimglist
http://www.liquidpulse.net/get.lp?id=17
CONFIRM:http://www.liquidpulse.net/get.lp?id=17
http://www.iss.net/security_center/static/8441.php
XF:phpimglist-dot-directory-traversal(8441)
CVE-2002-0442
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.
2003-04-02
2002-06-15
CVE-2002-0442
http://www.securityfocus.com/bid/4273
BID:4273
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt
CALDERA:CSSA-2002-SCO.8
http://www.iss.net/security_center/static/8442.php
XF:openserver-dlvraudit-bo(8442)
CVE-2002-0443
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
2004-09-01
2002-06-15
CVE-2002-0443
http://www.securityfocus.com/bid/4256
BID:4256
http://online.securityfocus.com/archive/1/260704
BUGTRAQ:20020307 Windows 2000 password policy bypass possibility
http://www.iss.net/security_center/static/8402.php
XF:win2k-password-bypass-policy(8402)
CVE-2002-0444
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
2004-09-01
2002-06-15
CVE-2002-0444
http://www.securityfocus.com/bid/4464
BID:4464
http://www.securityfocus.com/archive/1/266729
BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices
http://www.iss.net/security_center/static/8813.php
XF:win2k-terminal-bypass-policies(8813)
CVE-2002-0445
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
2004-09-01
2004-08-17
CVE-2002-0445
http://www.securityfocus.com/bid/4274
BID:4274
http://www.securityfocus.com/archive/1/261337
BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability
http://www.osvdb.org/7170
OSVDB:7170
http://www.iss.net/security_center/static/8434.php
XF:phpfirstpost-path-disclosure(8434)
CVE-2002-0446
categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.
2002-06-11
2002-06-15
CVE-2002-0446
http://www.securityfocus.com/bid/4275
BID:4275
http://www.securityfocus.com/archive/1/261681
BUGTRAQ:20020312 [ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability
http://www.iss.net/security_center/static/8439.php
XF:btp-cid-path-disclosure(8439)
CVE-2002-0447
Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
2002-06-11
2002-06-15
CVE-2002-0447
http://www.securityfocus.com/bid/4255
BID:4255
http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html
BUGTRAQ:20020308 Xerver-2.10-File-Disclousure&DoS-attack
http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html
BUGTRAQ:20020312 Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)
http://www.iss.net/security_center/static/8421.php
XF:xerver-dot-directory-traversal(8421)
CVE-2002-0448
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
2002-06-11
2002-06-15
CVE-2002-0448
http://www.securityfocus.com/bid/4254
BID:4254
http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html
BUGTRAQ:20020308 Xerver-2.10-File-Disclousure&DoS-attack
http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html
BUGTRAQ:20020312 Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)
http://www.iss.net/security_center/static/8419.php
XF:xerver-multiple-request-dos(8419)
CVE-2002-0449
Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe.
2002-06-11
2017-07-18
CVE-2002-0449
http://www.securityfocus.com/bid/4233
BID:4233
http://marc.info/?l=bugtraq&m=101535141925150&w=2
BUGTRAQ:20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)
http://www.kb.cert.org/vuls/id/159907
CERT-VN:VU#159907
http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
CONFIRM:http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
http://www.iss.net/security_center/static/8361.php
XF:webplus-webpsvc-bo(8361)
CVE-2002-0450
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
2002-06-11
2005-07-06
CVE-2002-0450
http://www.securityfocus.com/bid/4282
BID:4282
http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00208.html
BUGTRAQ:20020313 2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002)
http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
CONFIRM:http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
http://www.iss.net/security_center/static/8446.php
XF:webplus-wml-bo(8446)
CVE-2002-0451
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
2003-04-02
2002-06-15
CVE-2002-0451
http://www.securityfocus.com/bid/4284
BID:4284
http://www.securityfocus.com/archive/1/261676
BUGTRAQ:20020313 Command execution in phprojekt.
http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=
CONFIRM:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=
http://www.iss.net/security_center/static/8448.php
XF:phpprojekt-filemanager-include-files(8448)
CVE-2002-0452
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
2002-06-11
2002-06-15
CVE-2002-0452
http://www.securityfocus.com/bid/4286
BID:4286
http://www.securityfocus.com/archive/1/261834
BUGTRAQ:20020313 Foundry Networks ServerIron don't decode URIs
http://www.iss.net/security_center/static/8459.php
XF:foundry-serveriron-reveal-source(8459)
CVE-2002-0453
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
2002-06-11
2002-06-15
CVE-2002-0453
http://www.securityfocus.com/bid/4288
BID:4288
http://www.securityfocus.com/archive/1/262066
BUGTRAQ:20020314 Account Lockout Vulnerability in Oblix NetPoint v5.2
http://www.iss.net/security_center/static/8461.php
XF:netpoint-account-lockout-bypass(8461)
CVE-2002-0454
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
2003-04-02
2003-03-20
CVE-2002-0454
http://www.securityfocus.com/bid/4295
BID:4295
http://www.securityfocus.com/archive/1/262213
BUGTRAQ:20020315 Bug in QPopper (All Versions?)
CALDERA:CSSA-2002-SCO.20
ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
CONFIRM:ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
http://www.iss.net/security_center/static/8458.php
XF:qpopper-qpopper-dos(8458)
CVE-2002-0455
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
2002-06-11
2002-06-15
CVE-2002-0455
http://www.securityfocus.com/bid/4297
BID:4297
http://www.securityfocus.com/archive/1/262262
BUGTRAQ:20020315 MSIE vulnerability exploitable with IncrediMail
http://www.iss.net/security_center/static/8460.php
XF:incredimail-insecure-attachment-directory(8460)
CVE-2002-0456
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
2002-06-11
2016-10-17
CVE-2002-0456
http://www.securityfocus.com/bid/4306
BID:4306
http://marc.info/?l=bugtraq&m=101622857703677&w=2
BUGTRAQ:20020315 RE: MSIE vulnerability exploitable with IncrediMail
http://www.securityfocus.com/archive/1/262704
BUGTRAQ:20020316 MSIE vulnerability exploitable with Eudora (was: IncrediMail)
http://www.iss.net/security_center/static/8487.php
XF:eudora-insecure-attachment-directory(8487)
CVE-2002-0457
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
2002-06-11
2002-06-15
CVE-2002-0457
http://www.securityfocus.com/bid/4308
BID:4308
http://www.securityfocus.com/archive/1/262693
BUGTRAQ:20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/8474.php
XF:bgguestbook-post-css(8474)
CVE-2002-0458
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
2002-06-11
2005-07-05
CVE-2002-0458
http://www.securityfocus.com/bid/14145
BID:14145
http://archives.neohapsis.com/archives/bugtraq/2002-03/0206.html
BUGTRAQ:20020316 [ARL02-A10] News-TNK Cross Site Scripting Vulnerability
http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
CONFIRM:http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
http://www.linux-sottises.net/software/news-tnk/CHANGES
CONFIRM:http://www.linux-sottises.net/software/news-tnk/CHANGES
http://www.iss.net/security_center/static/8477.php
XF:newstnk-web-css(8477)
CVE-2002-0459
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
2002-06-11
2002-06-15
CVE-2002-0459
http://www.securityfocus.com/bid/4305
BID:4305
http://www.securityfocus.com/archive/1/262694
BUGTRAQ:20020316 [ARL02-A09] Board-TNK Cross Site Scripting Vulnerability
http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
CONFIRM:http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
http://www.iss.net/security_center/static/8475.php
XF:boardtnk-web-css(8475)
CVE-2002-0460
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
2002-06-11
2002-06-15
CVE-2002-0460
http://www.securityfocus.com/bid/4300
BID:4300
http://online.securityfocus.com/archive/1/262681
BUGTRAQ:20020318 KPMG-2002005: BitVise WinSSH Denial of Service
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0068.html
VULNWATCH:20020318 [VulnWatch] KPMG-2002005: BitVise WinSSH Denial of Service
http://www.iss.net/security_center/static/8470.php
XF:winsshd-incomplete-connection-dos(8470)
CVE-2002-0461
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
2002-06-11
2002-06-15
CVE-2002-0461
http://www.securityfocus.com/bid/4322
BID:4322
http://online.securityfocus.com/archive/1/262994
BUGTRAQ:20020318 Javascript loop causes IE to crash
http://www.iss.net/security_center/static/8488.php
XF:ie-javascript-dos(8488)
CVE-2002-0462
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
2003-04-02
2003-03-20
CVE-2002-0462
http://www.securityfocus.com/bid/4312
BID:4312
http://www.securityfocus.com/archive/1/262735
BUGTRAQ:20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt
CONFIRM:http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt
http://www.osvdb.org/5287
OSVDB:5287
http://www.osvdb.org/5288
OSVDB:5288
http://www.iss.net/security_center/static/8478.php
XF:bigsam-displaybegin-dos(8478)
http://www.iss.net/security_center/static/8479.php
XF:bigsam-safemode-path-disclosure(8479)
CVE-2002-0463
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
2003-04-02
2002-06-15
CVE-2002-0463
http://www.securityfocus.com/bid/4307
BID:4307
http://www.securityfocus.com/archive/1/262652
BUGTRAQ:20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
http://www.securityfocus.com/archive/1/262802
BUGTRAQ:20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
http://www.iss.net/security_center/static/8472.php
XF:arsc-language-path-disclosure(8472)
CVE-2002-0464
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
2003-04-02
2002-06-15
CVE-2002-0464
http://www.securityfocus.com/bid/4311
BID:4311
http://www.securityfocus.com/archive/1/262734
BUGTRAQ:20020318 Hosting Directory Traversal madness...
http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip
CVE-2002-0465
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
2002-06-11
2017-12-18
CVE-2002-0465
http://www.securityfocus.com/bid/3811
BID:3811
http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html
BUGTRAQ:20020105 Hosting Controller's - Multiple Security Vulnerabilities
http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
https://exchange.xforce.ibmcloud.com/vulnerabilities/7824
XF:hosting-controller-dot-directory-traversal(7824)
CVE-2002-0466
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
2002-06-11
2017-12-18
CVE-2002-0466
http://www.securityfocus.com/bid/3808
BID:3808
http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html
BUGTRAQ:20020105 Hosting Controller's - Multiple Security Vulnerabilities
http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
https://exchange.xforce.ibmcloud.com/vulnerabilities/7823
XF:hosting-controller-directory-browsing(7823)
CVE-2002-0467
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
2002-06-11
2002-06-15
CVE-2002-0467
http://www.securityfocus.com/bid/4176
BID:4176
http://www.securityfocus.com/archive/1/261209
BUGTRAQ:20020310 Ecartis/Listar multiple vulnerabilities
http://www.ecartis.org/
CONFIRM:http://www.ecartis.org/
http://www.debian.org/security/2002/dsa-123
DEBIAN:DSA-123
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
VULNWATCH:20020311 [VulnWatch] Ecartis/Listar multiple vulnerabilities
http://www.iss.net/security_center/static/8284.php
XF:ecartis-mystring-bo(8284)
CVE-2002-0468
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
2002-06-11
2016-10-17
CVE-2002-0468
http://www.securityfocus.com/bid/4271
BID:4271
http://www.securityfocus.com/archive/1/261209
BUGTRAQ:20020310 Ecartis/Listar multiple vulnerabilities
http://online.securityfocus.com/archive/1/269658
BUGTRAQ:20020425 ecartis / listar PoC
http://online.securityfocus.com/archive/1/269879
BUGTRAQ:20020427 Response to KF about Listar/Ecartis Vulnerability
http://www.ecartis.org/
CONFIRM:http://www.ecartis.org/
http://marc.info/?l=listar-support&m=101590272221720&w=2
MISC:http://marc.info/?l=listar-support&m=101590272221720&w=2
http://online.securityfocus.com/archive/82/258763
VULN-DEV:20020227 listar / ecaris remote or local?
http://www.iss.net/security_center/static/8445.php
XF:ecartis-local-bo(8445)
CVE-2002-0469
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
2002-06-11
2002-06-15
CVE-2002-0469
http://www.securityfocus.com/bid/4277
BID:4277
http://www.securityfocus.com/archive/1/261209
BUGTRAQ:20020310 Ecartis/Listar multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
VULNWATCH:20020311 [VulnWatch] Ecartis/Listar multiple vulnerabilities
http://www.iss.net/security_center/static/8444.php
XF:ecartis-root-privileges(8444)
CVE-2002-0470
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
2002-06-11
2002-06-15
CVE-2002-0470
http://www.securityfocus.com/bid/4304
BID:4304
http://seclists.org/bugtraq/2002/Mar/0263.html
BUGTRAQ:20020318 PHP Net Toolpack: input validation error
http://www.iss.net/security_center/static/8484.php
XF:phpnettoolpack-traceroute-insecure-path(8484)
CVE-2002-0471
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
2002-06-11
2002-06-15
CVE-2002-0471
http://www.securityfocus.com/bid/4303
BID:4303
http://seclists.org/bugtraq/2002/Mar/0263.html
BUGTRAQ:20020318 PHP Net Toolpack: input validation error
http://www.iss.net/security_center/static/8482.php
XF:phpnettoolpack-traceroute-command-execution(8482)
CVE-2002-0472
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
2002-06-11
2002-06-15
CVE-2002-0472
http://www.securityfocus.com/bid/4316
BID:4316
http://www.securityfocus.com/archive/1/262906
BUGTRAQ:20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
http://www.encode-sec.com/esp0202.pdf
MISC:http://www.encode-sec.com/esp0202.pdf
http://www.iss.net/security_center/static/8582.php
XF:msn-messenger-message-spoofing(8582)
CVE-2002-0473
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
2003-04-02
2016-09-15
CVE-2002-0473
http://www.securityfocus.com/bid/4380
BID:4380
http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html
BUGTRAQ:20020318 Re: phpBB2 remote execution command (fwd)
http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html
BUGTRAQ:20020318 phpBB2 remote execution command
http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip
CONFIRM:http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip
http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483
MISC:http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483
http://www.osvdb.org/4268
OSVDB:4268
http://online.securityfocus.com/archive/82/262600
VULN-DEV:20020318 phpBB2 remote execution command
http://www.iss.net/security_center/static/8476.php
XF:phpbb-db-command-execution(8476)
CVE-2002-0474
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
2002-06-11
2002-06-15
CVE-2002-0474
http://www.securityfocus.com/bid/4394
BID:4394
http://www.securityfocus.com/archive/1/264897
BUGTRAQ:20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/8702.php
XF:zeroforum-img-css(8702)
CVE-2002-0475
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
2002-06-11
2002-06-15
CVE-2002-0475
http://www.securityfocus.com/bid/4379
BID:4379
http://www.securiteam.com/unixfocus/6W00Q202UM.html
MISC:http://www.securiteam.com/unixfocus/6W00Q202UM.html
http://www.iss.net/security_center/static/7459.php
XF:phpbb-cross-site-scripting(7459)
CVE-2002-0476
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
2002-06-11
2002-06-15
CVE-2002-0476
http://www.securityfocus.com/bid/4320
BID:4320
http://www.securityfocus.com/archive/1/262990
BUGTRAQ:20020319 More SWF vulnerabilities?
http://www.macromedia.com/support/flash/ts/documents/fs_save.htm
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/fs_save.htm
http://www.iss.net/security_center/static/8584.php
XF:flash-fscommand-save(8584)
CVE-2002-0477
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
2002-06-11
2016-10-17
CVE-2002-0477
http://www.securityfocus.com/bid/4321
BID:4321
http://marc.info/?l=bugtraq&m=101071988413107&w=2
BUGTRAQ:20020109 Shockwave Flash player issue
http://www.securityfocus.com/archive/1/262990
BUGTRAQ:20020319 More SWF vulnerabilities?
http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm
http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm
http://www.iss.net/security_center/static/8587.php
XF:flash-fscommand-exec(8587)
CVE-2002-0478
The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.
2002-06-11
2016-10-17
CVE-2002-0478
http://www.securityfocus.com/bid/4330
BID:4330
http://marc.info/?l=bugtraq&m=101666425609914&w=2
BUGTRAQ:20020320 Default SNMP configuration issue with Foundry Networks EdgeIron 4802F
http://www.iss.net/security_center/static/8592.php
XF:edgelron-default-snmp-string(8592)
CVE-2002-0479
Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
2002-06-11
2002-06-15
CVE-2002-0479
http://www.securityfocus.com/bid/4347
BID:4347
http://archives.neohapsis.com/archives/bugtraq/2002-03/0284.html
BUGTRAQ:20020320 Gravity Storm Service Pack Manager 2000 Share Vulnerability
http://www.iss.net/security_center/static/8607.php
XF:sp-manager-insecure-directories(8607)
CVE-2002-0480
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
2002-06-11
2016-10-17
CVE-2002-0480
http://www.securityfocus.com/bid/4331
BID:4331
http://marc.info/?l=bugtraq&m=101666833321138&w=2
BUGTRAQ:20020320 NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances
http://marc.info/?l=bugtraq&m=101675086010051&w=2
BUGTRAQ:20020321 RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances
http://marc.info/?l=bugtraq&m=101684141308876&w=2
BUGTRAQ:20020322 RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation
CVE-2002-0481
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
2002-06-11
2002-06-15
CVE-2002-0481
http://www.securityfocus.com/bid/4340
BID:4340
http://online.securityfocus.com/archive/1/263429
BUGTRAQ:20020321 How Outlook 2002 can still execute JavaScript in an HTML email message
http://www.iss.net/security_center/static/8604.php
XF:outlook-iframe-javascript(8604)
CVE-2002-0482
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
2002-06-11
2002-06-15
CVE-2002-0482
http://www.securityfocus.com/bid/4348
BID:4348
http://archives.neohapsis.com/archives/bugtraq/2002-03/0285.html
BUGTRAQ:20020321 Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions)
http://www.iss.net/security_center/static/8610.php
XF:netsupport-manager-directory-traversal(8610)
CVE-2002-0483
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
2002-06-11
2002-06-15
CVE-2002-0483
http://www.securityfocus.com/bid/4333
BID:4333
http://online.securityfocus.com/archive/1/263337
BUGTRAQ:20020320 Fw: PHPNuke 5.4 Path Disclosure Vulnerability?
http://www.iss.net/security_center/static/8618.php
XF:phpnuke-index-path-disclosure(8618)
CVE-2002-0484
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
2003-04-02
2002-06-15
CVE-2002-0484
http://www.securityfocus.com/bid/4325
BID:4325
http://online.securityfocus.com/archive/1/262999
BUGTRAQ:20020317 move_uploaded_file breaks safe_mode restrictions in PHP
http://online.securityfocus.com/archive/1/263259
BUGTRAQ:20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP
http://marc.info/?l=bugtraq&m=101683938806677&w=2
BUGTRAQ:20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP
http://bugs.php.net/bug.php?id=16128
CONFIRM:http://bugs.php.net/bug.php?id=16128
http://www.iss.net/security_center/static/8591.php
XF:php-moveuploadedfile-create-files(8591)
CVE-2002-0485
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
2002-06-11
2016-10-17
CVE-2002-0485
http://marc.info/?l=bugtraq&m=101684260510079&w=2
BUGTRAQ:20020322 One more way to bypass NAV
http://marc.info/?l=vuln-dev&m=101681724810317&w=2
VULN-DEV:20020322 One more way to bypass NAV
CVE-2002-0486
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
2002-06-11
2017-07-10
CVE-2002-0486
http://www.securityfocus.com/bid/4344
BID:4344
http://www.securityfocus.com/archive/1/263485
BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8614
XF:xpede-password-weak-encryption(8614)
CVE-2002-0487
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
2002-06-11
2002-06-15
CVE-2002-0487
http://www.securityfocus.com/bid/4346
BID:4346
http://www.securityfocus.com/archive/1/263485
BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.)
http://www.iss.net/security_center/static/8612.php
XF:xpede-reauth-plaintext-password(8612)
CVE-2002-0488
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
2003-04-02
2002-06-15
CVE-2002-0488
http://www.securityfocus.com/bid/4332
BID:4332
http://www.securityfocus.com/archive/1/263285
BUGTRAQ:20020321 PHP script: Penguin Traceroute, Remote Command Execution
http://www.linux-directory.com/scripts/traceroute.pl
CONFIRM:http://www.linux-directory.com/scripts/traceroute.pl
http://www.iss.net/security_center/static/8600.php
XF:penguin-traceroute-command-execution(8600)
CVE-2002-0489
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
2002-06-11
2016-10-17
CVE-2002-0489
http://www.securityfocus.com/bid/4353
BID:4353
http://marc.info/?l=bugtraq&m=101684215209558&w=2
BUGTRAQ:20020322 Re: PHP script: Penguin Traceroute, Remote Command Execution
http://www.iss.net/security_center/static/8601.php
XF:penguin-nslookup-command-execution(8601)
CVE-2002-0490
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
2003-04-02
2002-06-15
CVE-2002-0490
http://www.securityfocus.com/bid/4361
BID:4361
http://www.securityfocus.com/archive/1/264041
BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers
http://instantwebmail.sourceforge.net/#changeLog
CONFIRM:http://instantwebmail.sourceforge.net/#changeLog
http://www.iss.net/security_center/static/8650.php
XF:instant-webmail-pop-commands(8650)
CVE-2002-0491
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
2002-06-11
2002-06-15
CVE-2002-0491
http://www.securityfocus.com/bid/4355
BID:4355
http://www.securityfocus.com/archive/1/263902
BUGTRAQ:20020324 Cookie vulnerability in Alguest guestbook (PHP)
http://www.iss.net/security_center/static/8623.php
XF:alguest-php-admin-access(8623)
CVE-2002-0492
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
2002-06-11
2002-06-15
CVE-2002-0492
http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html
BUGTRAQ:20020325 dcshop.cgi anybody can delete *.setup for database
CVE-2002-0493
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
2003-04-02
2020-02-13
CVE-2002-0493
http://marc.info/?l=bugtraq&m=101709002410365&w=2
BUGTRAQ:20020325 re: Tomcat Security Exposure
http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.iss.net/security_center/static/9863.php
XF:tomcat-xml-bypass-restrictions(9863)
CVE-2002-0494
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
2003-04-02
2002-06-15
CVE-2002-0494
http://www.securityfocus.com/bid/4357
BID:4357
http://www.securityfocus.com/archive/1/263914
BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug
http://sourceforge.net/forum/forum.php?forum_id=163389
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389
http://www.iss.net/security_center/static/8624.php
XF:websight-directory-system-css(8624)
CVE-2002-0495
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
2003-04-02
2002-06-15
CVE-2002-0495
http://www.securityfocus.com/bid/4368
BID:4368
http://www.securityfocus.com/archive/1/264169
BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
http://www.iss.net/security_center/static/8636.php
XF:cssearch-url-execute-commands(8636)
CVE-2002-0496
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
2002-06-11
2002-06-15
CVE-2002-0496
http://www.securityfocus.com/bid/4362
BID:4362
http://www.securityfocus.com/archive/1/264168
BUGTRAQ:20020326 SouthWest Telnet talker server. DoS (Denial of Service Attack).
http://www.iss.net/security_center/static/8626.php
XF:southwest-http-port-dos(8626)
CVE-2002-0497
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
2003-04-02
2002-06-15
CVE-2002-0497
http://www.securityfocus.com/bid/4217
BID:4217
http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
BUGTRAQ:20020306 mtr 0.45, 0.46
http://www.debian.org/security/2002/dsa-124
DEBIAN:DSA-124
http://www.iss.net/security_center/static/8367.php
XF:mtr-options-bo(8367)
CVE-2002-0498
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
2002-06-11
2002-06-15
CVE-2002-0498
http://www.securityfocus.com/bid/4365
BID:4365
http://www.securityfocus.com/archive/1/264085
BUGTRAQ:20020326 Etnus TotalView 5.
http://www.iss.net/security_center/static/8635.php
XF:totalview-insecure-privileges(8635)
CVE-2002-0499
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
2002-06-11
2002-06-15
CVE-2002-0499
http://www.securityfocus.com/bid/4367
BID:4367
http://www.securityfocus.com/archive/1/264117
BUGTRAQ:20020326 d_path() truncating excessive long path name vulnerability
http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
MISC:http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
VULNWATCH:20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability
http://www.iss.net/security_center/static/8634.php
XF:linux-dpath-truncate-path(8634)
CVE-2002-0500
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
2002-06-11
2002-06-15
CVE-2002-0500
http://www.securityfocus.com/bid/4371
BID:4371
http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html
BUGTRAQ:20020326 Retrieving information on local files in IE (GM#003-IE)
http://www.iss.net/security_center/static/8658.php
XF:ie-dynsrc-information-disclosure(8658)
CVE-2002-0501
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
2003-04-02
2003-03-20
CVE-2002-0501
http://www.securityfocus.com/bid/4378
BID:4378
http://online.securityfocus.com/archive/1/264450
BUGTRAQ:20020327 Format String Bug in Posadis DNS Server
http://sourceforge.net/forum/forum.php?forum_id=165094
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094
http://www.osvdb.org/3516
OSVDB:3516
http://www.iss.net/security_center/static/8653.php
XF:posadis-logging-format-string(8653)
CVE-2002-0502
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
2002-06-11
2017-12-18
CVE-2002-0502
http://www.securityfocus.com/bid/3926
BID:3926
http://www.securityfocus.com/archive/1/251737
BUGTRAQ:20020122 Citrix NFuse 1.6
http://www.securityfocus.com/archive/1/251923
BUGTRAQ:20020123 RE: Citrix NFuse 1.6
https://exchange.xforce.ibmcloud.com/vulnerabilities/7984
XF:nfuse-applist-information-disclosure(7984)
CVE-2002-0503
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
2002-06-11
2002-06-15
CVE-2002-0503
http://www.securityfocus.com/bid/4382
BID:4382
http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html
BUGTRAQ:20020327 Citrix Nfuse directory traversal with boilerplate.asp
http://www.iss.net/security_center/static/8654.php
XF:nfuse-boilerplate-directory-traversal(8654)
CVE-2002-0504
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
2002-06-11
2002-06-15
CVE-2002-0504
http://www.securityfocus.com/bid/4372
BID:4372
http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html
BUGTRAQ:20020327 NFuse Cross Site Scripting vulnerability
http://www.iss.net/security_center/static/8659.php
XF:nfuse-launch-css(8659)
CVE-2002-0505
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
2003-04-02
2002-06-15
CVE-2002-0505
http://www.securityfocus.com/bid/4370
BID:4370
http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails
http://www.iss.net/security_center/static/8655.php
XF:cisco-cti-memory-leak(8655)
CVE-2002-0506
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
2003-04-02
2002-06-15
CVE-2002-0506
http://www.securityfocus.com/bid/4393
BID:4393
http://online.securityfocus.com/archive/1/264699
BUGTRAQ:20020328 A possible buffer overflow in libnewt
http://www.iss.net/security_center/static/8700.php
XF:libnewt-bo(8700)
CVE-2002-0507
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
2002-06-11
2002-06-15
CVE-2002-0507
http://www.securityfocus.com/bid/4390
BID:4390
http://online.securityfocus.com/archive/1/264705
BUGTRAQ:20020328 Authentication with RSA SecurID and Outlook web access
http://www.iss.net/security_center/static/8681.php
XF:exchange-owa-securid-bypass(8681)
CVE-2002-0508
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
2002-06-11
2002-06-15
CVE-2002-0508
http://www.securityfocus.com/bid/4383
BID:4383
http://www.securityfocus.com/bid/4384
BID:4384
http://online.securityfocus.com/archive/1/264682
BUGTRAQ:20020328 vuln in wwwisis: remote command execution and get files
http://online.securityfocus.com/archive/1/265456
BUGTRAQ:20020402 RE: [VulnWatch] vuln in wwwisis: remote command execution and get files
http://www.bireme.br/security.htm
CONFIRM:http://www.bireme.br/security.htm
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0077.html
VULNWATCH:20020328 [VulnWatch] vuln in wwwisis: remote command execution and get files
http://www.iss.net/security_center/static/8660.php
XF:wwwisis-remote-command-execution(8660)
CVE-2002-0509
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
2002-06-11
2002-06-15
CVE-2002-0509
http://www.securityfocus.com/bid/4391
BID:4391
http://online.securityfocus.com/archive/1/264697
BUGTRAQ:20020328 Oracle9i TSN DoS Attack
http://www.iss.net/security_center/static/8657.php
XF:oracle-tns-onetcp-dos(8657)
CVE-2002-0510
The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
2002-06-11
2002-06-15
CVE-2002-0510
http://www.securityfocus.com/bid/4314
BID:4314
http://www.securityfocus.com/archive/1/262840
BUGTRAQ:20020319 Identifying Kernel 2.4.x based Linux machines using UDP
http://www.iss.net/security_center/static/8588.php
XF:linux-udp-fingerprint(8588)
CVE-2002-0511
The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names.
2003-04-02
2002-06-15
CVE-2002-0511
http://www.securityfocus.com/bid/4399
BID:4399
http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt
CALDERA:CSSA-2002-013.0
http://www.iss.net/security_center/static/8745.php
XF:nscd-dns-ptr-validation(8745)
CVE-2002-0512
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
2003-04-02
2002-08-16
CVE-2002-0512
http://www.securityfocus.com/bid/4400
BID:4400
http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt
CALDERA:CSSA-2002-005.0
http://www.iss.net/security_center/static/8737.php
XF:kde-startkde-search-directory(8737)
CVE-2002-0513
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
2003-04-02
2002-06-15
CVE-2002-0513
http://www.securityfocus.com/bid/4412
BID:4412
http://online.securityfocus.com/archive/1/265438
BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise
http://www.symatec-computer.com/forums/viewtopic.php?t=14
CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14
http://www.iss.net/security_center/static/8746.php
XF:symatec-popper-admin-access(8746)
CVE-2002-0514
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
2002-06-11
2002-06-15
CVE-2002-0514
http://www.securityfocus.com/bid/4401
BID:4401
http://www.securityfocus.com/archive/1/265188
BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered)
http://www.iss.net/security_center/static/8738.php
XF:firewall-rst-fingerprint(8738)
CVE-2002-0515
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
2002-06-11
2002-06-15
CVE-2002-0515
http://www.securityfocus.com/bid/4403
BID:4403
http://www.securityfocus.com/archive/1/265188
BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered)
http://www.iss.net/security_center/static/8738.php
XF:firewall-rst-fingerprint(8738)
CVE-2002-0516
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
2003-04-02
2002-06-15
CVE-2002-0516
http://www.securityfocus.com/bid/4385
BID:4385
http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command
http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command
http://www.iss.net/security_center/static/8671.php
XF:squirrelmail-theme-command-execution(8671)
CVE-2002-0517
Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm.
2002-06-11
2005-05-09
CVE-2002-0517
http://www.securityfocus.com/bid/4502
BID:4502
http://www.securityfocus.com/archive/1/249106
BUGTRAQ:20020108 dtterm exploit in Unixware 7.1.1
http://archives.neohapsis.com/archives/bugtraq/2002-01/0099.html
BUGTRAQ:20020108 xterm exploit in Unixware 7.0.1
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15/CSSA-2002-SCO.15.txt
CALDERA:CSSA-2002-SCO.15
http://www.kb.cert.org/vuls/id/169059
CERT-VN:VU#169059
http://www.iss.net/security_center/static/7282.php
XF:unixware-openunix-dtterm-bo(7282)
http://www.iss.net/security_center/static/8828.php
XF:x11-xrm-bo(8828)
CVE-2002-0518
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.
2002-06-11
2005-08-16
CVE-2002-0518
http://www.securityfocus.com/bid/4524
BID:4524
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc
FREEBSD:FreeBSD-SA-02:20
http://www.osvdb.org/6046
OSVDB:6046
http://www.iss.net/security_center/static/8875.php
XF:bsd-syncache-inpcb-dos(8875)
http://www.iss.net/security_center/static/8873.php
XF:bsd-syncookie-pointer-dos(8873)
CVE-2002-0520
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
2002-06-11
2002-06-15
CVE-2002-0520
http://www.securityfocus.com/bid/4475
BID:4475
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://online.securityfocus.com/archive/82/266705
VULN-DEV:20020409 Security holes in ASP-Nuke
http://www.iss.net/security_center/static/8829.php
XF:aspnuke-image-css(8829)
CVE-2002-0521
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
2002-06-11
2002-06-15
CVE-2002-0521
http://www.securityfocus.com/bid/4477
BID:4477
http://www.securityfocus.com/bid/4481
BID:4481
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://online.securityfocus.com/archive/82/266705
VULN-DEV:20020409 Security holes in ASP-Nuke
http://www.iss.net/security_center/static/8830.php
XF:aspnuke-downloads-post-css(8830)
http://www.iss.net/security_center/static/8831.php
XF:aspnuke-user-profile-css(8831)
CVE-2002-0522
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.
2002-06-11
2002-06-15
CVE-2002-0522
http://www.securityfocus.com/bid/4484
BID:4484
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://online.securityfocus.com/archive/82/266705
VULN-DEV:20020409 Security holes in ASP-Nuke
http://www.iss.net/security_center/static/8832.php
XF:aspnuke-account-hijacking(8832)
CVE-2002-0523
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
2002-06-11
2002-06-15
CVE-2002-0523
http://www.securityfocus.com/bid/4489
BID:4489
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://online.securityfocus.com/archive/82/266705
VULN-DEV:20020409 Security holes in ASP-Nuke
http://www.iss.net/security_center/static/8833.php
XF:aspnuke-cookie-reveal-information(8833)
CVE-2002-0524
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.
2002-06-11
2002-06-15
CVE-2002-0524
http://www.securityfocus.com/bid/4489
BID:4489
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://online.securityfocus.com/archive/82/266705
VULN-DEV:20020409 Security holes in ASP-Nuke
http://www.iss.net/security_center/static/8833.php
XF:aspnuke-cookie-reveal-information(8833)
CVE-2002-0525
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
2002-06-11
2002-06-15
CVE-2002-0525
http://www.securityfocus.com/bid/4501
BID:4501
http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
BUGTRAQ:20020411 Inn (Inter Net News) security problems
http://www.iss.net/security_center/static/8834.php
XF:inn-rnews-inews-format-string(8834)
CVE-2002-0526
Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls.
2002-06-11
2017-07-10
CVE-2002-0526
http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
BUGTRAQ:20020411 Inn (Inter Net News) security problems
https://exchange.xforce.ibmcloud.com/vulnerabilities/42803
XF:inn-inews-rnews-info-disclosure(42803)
CVE-2002-0527
Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options.
2002-06-11
2002-06-15
CVE-2002-0527
http://www.securityfocus.com/bid/4447
BID:4447
http://online.securityfocus.com/archive/1/266380
BUGTRAQ:20020408 KPMG-2002007: Watchguard SOHO Denial of Service
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0006.html
VULNWATCH:20020408 [VulnWatch] KPMG-2002007: Watchguard SOHO Denial of Service
http://www.iss.net/security_center/static/8774.php
XF:watchguard-soho-ipoptions-dos(8774)
CVE-2002-0528
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
2002-06-11
2002-06-15
CVE-2002-0528
http://www.securityfocus.com/bid/4491
BID:4491
http://online.securityfocus.com/archive/1/266948
BUGTRAQ:20020410 KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html
VULNWATCH:20020410 [VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
http://www.iss.net/security_center/static/8814.php
XF:watchguard-soho-bypass-restrictions(8814)
CVE-2002-0529
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
2002-06-11
2002-06-15
CVE-2002-0529
http://www.securityfocus.com/bid/4518
BID:4518
http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html
BUGTRAQ:20020414 Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)
http://www.iss.net/security_center/static/8856.php
XF:macos-photosmart-weak-permissions(8856)
CVE-2002-0530
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
2002-06-11
2002-06-15
CVE-2002-0530
http://seclists.org/bugtraq/2002/Apr/0126.html
BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0010.html
VULNWATCH:20020410 [VulnWatch] Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
CVE-2002-0531
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
2003-04-02
2002-06-15
CVE-2002-0531
http://www.securityfocus.com/bid/4435
BID:4435
http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
BUGTRAQ:20020403 emumail.cgi
http://www.emumail.com/downloads/download_unix.html/
CONFIRM:http://www.emumail.com/downloads/download_unix.html/
http://www.iss.net/security_center/static/8766.php
XF:emumail-cgi-view-files(8766)
CVE-2002-0532
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
2003-04-02
2002-06-15
CVE-2002-0532
http://www.securityfocus.com/bid/4488
BID:4488
http://online.securityfocus.com/archive/1/266930
BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified)
http://www.osvdb.org/5270
OSVDB:5270
http://www.iss.net/security_center/static/8836.php
XF:emumail-http-host-execute(8836)
CVE-2002-0533
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
2002-06-11
2016-10-17
CVE-2002-0533
http://www.securityfocus.com/bid/4432
BID:4432
http://www.securityfocus.com/bid/4434
BID:4434
http://online.securityfocus.com/archive/1/265798
BUGTRAQ:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://marc.info/?l=bugtraq&m=101794993119738&w=2
VULN-DEV:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html
VULNWATCH:20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
http://www.iss.net/security_center/static/8764.php
XF:phpbb-bbcode-function-dos(8764)
CVE-2002-0534
PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
2002-06-11
2002-06-15
CVE-2002-0534
http://www.securityfocus.com/bid/4562
BID:4562
http://online.securityfocus.com/archive/1/267936
BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard
http://www.iss.net/security_center/static/8883.php
XF:postboard-bbcode-dos(8883)
CVE-2002-0535
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
2002-06-11
2017-07-10
CVE-2002-0535
http://www.securityfocus.com/bid/4559
BID:4559
http://www.securityfocus.com/bid/4561
BID:4561
http://online.securityfocus.com/archive/1/267936
BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard
http://www.iss.net/security_center/static/8881.php
XF:postboard-img-css(8881)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8884
XF:postboard-title-css(8884)
CVE-2002-0536
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
2003-04-02
2002-06-15
CVE-2002-0536
http://www.securityfocus.com/bid/4424
BID:4424
http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
BUGTRAQ:20020403 SQL injection in PHPGroupware
http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html
BUGTRAQ:20020411 Re: SQL injection in PHPGroupware
http://www.osvdb.org/5153
OSVDB:5153
http://www.iss.net/security_center/static/8755.php
XF:phpgroupware-sql-injection(8755)
CVE-2002-0537
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
2002-06-11
2002-06-15
CVE-2002-0537
http://www.securityfocus.com/bid/4503
BID:4503
http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html
BUGTRAQ:20020411 SWS Vuln (small but important to those using it.)
http://www.iss.net/security_center/static/8849.php
XF:sws-insecure-admin-page(8849)
CVE-2002-0538
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
2003-04-02
2002-06-15
CVE-2002-0538
http://www.securityfocus.com/bid/4522
BID:4522
http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html
BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html
BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
http://www.iss.net/security_center/static/8847.php
XF:raptor-firewall-ftp-bounce(8847)
CVE-2002-0539
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
2003-04-02
2002-06-15
CVE-2002-0539
http://www.securityfocus.com/bid/4520
BID:4520
http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html
BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login)
http://online.securityfocus.com/archive/1/267941
BUGTRAQ:20020417 Demarc Security Update Advisory
http://www.osvdb.org/5239
OSVDB:5239
http://www.iss.net/security_center/static/8854.php
XF:puresecure-sql-injection(8854)
CVE-2002-0540
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
2002-06-11
2005-05-09
CVE-2002-0540
http://www.securityfocus.com/bid/4507
BID:4507
http://online.securityfocus.com/archive/1/267627
BUGTRAQ:20020413 Nortel CVX 1800s will dump all local user names and passwords via SNMP
http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html
BUGTRAQ:20020419 Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP
http://www.kb.cert.org/vuls/id/403315
CERT-VN:VU#403315
http://www.iss.net/security_center/static/8848.php
XF:nortel-default-snmp-string(8848)
CVE-2002-0541
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
2002-06-11
2002-06-15
CVE-2002-0541
AIXAPAR:IC33211
AIXAPAR:IC33212
http://www.securityfocus.com/bid/4492
BID:4492
http://www.securityfocus.com/bid/4500
BID:4500
http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html
BUGTRAQ:20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a
http://online.securityfocus.com/archive/1/267143
BUGTRAQ:20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a
http://www.tivoli.com/support/storage_mgr/flash_httpport.html
CONFIRM:http://www.tivoli.com/support/storage_mgr/flash_httpport.html
http://www.iss.net/security_center/static/8817.php
XF:tivoli-storagemanager-client-bo(8817)
http://www.iss.net/security_center/static/8825.php
XF:tivoli-storagemanager-login-bo(8825)
CVE-2002-0542
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
2003-04-02
2002-06-15
CVE-2002-0542
http://www.securityfocus.com/bid/4495
BID:4495
http://marc.info/?l=bugtraq&m=101855467811695&w=2
BUGTRAQ:20020411 OpenBSD Local Root Compromise
http://online.securityfocus.com/archive/1/267089
BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below
http://www.openbsd.org/errata30.html#mail
CONFIRM:http://www.openbsd.org/errata30.html#mail
http://www.osvdb.org/5269
OSVDB:5269
http://www.iss.net/security_center/static/8818.php
XF:openbsd-mail-root-privileges(8818)
CVE-2002-0543
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
2003-04-02
2002-06-15
CVE-2002-0543
http://www.securityfocus.com/bid/4466
BID:4466
http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit
http://www.aprelium.com/forum/viewtopic.php?t=24
CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24
http://www.iss.net/security_center/static/8805.php
XF:abyss-unicode-directory-traversal(8805)
CVE-2002-0544
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.
2002-06-11
2002-06-15
CVE-2002-0544
http://www.securityfocus.com/bid/4467
BID:4467
http://www.aprelium.com/news/abws103.html
CONFIRM:http://www.aprelium.com/news/abws103.html
CVE-2002-0545
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
2003-04-02
2002-06-15
CVE-2002-0545
http://www.securityfocus.com/bid/4461
BID:4461
http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml
CISCO:20020409 Aironet Telnet Vulnerability
http://www.iss.net/security_center/static/8788.php
XF:cisco-aironet-telnet-dos(8788)
CVE-2002-0546
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
2004-09-01
2002-06-15
CVE-2002-0546
http://www.securityfocus.com/bid/4414
BID:4414
http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html
BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser
http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html
BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser
http://www.iss.net/security_center/static/8753.php
XF:winamp-mp3-browser-css(8753)
CVE-2002-0547
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
2002-06-11
2002-06-15
CVE-2002-0547
http://www.securityfocus.com/bid/4609
BID:4609
http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html
BUGTRAQ:20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5]
http://www.winamp.com/download/newfeatures.jhtml
MISC:http://www.winamp.com/download/newfeatures.jhtml
http://www.iss.net/security_center/static/8946.php
XF:winamp-mp3-id3v2-bo(8946)
CVE-2002-0548
Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php.
2002-06-11
2002-06-15
CVE-2002-0548
http://www.securityfocus.com/bid/4443
BID:4443
http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities
http://www.iss.net/security_center/static/8771.php
XF:anthill-postbug-auth-bypass(8771)
CVE-2002-0549
Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users.
2002-06-11
2002-06-15
CVE-2002-0549
http://www.securityfocus.com/bid/4442
BID:4442
http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities
http://www.iss.net/security_center/static/8770.php
XF:anthill-bug-tracking-css(8770)
CVE-2002-0550
Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter.
2002-06-11
2002-06-15
CVE-2002-0550
http://www.securityfocus.com/bid/4423
BID:4423
http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
http://www.iss.net/security_center/static/8762.php
XF:dynamic-guestbook-command-execution(8762)
CVE-2002-0551
Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar.
2002-06-11
2002-06-15
CVE-2002-0551
http://www.securityfocus.com/bid/4422
BID:4422
http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
http://www.iss.net/security_center/static/8763.php
XF:dynamic-guestbook-css(8763)
CVE-2002-0552
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.
2002-06-11
2002-06-15
CVE-2002-0552
http://www.securityfocus.com/bid/4508
BID:4508
http://www.securityfocus.com/bid/4509
BID:4509
http://www.securityfocus.com/bid/4510
BID:4510
http://archives.neohapsis.com/archives/bugtraq/2002-04/0157.html
BUGTRAQ:20020414 Vulnerabilities in the Melange Chat Server
http://online.securityfocus.com/archive/1/267932
BUGTRAQ:20020416 Melange Chat POC DOS
http://www.iss.net/security_center/static/8845.php
XF:melange-chat-config-bo(8845)
http://www.iss.net/security_center/static/8846.php
XF:melange-chat-filename-bo(8846)
http://www.iss.net/security_center/static/8842.php
XF:melange-chat-yell-bo(8842)
CVE-2002-0553
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
2003-04-02
2002-06-15
CVE-2002-0553
http://www.securityfocus.com/bid/4506
BID:4506
http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html
BUGTRAQ:20020413 SunSop: cross-site-scripting bug
http://www.iss.net/security_center/static/8840.php
XF:sunshop-new-cust-css(8840)
CVE-2002-0554
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
2002-06-11
2002-06-15
CVE-2002-0554
http://www.securityfocus.com/bid/4496
BID:4496
http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html
BUGTRAQ:20020411 IBM Informix Web DataBlade: SQL injection
http://www.iss.net/security_center/static/8826.php
XF:informix-wdm-sql-injection(8826)
CVE-2002-0555
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
2002-06-11
2002-06-15
CVE-2002-0555
http://www.securityfocus.com/bid/4498
BID:4498
http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
BUGTRAQ:20020411 IBM Informix Web DataBlade: Auto-decoding HTML entities
http://www.iss.net/security_center/static/8827.php
XF:informix-wbm-sql-decoding(8827)
CVE-2002-0556
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
2002-06-11
2002-06-15
CVE-2002-0556
http://www.securityfocus.com/bid/4425
BID:4425
http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html
BUGTRAQ:20020403 Quik-Serv Web Server v1.1B Arbitrary File Disclosure
http://www.iss.net/security_center/static/8754.php
XF:quikserv-dot-directory-traversal(8754)
CVE-2002-0557
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
2002-06-11
2005-03-09
CVE-2002-0557
http://www.securityfocus.com/bid/4338
BID:4338
http://www.openbsd.org/errata30.html#approval
OPENBSD:20020319 016: SECURITY FIX: March 19, 2002
http://www.iss.net/security_center/static/8625.php
XF:bsd-yp-execute-shell(8625)
CVE-2002-0558
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
2002-06-11
2002-06-15
CVE-2002-0558
http://www.securityfocus.com/bid/2489
BID:2489
http://archives.neohapsis.com/archives/bugtraq/2002-04/0090.html
BUGTRAQ:20020407 Typsoft FTP Server: yet another directory traversal vulnerability
http://www.iss.net/security_center/static/6165.php
XF:typsoft-ftp-directory-traversal(6165)
CVE-2002-0559
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
2002-06-11
2017-12-18
CVE-2002-0559
http://www.securityfocus.com/bid/4032
BID:4032
http://online.securityfocus.com/archive/1/254426
BUGTRAQ:20020206 Multiple Buffer Overflows in Oracle 9iAS
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/313280
CERT-VN:VU#313280
http://www.kb.cert.org/vuls/id/659043
CERT-VN:VU#659043
http://www.kb.cert.org/vuls/id/750299
CERT-VN:VU#750299
http://www.kb.cert.org/vuls/id/878603
CERT-VN:VU#878603
http://www.kb.cert.org/vuls/id/923395
CERT-VN:VU#923395
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8098
XF:oracle-appserver-plsql-adddad-bo(8098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8096
XF:oracle-appserver-plsql-authclient-bo(8096)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8095
XF:oracle-appserver-plsql-bo(8095)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8097
XF:oracle-appserver-plsql-cache-bo(8097)
CVE-2002-0560
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
2002-06-11
2016-10-17
CVE-2002-0560
http://www.securityfocus.com/bid/4294
BID:4294
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/307835
CERT-VN:VU#307835
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
CVE-2002-0561
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
2002-06-11
2016-10-17
CVE-2002-0561
http://www.securityfocus.com/bid/4292
BID:4292
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/611776
CERT-VN:VU#611776
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
CVE-2002-0562
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
2002-06-11
2016-10-17
CVE-2002-0562
http://www.securityfocus.com/bid/4034
BID:4034
http://marc.info/?l=bugtraq&m=101301440005580&w=2
BUGTRAQ:20020206 JSP translation file access under Oracle 9iAS
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/698467
CERT-VN:VU#698467
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CVE-2002-0563
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
2002-06-11
2017-07-10
CVE-2002-0563
http://www.securityfocus.com/bid/4293
BID:4293
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/168795
CERT-VN:VU#168795
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.appsecinc.com/Policy/PolicyCheck7024.html
MISC:http://www.appsecinc.com/Policy/PolicyCheck7024.html
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
http://www.osvdb.org/13152
OSVDB:13152
http://www.osvdb.org/705
OSVDB:705
http://securitytracker.com/id?1009167
SECTRACK:1009167
https://exchange.xforce.ibmcloud.com/vulnerabilities/8455
XF:oracle-appserver-apache-services(8455)
CVE-2002-0564
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
2002-06-11
2016-10-17
CVE-2002-0564
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/193523
CERT-VN:VU#193523
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
CVE-2002-0565
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
2002-06-11
2017-12-18
CVE-2002-0565
http://www.securityfocus.com/bid/4034
BID:4034
http://marc.info/?l=bugtraq&m=101301440005580&w=2
BUGTRAQ:20020206 JSP translation file access under Oracle 9iAS
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/547459
CERT-VN:VU#547459
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8100
XF:oracle-appserver-oraclejsp-view-info(8100)
CVE-2002-0566
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
2002-06-11
2017-12-18
CVE-2002-0566
http://www.securityfocus.com/bid/4037
BID:4037
BUGTRAQ:20020206 Multiple Buffer Overflows in Oracle 9iAS
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/805915
CERT-VN:VU#805915
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8099
XF:oracle-appserver-plsql-pls-dos(8099)
CVE-2002-0567
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
2003-04-02
2002-06-15
CVE-2002-0567
http://www.securityfocus.com/bid/4033
BID:4033
http://marc.info/?l=bugtraq&m=101301332402079&w=2
BUGTRAQ:20020206 Remote Compromise in Oracle 9i Database Server
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/180147
CERT-VN:VU#180147
http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8089
XF:oracle-plsql-remote-access(8089)
CVE-2002-0568
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
2002-06-11
2016-10-17
CVE-2002-0568
http://www.securityfocus.com/bid/4290
BID:4290
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/476619
CERT-VN:VU#476619
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
CVE-2002-0569
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
2003-04-02
2003-03-20
CVE-2002-0569
http://www.securityfocus.com/bid/4298
BID:4298
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/977251
CERT-VN:VU#977251
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
http://www.iss.net/security_center/static/8453.php
XF:oracle-appserver-config-file-access(8453)
CVE-2002-0570
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
2002-06-11
2017-12-18
CVE-2002-0570
http://www.securityfocus.com/bid/3775
BID:3775
http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.html
BUGTRAQ:20020102 Vulnerability in encrypted loop device for linux
https://exchange.xforce.ibmcloud.com/vulnerabilities/7769
XF:linux-loop-device-encryption(7769)
CVE-2002-0571
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
2003-04-02
2002-06-15
CVE-2002-0571
http://www.securityfocus.com/bid/4523
BID:4523
http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html
BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data
http://www.ciac.org/ciac/bulletins/m-071.shtml
CIAC:M-071
http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
http://www.osvdb.org/5236
OSVDB:5236
http://www.iss.net/security_center/static/8855.php
XF:oracle-ansi-sql-bypass-acl(8855)
CVE-2002-0572
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
2002-06-11
2005-12-16
CVE-2002-0572
http://www.securityfocus.com/bid/4568
BID:4568
http://online.securityfocus.com/archive/1/268970
BUGTRAQ:20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
http://online.securityfocus.com/archive/1/269102
BUGTRAQ:20020423 cheers
http://www.kb.cert.org/vuls/id/809347
CERT-VN:VU#809347
http://www.ciac.org/ciac/bulletins/m-072.shtml
CIAC:M-072
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
FREEBSD:FreeBSD-SA-02:23
http://www.osvdb.org/6095
OSVDB:6095
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html
VULNWATCH:20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
http://www.iss.net/security_center/static/8920.php
XF:bsd-suid-apps-gain-privileges(8920)
CVE-2002-0573
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
2003-04-02
2002-06-15
CVE-2002-0573
http://www.securityfocus.com/bid/4639
BID:4639
http://online.securityfocus.com/archive/1/270268
BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
http://www.cert.org/advisories/CA-2002-10.html
CERT:CA-2002-10
http://www.kb.cert.org/vuls/id/638099
CERT-VN:VU#638099
http://www.osvdb.org/778
OSVDB:778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A41
OVAL:oval:org.mitre.oval:def:41
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A79
OVAL:oval:org.mitre.oval:def:79
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
http://www.iss.net/security_center/static/8971.php
XF:solaris-rwall-format-string(8971)
CVE-2002-0574
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.
2003-04-02
2002-08-16
CVE-2002-0574
http://www.securityfocus.com/bid/4539
BID:4539
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc
FREEBSD:FreeBSD-SA-02:21
http://www.osvdb.org/5232
OSVDB:5232
http://www.iss.net/security_center/static/8893.php
XF:freebsd-icmp-echo-reply-dos(8893)
CVE-2002-0575
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
2003-04-02
2003-03-20
CVE-2002-0575
http://www.securityfocus.com/bid/4560
BID:4560
http://online.securityfocus.com/archive/1/268718
BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html
BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token)
http://online.securityfocus.com/archive/1/269701
BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token)
http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html
BUGTRAQ:20020429 TSLSA-2002-0047 - openssh
http://marc.info/?l=bugtraq&m=102167972421837&w=2
BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt
CALDERA:CSSA-2002-022.2
http://www.osvdb.org/781
OSVDB:781
http://marc.info/?l=vuln-dev&m=101924296115863&w=2
VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
http://www.iss.net/security_center/static/8896.php
XF:openssh-sshd-kerberos-bo(8896)
CVE-2002-0576
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
2003-04-02
2002-06-15
CVE-2002-0576
http://www.securityfocus.com/bid/4542
BID:4542
http://online.securityfocus.com/archive/1/268263
BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure
http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
http://www.osvdb.org/3337
OSVDB:3337
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure
http://www.iss.net/security_center/static/8866.php
XF:coldfusion-dos-device-path-disclosure(8866)
CVE-2002-0577
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
2002-06-11
2017-10-09
CVE-2002-0577
http://www.securityfocus.com/bid/4582
BID:4582
http://www.kb.cert.org/vuls/id/977779
CERT-VN:VU#977779
http://archives.neohapsis.com/archives/hp/2002-q2/0023.html
HP:HPSBUX0204-191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5518
OVAL:oval:org.mitre.oval:def:5518
http://securityreason.com/securityalert/656
SREASON:656
http://www.iss.net/security_center/static/8939.php
XF:hpux-passwd-dos(8939)
CVE-2002-0578
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
2002-06-11
2002-06-15
CVE-2002-0578
http://www.securityfocus.com/bid/4665
BID:4665
http://archives.neohapsis.com/archives/bugtraq/2002-05/0013.html
BUGTRAQ:20020502 iXsecurity.20020404.4d_webserver.a
CVE-2002-0579
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
2002-06-11
2002-06-15
CVE-2002-0579
http://www.securityfocus.com/bid/4552
BID:4552
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8900.php
XF:xpede-insecure-admin-scripts(8900)
CVE-2002-0580
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
2002-06-11
2002-06-15
CVE-2002-0580
http://www.securityfocus.com/bid/4553
BID:4553
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8902.php
XF:xpede-datasource-reveal-account(8902)
CVE-2002-0581
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
2002-06-11
2002-06-15
CVE-2002-0581
http://www.securityfocus.com/bid/4555
BID:4555
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8903.php
XF:xpede-sprc-sql-injection(8903)
CVE-2002-0582
WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory.
2002-06-11
2002-06-15
CVE-2002-0582
http://www.securityfocus.com/bid/4554
BID:4554
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8905.php
XF:xpede-expense-directory-permissions(8905)
CVE-2002-0583
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
2002-06-11
2002-06-15
CVE-2002-0583
http://www.securityfocus.com/bid/4554
BID:4554
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8905.php
XF:xpede-expense-directory-permissions(8905)
CVE-2002-0584
WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet.
2002-06-11
2002-06-15
CVE-2002-0584
http://www.securityfocus.com/bid/4556
BID:4556
http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
BUGTRAQ:20020419 Xpede many vulnerabilities
http://www.iss.net/security_center/static/8907.php
XF:xpede-timesheet-disclosure(8907)
CVE-2002-0585
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
2002-06-11
2017-10-09
CVE-2002-0585
http://www.securityfocus.com/bid/4680
BID:4680
http://archives.neohapsis.com/archives/hp/2002-q2/0034.html
HP:HPSBUX0205-192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5490
OVAL:oval:org.mitre.oval:def:5490
http://www.iss.net/security_center/static/9020.php
XF:hpux-ndd-dos(9020)
CVE-2002-0586
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.
2002-06-11
2002-06-15
CVE-2002-0586
http://www.securityfocus.com/bid/4535
BID:4535
http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
http://www.iss.net/security_center/static/8860.php
XF:aolserver-dbproxy-format-string(8860)
CVE-2002-0587
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.
2002-06-11
2002-06-15
CVE-2002-0587
http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
CVE-2002-0588
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
2002-06-11
2002-06-15
CVE-2002-0588
http://www.securityfocus.com/bid/4540
BID:4540
http://online.securityfocus.com/archive/1/268231
BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
http://orbit-net.net:8001/php/pvote/
CONFIRM:http://orbit-net.net:8001/php/pvote/
http://www.iss.net/security_center/static/8877.php
XF:pvote-add-delete-polls(8877)
CVE-2002-0589
PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
2002-06-11
2002-06-15
CVE-2002-0589
http://www.securityfocus.com/bid/4541
BID:4541
http://online.securityfocus.com/archive/1/268231
BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
http://orbit-net.net:8001/php/pvote/
CONFIRM:http://orbit-net.net:8001/php/pvote/
http://www.iss.net/security_center/static/8878.php
XF:pvote-change-admin-password(8878)
CVE-2002-0590
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.
2002-06-11
2002-06-15
CVE-2002-0590
http://www.securityfocus.com/bid/4548
BID:4548
http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html
BUGTRAQ:20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
http://www.iss.net/security_center/static/8879.php
XF:incredibb-html-css(8879)
CVE-2002-0591
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
2002-06-11
2002-06-15
CVE-2002-0591
http://www.securityfocus.com/bid/4526
BID:4526
http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html
BUGTRAQ:20020416 AIM's 'Direct Connection' feature could lead to arbitrary file creation
http://www.iss.net/security_center/static/8870.php
XF:aim-direct-connection-files(8870)
CVE-2002-0592
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
2002-06-11
2017-07-10
CVE-2002-0592
http://www.securityfocus.com/bid/4574
BID:4574
http://online.securityfocus.com/archive/1/269006
BUGTRAQ:20020421 AIM Remote File Transfer/Direct Connection Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/8931
XF:aim-hijack-connection(8931)
CVE-2002-0593
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
2002-06-11
2007-11-12
CVE-2002-0593
http://www.securityfocus.com/bid/4637
BID:4637
http://online.securityfocus.com/archive/1/270249
BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
CONECTIVA:CLA-2002:490
http://secunia.com/advisories/8039
SECUNIA:8039
http://www.iss.net/security_center/static/8976.php
XF:mozilla-netscape-irc-bo(8976)
CVE-2002-0594
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
2003-04-02
2007-11-12
CVE-2002-0594
http://www.securityfocus.com/bid/4640
BID:4640
http://online.securityfocus.com/archive/1/270249
BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
CONECTIVA:CLA-2002:490
http://www.redhat.com/support/errata/RHSA-2002-192.html
REDHAT:RHSA-2002:192
http://www.redhat.com/support/errata/RHSA-2003-046.html
REDHAT:RHSA-2003:046
http://www.iss.net/security_center/static/8977.php
XF:mozilla-css-files-exist(8977)
CVE-2002-0595
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.
2002-06-11
2002-06-15
CVE-2002-0595
http://www.securityfocus.com/bid/4531
BID:4531
http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
http://www.iss.net/security_center/static/8864.php
XF:webtrends-long-string-bo(8864)
CVE-2002-0596
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
2002-06-11
2010-01-14
CVE-2002-0596
http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
http://www.ngssoftware.com/advisories/wtr.txt
MISC:http://www.ngssoftware.com/advisories/wtr.txt
http://www.osvdb.org/10447
OSVDB:10447
http://www.iss.net/security_center/static/8865.php
XF:webtrends-profile-path-disclosure(8865)
CVE-2002-0597
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
2003-04-02
2003-03-24
CVE-2002-0597
http://www.securityfocus.com/bid/4532
BID:4532
http://online.securityfocus.com/archive/1/268066
BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
http://www.kb.cert.org/vuls/id/693099
CERT-VN:VU#693099
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q320751
MSKB:Q320751
http://www.osvdb.org/5179
OSVDB:5179
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html
VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
http://www.iss.net/security_center/static/8867.php
XF:win2k-lanman-dos(8867)
CVE-2002-0598
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner.
2003-04-02
2002-06-15
CVE-2002-0598
http://www.securityfocus.com/bid/4549
BID:4549
http://online.securityfocus.com/archive/1/268581
BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
BUGTRAQ:20020501 FW: Fscan advisory (fwd)
http://www.foundstone.com/knowledge/fscan112_advisory.html
CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html
VULNWATCH:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
http://www.iss.net/security_center/static/8895.php
XF:fscan-banner-format-string(8895)
CVE-2002-0599
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
2003-04-02
2002-06-15
CVE-2002-0599
http://www.securityfocus.com/bid/4618
BID:4618
http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability
http://sourceforge.net/project/shownotes.php?release_id=87004
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004
http://www.osvdb.org/5178
OSVDB:5178
http://www.iss.net/security_center/static/8951.php
XF:blahzdns-auth-bypass(8951)
CVE-2002-0600
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
2002-06-11
2002-06-15
CVE-2002-0600
http://www.securityfocus.com/bid/4592
BID:4592
http://archives.neohapsis.com/archives/bugtraq/2002-04/0339.html
BUGTRAQ:20020424 A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution
http://www.iss.net/security_center/static/8938.php
XF:kerberos4-ftp-client-overflow(8938)
CVE-2002-0601
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.
2003-04-02
2003-03-20
CVE-2002-0601
http://www.securityfocus.com/bid/4649
BID:4649
http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html
BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
http://www.iss.net/security_center/alerts/advise116.php
ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor
http://www.osvdb.org/5165
OSVDB:5165
http://www.iss.net/security_center/static/8961.php
XF:rs-ns-dhcp-dos(8961)
CVE-2002-0602
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port.
2002-06-11
2017-07-10
CVE-2002-0602
http://www.securityfocus.com/bid/4657
BID:4657
http://www.securityfocus.com/bid/4658
BID:4658
http://marc.info/?l=bugtraq&m=102035583114759&w=2
BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
http://www.snapgear.com/releases.html
CONFIRM:http://www.snapgear.com/releases.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
https://exchange.xforce.ibmcloud.com/vulnerabilities/8985
XF:snapgear-vpn-http-dos(8985)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8986
XF:snapgear-vpn-pptp-dos(8986)
CVE-2002-0603
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500.
2002-06-11
2016-10-17
CVE-2002-0603
http://www.securityfocus.com/bid/4659
BID:4659
http://marc.info/?l=bugtraq&m=102035583114759&w=2
BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
http://www.snapgear.com/releases.html
CONFIRM:http://www.snapgear.com/releases.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
http://www.iss.net/security_center/static/8987.php
XF:snapgear-vpn-ipsec-dos(8987)
CVE-2002-0604
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options.
2002-06-11
2016-10-17
CVE-2002-0604
http://www.securityfocus.com/bid/4660
BID:4660
http://marc.info/?l=bugtraq&m=102035583114759&w=2
BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
http://www.snapgear.com/releases.html
CONFIRM:http://www.snapgear.com/releases.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
http://www.iss.net/security_center/static/8988.php
XF:snapgear-vpn-ipoptions-dos(8988)
CVE-2002-0605
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.
2003-04-02
2002-06-15
CVE-2002-0605
http://www.securityfocus.com/bid/4664
BID:4664
http://marc.info/?l=bugtraq&m=102039374017185&w=2
BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
http://www.osvdb.org/5177
OSVDB:5177
http://marc.info/?l=vuln-dev&m=102038919414726&w=2
VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html
VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow
http://www.iss.net/security_center/static/8993.php
XF:flash-activex-movie-bo(8993)
CVE-2002-0606
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.
2002-06-11
2002-06-15
CVE-2002-0606
http://www.securityfocus.com/bid/4638
BID:4638
http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html
BUGTRAQ:20020429 3CDaemon DoS exploit
http://www.iss.net/security_center/static/8970.php
XF:3cdaemon-ftp-bo(8970)
CVE-2002-0607
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
2002-06-11
2002-06-15
CVE-2002-0607
http://www.securityfocus.com/bid/4558
BID:4558
http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
BUGTRAQ:20020419 Snitz Forums 2000 remote SQL query manipulation vulnerability
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
CONFIRM:http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
http://www.iss.net/security_center/static/8898.php
XF:snitz-members-sql-injection(8898)
CVE-2002-0608
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
2002-06-11
2002-06-15
CVE-2002-0608
http://www.securityfocus.com/bid/4572
BID:4572
http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html
BUGTRAQ:20020422 Matu FTP remote buffer overflow vulnerability
http://www.iss.net/security_center/static/8911.php
XF:matu-ftp-long-string-bo(8911)
CVE-2002-0609
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets.
2002-06-11
2002-06-15
CVE-2002-0609
http://www.securityfocus.com/bid/4536
BID:4536
http://online.securityfocus.com/advisories/4047
HP:HPSBMP0204-013
http://www.iss.net/security_center/static/8901.php
XF:hp-mpeix-ip-dos(8901)
CVE-2002-0610
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.
2002-06-11
2005-05-09
CVE-2002-0610
http://www.securityfocus.com/bid/4652
BID:4652
http://www.kb.cert.org/vuls/id/551683
CERT-VN:VU#551683
http://www.ciac.org/ciac/bulletins/m-075.shtml
CIAC:M-075
http://online.securityfocus.com/advisories/4082
HP:HPSBMP0204-014
http://www.iss.net/security_center/static/8990.php
XF:hp-mpeix-ftp-access(8990)
CVE-2002-0611
Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.
2002-06-11
2002-06-15
CVE-2002-0611
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
VULN-DEV:20020416 FileSeek cgi script advisory
http://www.iss.net/security_center/static/8858.php
XF:fileseek-cgi-directory-traversal(8858)
CVE-2002-0612
FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters.
2002-06-11
2002-06-15
CVE-2002-0612
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
VULN-DEV:20020416 FileSeek cgi script advisory
http://www.iss.net/security_center/static/8857.php
XF:fileseek-cgi-command-execution(8857)
CVE-2002-0613
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
2003-04-02
2002-06-15
CVE-2002-0613
http://www.securityfocus.com/bid/4617
BID:4617
http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html
BUGTRAQ:20020428 dnstools: authentication bypass vulnerability
http://www.dnstools.com/dnstools_2.0.1.tar.gz
CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz
http://www.iss.net/security_center/static/8948.php
XF:dnstools-auth-bypass(8948)
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server.
2002-06-11
2002-06-15
CVE-2002-0614
http://www.securityfocus.com/bid/4612
BID:4612
http://archives.neohapsis.com/archives/bugtraq/2002-04/0383.html
BUGTRAQ:20020426 PHP-Survey Database Access Vulnerability
http://www.iss.net/security_center/static/8950.php
XF:phpsurvey-global-reveal-info(8950)
CVE-2002-0615
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
2004-09-01
2004-07-24
CVE-2002-0615
http://www.securityfocus.com/bid/5110
BID:5110
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
MS:MS02-032
http://www.iss.net/security_center/static/9422.php
XF:mediaplayer-playlist-script-execution(9422)
CVE-2002-0616
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
2003-04-02
2003-03-20
CVE-2002-0616
http://www.securityfocus.com/bid/5063
BID:5063
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
MS:MS02-031
http://www.iss.net/security_center/static/9397.php
XF:excel-inline-macro-execution(9397)
CVE-2002-0617
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
2003-04-02
2002-07-26
CVE-2002-0617
http://www.securityfocus.com/bid/5064
BID:5064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
MS:MS02-031
http://www.osvdb.org/5175
OSVDB:5175
https://exchange.xforce.ibmcloud.com/vulnerabilities/9398
XF:excel-hyperlink-macro-execution(9398)
CVE-2002-0618
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
2003-04-02
2003-03-20
CVE-2002-0618
http://www.securityfocus.com/bid/4821
BID:4821
http://www.guninski.com/ex$el2.html
MISC:http://www.guninski.com/ex$el2.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
MS:MS02-031
http://marc.info/?l=ntbugtraq&m=102256054320377&w=2
NTBUGTRAQ:20020524 Excel XP xml stylesheet problems
http://www.iss.net/security_center/static/9399.php
XF:excel-xsl-script-execution(9399)
CVE-2002-0619
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
2003-04-02
2003-03-20
CVE-2002-0619
http://www.securityfocus.com/bid/5066
BID:5066
http://marc.info/?l=bugtraq&m=102139136019862&w=2
BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
MS:MS02-031
http://www.iss.net/security_center/static/9077.php
XF:word-mail-merge-variant(9077)
CVE-2002-0620
Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
2002-07-01
2018-10-12
CVE-2002-0620
http://www.securityfocus.com/bid/4853
BID:4853
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
MS:MS02-033
CVE-2002-0621
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
2003-04-02
2003-03-20
CVE-2002-0621
http://www.securityfocus.com/bid/5108
BID:5108
BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
MS:MS02-033
http://www.osvdb.org/5172
OSVDB:5172
http://www.iss.net/security_center/static/9424.php
XF:mscs-owc-installer-bo(9424)
CVE-2002-0622
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
2003-04-02
2003-03-20
CVE-2002-0622
http://www.securityfocus.com/bid/5111
BID:5111
BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
MS:MS02-033
http://www.osvdb.org/5170
OSVDB:5170
http://www.iss.net/security_center/static/9425.php
XF:mscs-owc-installer-permissions(9425)
CVE-2002-0623
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
2003-04-02
2003-03-20
CVE-2002-0623
http://www.securityfocus.com/bid/5112
BID:5112
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
MS:MS02-033
http://www.osvdb.org/5163
OSVDB:5163
http://www.iss.net/security_center/static/9426.php
XF:mscs-authfilter-isapi-bo-variant(9426)
CVE-2002-0624
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
2002-07-12
2018-10-12
CVE-2002-0624
http://www.cert.org/advisories/CA-2002-22.html
CERT:CA-2002-22
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
MS:MS02-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291
OVAL:oval:org.mitre.oval:def:291
CVE-2002-0626
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
2003-01-03
2003-01-15
CVE-2002-0626
http://www.securityfocus.com/bid/5631
BID:5631
http://www.ciac.org/ciac/bulletins/m-123.shtml
CIAC:M-123
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
http://www.iss.net/security_center/static/9347.php
XF:viewstation-default-blank-password(9347)
CVE-2002-0627
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
2004-09-01
2003-01-08
CVE-2002-0627
http://www.securityfocus.com/bid/5632
BID:5632
http://www.ciac.org/ciac/bulletins/m-123.shtml
CIAC:M-123
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
http://www.iss.net/security_center/static/9348.php
XF:viewstation-unicode-retrieve-password(9348)
CVE-2002-0628
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
2003-01-03
2017-07-10
CVE-2002-0628
http://www.securityfocus.com/bid/5635
BID:5635
http://www.ciac.org/ciac/bulletins/m-123.shtml
CIAC:M-123
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
http://www.iss.net/security_center/static/9349.php
XF:viewstation-telnet-login-dos(9349)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44241
XF:viewstation-telnet-login-info-disclosure(44241)
CVE-2002-0629
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
2003-01-03
2003-01-15
CVE-2002-0629
http://www.securityfocus.com/bid/5636
BID:5636
http://www.ciac.org/ciac/bulletins/m-123.shtml
CIAC:M-123
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
http://www.iss.net/security_center/static/9349.php
XF:viewstation-telnet-login-dos(9349)
CVE-2002-0630
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
2004-09-01
2003-01-15
CVE-2002-0630
http://www.securityfocus.com/bid/5637
BID:5637
http://www.ciac.org/ciac/bulletins/m-123.shtml
CIAC:M-123
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
http://www.iss.net/security_center/static/9350.php
XF:viewstation-icmp-dos(9350)
CVE-2002-0631
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.
2003-04-02
2003-03-20
CVE-2002-0631
http://www.securityfocus.com/bid/5092
BID:5092
ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I
SGI:20020607-02-I
http://www.iss.net/security_center/static/9418.php
XF:irix-nveventd-file-write(9418)
CVE-2002-0632
Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server.
2002-08-14
2006-06-25
CVE-2002-0632
http://www.securityfocus.com/bid/5448
BID:5448
http://www.osvdb.org/11081
OSVDB:11081
ftp://patches.sgi.com/support/free/security/advisories/20020804-01-P
SGI:20020804-01-P
http://www.iss.net/security_center/static/9825.php
XF:irix-bds-unauth-access(9825)
CVE-2002-0633
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-0633
CVE-2002-0634
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-0634
CVE-2002-0635
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-0635
CVE-2002-0636
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0636
CVE-2002-0637
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
2002-07-04
2007-10-31
CVE-2002-0637
http://www.securiteam.com/securitynews/5KP000A7QE.html
MISC:http://www.securiteam.com/securitynews/5KP000A7QE.html
http://www.iss.net/security_center/static/9464.php
XF:interscan-viruswall-protection-bypass(9464)
CVE-2002-0638
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
2003-04-02
2003-03-20
CVE-2002-0638
http://www.securityfocus.com/bid/5344
BID:5344
http://marc.info/?l=bugtraq&m=102795787713996&w=2
BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
CALDERA:CSSA-2002-043.0
http://www.kb.cert.org/vuls/id/405955
CERT-VN:VU#405955
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
CONECTIVA:CLA-2002:523
http://online.securityfocus.com/advisories/4320
HP:HPSBTL0207-054
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
MANDRAKE:MDKSA-2002:047
http://www.osvdb.org/5164
OSVDB:5164
http://rhn.redhat.com/errata/RHSA-2002-132.html
REDHAT:RHSA-2002:132
http://www.redhat.com/support/errata/RHSA-2002-137.html
REDHAT:RHSA-2002:137
http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability
http://www.iss.net/security_center/static/9709.php
XF:utillinux-chfn-race-condition(9709)
CVE-2002-0639
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
2003-04-02
2019-07-21
CVE-2002-0639
http://www.securityfocus.com/bid/5093
BID:5093
http://marc.info/?l=bugtraq&m=102514371522793&w=2
BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
http://marc.info/?l=bugtraq&m=102514631524575&w=2
BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
http://marc.info/?l=bugtraq&m=102521542826833&w=2
BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
CALDERA:CSSA-2002-030.0
http://www.cert.org/advisories/CA-2002-18.html
CERT:CA-2002-18
http://www.kb.cert.org/vuls/id/369347
CERT-VN:VU#369347
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
CONECTIVA:CLA-2002:502
http://www.debian.org/security/2002/dsa-134
DEBIAN:DSA-134
http://www.linuxsecurity.com/advisories/other_advisory-2177.html
ENGARDE:ESA-20020702-016
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
HP:HPSBUX0206-195
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html
ISS:20020626 OpenSSH Remote Challenge Vulnerability
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
MANDRAKE:MDKSA-2002:040
https://twitter.com/RooneyMcNibNug/status/1152332585349111810
MISC:https://twitter.com/RooneyMcNibNug/status/1152332585349111810
NETBSD:2002-005
http://www.osvdb.org/6245
OSVDB:6245
http://www.iss.net/security_center/static/9169.php
XF:openssh-challenge-response-bo(9169)
CVE-2002-0640
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
2003-04-02
2007-12-19
CVE-2002-0640
http://www.securityfocus.com/bid/5093
BID:5093
http://marc.info/?l=bugtraq&m=102514371522793&w=2
BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
http://marc.info/?l=bugtraq&m=102514631524575&w=2
BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
http://marc.info/?l=bugtraq&m=102521542826833&w=2
BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
http://marc.info/?l=bugtraq&m=102532054613894&w=2
BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
CALDERA:CSSA-2002-030.0
http://www.cert.org/advisories/CA-2002-18.html
CERT:CA-2002-18
http://www.kb.cert.org/vuls/id/369347
CERT-VN:VU#369347
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
CONECTIVA:CLA-2002:502
http://www.debian.org/security/2002/dsa-134
DEBIAN:DSA-134
http://www.linuxsecurity.com/advisories/other_advisory-2177.html
ENGARDE:ESA-20020702-016
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
HP:HPSBUX0206-195
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
MANDRAKE:MDKSA-2002:040
http://www.osvdb.org/839
OSVDB:839
http://www.redhat.com/support/errata/RHSA-2002-127.html
REDHAT:RHSA-2002:127
http://www.redhat.com/support/errata/RHSA-2002-131.html
REDHAT:RHSA-2002:131
http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html
SUSE:SuSE-SA:2002:024
CVE-2002-0641
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
2002-07-12
2018-10-12
CVE-2002-0641
http://www.securityfocus.com/bid/4847
BID:4847
http://marc.info/?l=bugtraq&m=102639885223746&w=2
BUGTRAQ:20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
http://www.kb.cert.org/vuls/id/682620
CERT-VN:VU#682620
http://www.ngssoftware.com/advisories/ms-sqlbi.txt
MISC:http://www.ngssoftware.com/advisories/ms-sqlbi.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
MS:MS02-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316
OVAL:oval:org.mitre.oval:def:316
CVE-2002-0642
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
2003-04-02
2003-03-20
CVE-2002-0642
http://www.securityfocus.com/bid/5205
BID:5205
http://www.cert.org/advisories/CA-2002-22.html
CERT:CA-2002-22
http://www.kb.cert.org/vuls/id/796313
CERT-VN:VU#796313
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
MS:MS02-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025
OVAL:oval:org.mitre.oval:def:1025
http://www.iss.net/security_center/static/9523.php
XF:mssql-registry-insecure-permissions(9523)
CVE-2002-0643
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
2002-07-12
2018-10-12
CVE-2002-0643
http://www.securityfocus.com/bid/5203
BID:5203
http://marc.info/?l=bugtraq&m=102640092826731&w=2
BUGTRAQ:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
http://www.kb.cert.org/vuls/id/338195
CERT-VN:VU#338195
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035
MS:MS02-035
http://marc.info/?l=vuln-dev&m=102640394131103&w=2
VULN-DEV:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
CVE-2002-0644
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
2002-07-26
2018-10-12
CVE-2002-0644
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038
MS:MS02-038
CVE-2002-0645
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
2002-07-26
2018-10-12
CVE-2002-0645
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038
MS:MS02-038
CVE-2002-0646
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0371. Reason: This candidate is a reservation duplicate of CVE-2002-0371. Notes: CVE-2002-0371 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-10-15
2005-02-06
CVE-2002-0646
CVE-2002-0647
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
2003-04-02
2003-03-20
CVE-2002-0647
http://www.securityfocus.com/bid/5558
BID:5558
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
MS:MS02-047
http://www.iss.net/security_center/static/9935.php
XF:ms-legacytext-activex-bo(9935)
CVE-2002-0648
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
2003-04-02
2003-03-20
CVE-2002-0648
http://www.securityfocus.com/bid/5560
BID:5560
http://marc.info/?l=bugtraq&m=103011639524314&w=2
BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
MS:MS02-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026
OVAL:oval:org.mitre.oval:def:1026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148
OVAL:oval:org.mitre.oval:def:1148
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207
OVAL:oval:org.mitre.oval:def:1207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608
OVAL:oval:org.mitre.oval:def:608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776
OVAL:oval:org.mitre.oval:def:776
http://www.iss.net/security_center/static/9936.php
XF:ie-xml-redirect-read-files(9936)
CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
2002-07-26
2018-10-19
CVE-2002-0649
http://www.securityfocus.com/bid/5310
BID:5310
http://marc.info/?l=bugtraq&m=102760196931518&w=2
BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
http://www.securityfocus.com/archive/1/308321/30/26180/threaded
BUGTRAQ:20030125 Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308306/30/26180/threaded
BUGTRAQ:20030125 MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308393/30/26180/threaded
BUGTRAQ:20030125 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308324/30/26180/threaded
BUGTRAQ:20030125 Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308388/30/26180/threaded
BUGTRAQ:20030125 SQL Sapphire Worm Analysis
http://www.securityfocus.com/archive/1/308418/30/26150/threaded
BUGTRAQ:20030125 Sapphire SQL Worm Analysis Complete
http://www.securityfocus.com/archive/1/308396/30/26150/threaded
BUGTRAQ:20030126 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308419/30/26150/threaded
BUGTRAQ:20030126 Tool: Sapphire SQL Worm Scanner
http://www.securityfocus.com/archive/1/308760/30/26120/threaded
BUGTRAQ:20030128 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
http://www.securityfocus.com/archive/1/308806/30/26120/threaded
BUGTRAQ:20030128 Re: MSDE contained in...
http://www.securityfocus.com/archive/1/309096/30/26120/threaded
BUGTRAQ:20030129 Re: MSDE contained in...
http://www.securityfocus.com/archive/1/309324/30/26120/threaded
BUGTRAQ:20030130 RE: MSDE contained in...
http://www.securityfocus.com/archive/1/309776/30/26090/threaded
BUGTRAQ:20030201 The Spread of the Sapphire/Slammer SQL Worm
http://www.cert.org/advisories/CA-2002-22.html
CERT:CA-2002-22
http://www.cert.org/advisories/CA-2003-04.html
CERT:CA-2003-04
http://www.kb.cert.org/vuls/id/399260
CERT-VN:VU#399260
http://www.kb.cert.org/vuls/id/484891
CERT-VN:VU#484891
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039
MS:MS02-039
http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1077
OVAL:oval:org.mitre.oval:def:1077
http://secunia.com/advisories/7945
SECUNIA:7945
CVE-2002-0650
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
2003-04-02
2003-03-20
CVE-2002-0650
http://www.securityfocus.com/bid/5312
BID:5312
http://marc.info/?l=bugtraq&m=102760196931518&w=2
BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039
MS:MS02-039
http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
http://www.osvdb.org/878
OSVDB:878
http://www.iss.net/security_center/static/9662.php
XF:mssql-resolution-keepalive-dos(9662)
CVE-2002-0651
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
2004-09-01
2004-08-17
CVE-2002-0651
http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
AIXAPAR:IY32719
http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
AIXAPAR:IY32746
http://www.securityfocus.com/bid/5100
BID:5100
http://marc.info/?l=bugtraq&m=102513011311504&w=2
BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc
http://marc.info/?l=bugtraq&m=102579743329251&w=2
BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
CALDERA:CSSA-2002-SCO.37
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
CALDERA:CSSA-2002-SCO.39
http://www.cert.org/advisories/CA-2002-19.html
CERT:CA-2002-19
http://www.kb.cert.org/vuls/id/803539
CERT-VN:VU#803539
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
CONECTIVA:CLSA-2002:507
http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
ENGARDE:ESA-20020724-018
http://marc.info/?l=bugtraq&m=102520962320134&w=2
FREEBSD:FreeBSD-SA-02:28
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
MANDRAKE:MDKSA-2002:038
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
MANDRAKE:MDKSA-2002:043
http://www.pine.nl/advisories/pine-cert-20020601.txt
MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt
ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
NETBSD:NetBSD-SA2002-006
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190
OVAL:oval:org.mitre.oval:def:4190
http://www.redhat.com/support/errata/RHSA-2002-119.html
REDHAT:RHSA-2002:119
http://www.redhat.com/support/errata/RHSA-2002-133.html
REDHAT:RHSA-2002:133
http://rhn.redhat.com/errata/RHSA-2002-139.html
REDHAT:RHSA-2002:139
http://www.redhat.com/support/errata/RHSA-2002-167.html
REDHAT:RHSA-2002:167
http://www.redhat.com/support/errata/RHSA-2003-154.html
REDHAT:RHSA-2003:154
ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
SGI:20020701-01-I
http://www.iss.net/security_center/static/9432.php
XF:dns-resolver-lib-bo(9432)
CVE-2002-0652
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
2002-07-01
2016-10-17
CVE-2002-0652
http://marc.info/?l=bugtraq&m=102459162909825&w=2
BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
SGI:20020605-01-I
ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
SGI:20020606-01-I
CVE-2002-0653
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
2003-04-02
2002-08-16
CVE-2002-0653
http://www.securityfocus.com/bid/5084
BID:5084
http://marc.info/?l=bugtraq&m=102513970919836&w=2
BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html
BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt
CALDERA:CSSA-2002-031.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504
CONECTIVA:CLA-2002:504
http://www.debian.org/security/2002/dsa-135
DEBIAN:DSA-135
http://marc.info/?l=bugtraq&m=102563469326072&w=2
ENGARDE:ESA-20020702-017
http://archives.neohapsis.com/archives/hp/2002-q3/0018.html
HP:HPSBTL0207-052
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php
MANDRAKE:MDKSA-2002:048
http://www.redhat.com/support/errata/RHSA-2002-134.html
REDHAT:RHSA-2002:134
http://www.redhat.com/support/errata/RHSA-2002-135.html
REDHAT:RHSA-2002:135
http://www.redhat.com/support/errata/RHSA-2002-136.html
REDHAT:RHSA-2002:136
http://www.redhat.com/support/errata/RHSA-2002-146.html
REDHAT:RHSA-2002:146
http://rhn.redhat.com/errata/RHSA-2002-164.html
REDHAT:RHSA-2002:164
http://www.redhat.com/support/errata/RHSA-2003-106.html
REDHAT:RHSA-2003:106
http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
SUSE:SuSE-SA:2002:028
http://marc.info/?l=vuln-dev&m=102477330617604&w=2
VULN-DEV:20020622 Another flaw in Apache?
http://www.iss.net/security_center/static/9415.php
XF:apache-modssl-htaccess-bo(9415)
CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
2002-08-20
2021-06-06
CVE-2002-0654
http://www.securityfocus.com/bid/5485
BID:5485
http://www.securityfocus.com/bid/5486
BID:5486
http://marc.info/?l=bugtraq&m=102951160411052&w=2
BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug
http://www.apache.org/dist/httpd/CHANGES_2.0
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.iss.net/security_center/static/9876.php
XF:apache-cgi-path-disclosure(9876)
http://www.iss.net/security_center/static/9875.php
XF:apache-var-path-disclosure(9875)
CVE-2002-0655
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
2002-07-31
2002-08-01
CVE-2002-0655
http://www.securityfocus.com/bid/5364
BID:5364
BUGTRAQ:20020730 GLSA: OpenSSL
BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
BUGTRAQ:20020730 OpenSSL patches for other versions
BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
CALDERA:CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
CALDERA:CSSA-2002-033.1
http://www.cert.org/advisories/CA-2002-23.html
CERT:CA-2002-23
http://www.kb.cert.org/vuls/id/308891
CERT-VN:VU#308891
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
CONECTIVA:CLA-2002:513
DEBIAN:DSA-136
ENGARDE:ESA-20020730-019
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
FREEBSD:FreeBSD-SA-02:33
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
MANDRAKE:MDKSA-2002:046
REDHAT:RHSA-2002:155
SUSE:SuSE-SA:2002:027
CVE-2002-0656
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
2002-07-31
2007-10-15
CVE-2002-0656
http://www.securityfocus.com/bid/5362
BID:5362
http://www.securityfocus.com/bid/5363
BID:5363
BUGTRAQ:20020730 GLSA: OpenSSL
BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
BUGTRAQ:20020730 OpenSSL patches for other versions
BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
CALDERA:CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
CALDERA:CSSA-2002-033.1
http://www.cert.org/advisories/CA-2002-23.html
CERT:CA-2002-23
http://www.kb.cert.org/vuls/id/102795
CERT-VN:VU#102795
http://www.kb.cert.org/vuls/id/258555
CERT-VN:VU#258555
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
CONECTIVA:CLA-2002:513
DEBIAN:DSA-136
ENGARDE:ESA-20020730-019
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
FREEBSD:FreeBSD-SA-02:33
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
MANDRAKE:MDKSA-2002:046
REDHAT:RHSA-2002:155
SUSE:SuSE-SA:2002:027
http://www.iss.net/security_center/static/9714.php
XF:openssl-ssl2-masterkey-bo(9714)
http://www.iss.net/security_center/static/9716.php
XF:openssl-ssl3-sessionid-bo(9716)
CVE-2002-0657
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
2002-07-31
2002-08-01
CVE-2002-0657
http://www.securityfocus.com/bid/5361
BID:5361
BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows:
BUGTRAQ:20020730 OpenSSL patches for other versions
BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
CALDERA:CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
CALDERA:CSSA-2002-033.1
http://www.cert.org/advisories/CA-2002-23.html
CERT:CA-2002-23
http://www.kb.cert.org/vuls/id/561275
CERT-VN:VU#561275
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
CONECTIVA:CLA-2002:513
DEBIAN:DSA-136
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
FREEBSD:FreeBSD-SA-02:33
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
MANDRAKE:MDKSA-2002:046
SUSE:SuSE-SA:2002:027
http://www.iss.net/security_center/static/9715.php
XF:openssl-ssl3-masterkey-bo(9715)
CVE-2002-0658
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
2003-04-02
2003-03-20
CVE-2002-0658
http://www.securityfocus.com/bid/5352
BID:5352
BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
CALDERA:CSSA-2002-032.0
http://www.debian.org/security/2002/dsa-137
DEBIAN:DSA-137
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://online.securityfocus.com/advisories/4392
HP:HPSBTL0208-056
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
MANDRAKE:MDKSA-2002:045
http://rhn.redhat.com/errata/RHSA-2002-153.html
REDHAT:RHSA-2002:153
http://rhn.redhat.com/errata/RHSA-2002-154.html
REDHAT:RHSA-2002:154
http://rhn.redhat.com/errata/RHSA-2002-156.html
REDHAT:RHSA-2002:156
http://www.redhat.com/support/errata/RHSA-2002-163.html
REDHAT:RHSA-2002:163
http://rhn.redhat.com/errata/RHSA-2002-164.html
REDHAT:RHSA-2002:164
http://www.redhat.com/support/errata/RHSA-2003-158.html
REDHAT:RHSA-2003:158
http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
SUSE:SuSE-SA:2002:028
http://www.iss.net/security_center/static/9719.php
XF:mm-tmpfile-symlink(9719)
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
2002-07-31
2002-08-01
CVE-2002-0659
http://www.securityfocus.com/bid/5366
BID:5366
BUGTRAQ:20020730 GLSA: OpenSSL
BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
BUGTRAQ:20020730 OpenSSL patches for other versions
BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
CALDERA:CSSA-2002-033.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
CALDERA:CSSA-2002-033.1
http://www.cert.org/advisories/CA-2002-23.html
CERT:CA-2002-23
http://www.kb.cert.org/vuls/id/748355
CERT-VN:VU#748355
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
CONECTIVA:CLA-2002:516
DEBIAN:DSA-136
ENGARDE:ESA-20020730-019
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
FREEBSD:FreeBSD-SA-02:33
http://rhn.redhat.com/errata/RHSA-2002-160.html
REDHAT:RHSA-2002:160
http://rhn.redhat.com/errata/RHSA-2002-161.html
REDHAT:RHSA-2002:161
http://rhn.redhat.com/errata/RHSA-2002-164.html
REDHAT:RHSA-2002:164
http://www.iss.net/security_center/static/9718.php
XF:openssl-asn1-parser-dos(9718)
CVE-2002-0660
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
2002-08-10
2016-12-06
CVE-2002-0660
https://www.debian.org/security/2002/dsa-140
DEBIAN:DSA-140
http://rhn.redhat.com/errata/RHSA-2002-151.html
REDHAT:RHSA-2002:151
http://rhn.redhat.com/errata/RHSA-2002-152.html
REDHAT:RHSA-2002:152
CVE-2002-0661
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
2002-08-10
2021-06-06
CVE-2002-0661
http://www.securityfocus.com/bid/5434
BID:5434
http://marc.info/?l=bugtraq&m=102892744011436&w=2
BUGTRAQ:20020809 Apache 2.0 vulnerability affects non-Unix platforms
http://marc.info/?l=bugtraq&m=102951160411052&w=2
BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug
http://httpd.apache.org/info/security_bulletin_20020908a.txt
CONFIRM:http://httpd.apache.org/info/security_bulletin_20020908a.txt
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.iss.net/security_center/static/9808.php
XF:apache-access-data(9808)
CVE-2002-0662
scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.
2004-09-01
2004-07-24
CVE-2002-0662
http://www.securityfocus.com/bid/5602
BID:5602
http://marc.info/?l=bugtraq&m=103098575826031&w=2
BUGTRAQ:20020902 The ScrollKeeper Root Trap
http://marc.info/?l=bugtraq&m=103115387102294&w=2
BUGTRAQ:20020904 GLSA: scrollkeeper
http://www.debian.org/security/2002/dsa-160
DEBIAN:DSA-160
http://www.redhat.com/support/errata/RHSA-2002-186.html
REDHAT:RHSA-2002:186
http://www.iss.net/security_center/static/10002.php
XF:scrollkeeper-tmp-file-symlink(10002)
CVE-2002-0663
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
2003-04-02
2003-03-20
CVE-2002-0663
http://www.atstake.com/research/advisories/2002/a071502-1.txt
ATSTAKE:A071502-1
http://www.securityfocus.com/bid/5237
BID:5237
http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
http://www.osvdb.org/4366
OSVDB:4366
VULNWATCH:20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability
http://www.iss.net/security_center/static/9579.php
XF:norton-fw-http-bo(9579)
CVE-2002-0664
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
2002-09-10
2016-10-17
CVE-2002-0664
http://www.securityfocus.com/bid/5101
BID:5101
http://marc.info/?l=bugtraq&m=103134154721846&w=2
BUGTRAQ:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
VULNWATCH:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
http://www.iss.net/security_center/static/10057.php
XF:zmerge-admindb-script-access(10057)
CVE-2002-0665
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
2003-04-02
2003-03-20
CVE-2002-0665
http://www.securityfocus.com/bid/5118
BID:5118
http://marc.info/?l=bugtraq&m=102529402127195&w=2
BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
http://www.iss.net/security_center/static/9450.php
XF:jrun-forwardslash-auth-bypass(9450)
CVE-2002-0666
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
2002-10-25
2005-05-31
CVE-2002-0666
http://www.securityfocus.com/bid/6011
BID:6011
http://razor.bindview.com/publish/advisories/adv_ipsec.html
BINDVIEW:20021018 Denial of Service in IPSEC implementations
http://www.kb.cert.org/vuls/id/459371
CERT-VN:VU#459371
http://www.debian.org/security/2002/dsa-201
DEBIAN:DSA-201
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
NETBSD:NetBSD-SA2002-016
http://www.iss.net/security_center/static/10411.php
XF:ipsec-packet-integer-overflow(10411)
CVE-2002-0667
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
2002-07-15
2005-06-09
CVE-2002-0667
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.securityfocus.com/bid/5214
BID:5214
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9562.php
XF:pingtel-xpressa-default-password(9562)
CVE-2002-0668
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
2004-09-01
2004-08-17
CVE-2002-0668
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.osvdb.org/5144
OSVDB:5144
https://exchange.xforce.ibmcloud.com/vulnerabilities/9563
XF:pingtel-xpressa-call-hijacking(9563)
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
2003-02-11
2003-03-18
CVE-2002-0669
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.iss.net/security_center/static/9564.php
XF:pingtel-xpressa-web-dos(9564)
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
2002-07-15
2005-06-09
CVE-2002-0670
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9565.php
XF:pingtel-xpressa-plaintext-passwords(9565)
CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
2003-04-02
2003-03-20
CVE-2002-0671
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.securityfocus.com/bid/5224
BID:5224
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9566.php
XF:pingtel-xpressa-dns-spoofing(9566)
CVE-2002-0672
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
2004-09-01
2004-07-24
CVE-2002-0672
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9567.php
XF:pingtel-xpressa-factory-defaults(9567)
CVE-2002-0673
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
2004-09-01
2004-07-24
CVE-2002-0673
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9568.php
XF:pingtel-xpressa-phone-reregister(9568)
CVE-2002-0674
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
2004-09-01
2007-10-25
CVE-2002-0674
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.securityfocus.com/bid/5221
BID:5221
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/9569
XF:pingtel-xpressa-admin-timeout(9569)
CVE-2002-0675
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
2002-07-15
2005-06-09
CVE-2002-0675
http://www.atstake.com/research/advisories/2002/a071202-1.txt
ATSTAKE:A071202-1
http://www.securityfocus.com/bid/5223
BID:5223
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
MISC:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.iss.net/security_center/static/9570.php
XF:pingtel-xpressa-firmware-upgrade(9570)
CVE-2002-0676
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
2003-04-02
2003-03-20
CVE-2002-0676
http://www.securityfocus.com/bid/5176
BID:5176
BUGTRAQ:20020706 MacOS X SoftwareUpdate Vulnerability
http://www.cunap.com/~hardingr/projects/osx/exploit.html
MISC:http://www.cunap.com/~hardingr/projects/osx/exploit.html
http://www.osvdb.org/5137
OSVDB:5137
http://www.iss.net/security_center/static/9502.php
XF:macos-softwareupdate-no-auth(9502)
CVE-2002-0677
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
2002-07-12
2017-10-09
CVE-2002-0677
http://marc.info/?l=bugtraq&m=102635906423617&w=2
BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
CALDERA:CSSA-2002-SCO.28
http://www.cert.org/advisories/CA-2002-20.html
CERT:CA-2002-20
http://www.kb.cert.org/vuls/id/975403
CERT-VN:VU#975403
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1099
OVAL:oval:org.mitre.oval:def:1099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15
OVAL:oval:org.mitre.oval:def:15
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A91
OVAL:oval:org.mitre.oval:def:91
ftp://patches.sgi.com/support/free/security/advisories/20021102-02-P
SGI:20021102-02-P
CVE-2002-0678
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
2003-04-02
2007-11-28
CVE-2002-0678
http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
AIXAPAR:IY32368
http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
AIXAPAR:IY32370
http://www.securityfocus.com/bid/5083
BID:5083
http://marc.info/?l=bugtraq&m=102635906423617&w=2
BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
CALDERA:CSSA-2002-SCO.28
http://www.cert.org/advisories/CA-2002-20.html
CERT:CA-2002-20
http://www.kb.cert.org/vuls/id/299816
CERT-VN:VU#299816
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
HP:HPSBUX0207-199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
OVAL:oval:org.mitre.oval:def:175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
OVAL:oval:org.mitre.oval:def:2770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80
OVAL:oval:org.mitre.oval:def:80
ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
SGI:20021101-01-P
http://www.iss.net/security_center/static/9527.php
XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)
CVE-2002-0679
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
2003-04-02
2003-03-23
CVE-2002-0679
http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only
AIXAPAR:IY32792
http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only
AIXAPAR:IY32793
http://www.securityfocus.com/bid/5444
BID:5444
http://marc.info/?l=bugtraq&m=102917002523536&w=2
BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database
CALDERA:CSSA-2002-SCO.28.1
http://www.cert.org/advisories/CA-2002-26.html
CERT:CA-2002-26
http://www.kb.cert.org/vuls/id/387387
CERT-VN:VU#387387
COMPAQ:SSRT2274
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
HP:HPSBUX0207-199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177
OVAL:oval:org.mitre.oval:def:177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192
OVAL:oval:org.mitre.oval:def:192
http://www.iss.net/security_center/static/9822.php
XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822)
CVE-2002-0680
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
2002-07-12
2017-12-19
CVE-2002-0680
http://marc.info/?l=bugtraq&m=102631742711795&w=2
BUGTRAQ:20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
http://marc.info/?l=bugtraq&m=102709382714597&w=2
BUGTRAQ:20020719 Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
CONFIRM:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
http://osvdb.org/81099
OSVDB:81099
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
VULNWATCH:20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
CVE-2002-0681
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
2002-07-12
2017-12-19
CVE-2002-0681
http://www.securityfocus.com/bid/5198
BID:5198
http://marc.info/?l=bugtraq&m=102631742711795&w=2
BUGTRAQ:20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
CONFIRM:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
http://osvdb.org/81099
OSVDB:81099
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
VULNWATCH:20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
http://www.iss.net/security_center/static/9518.php
XF:goahead-error-msg-xss(9518)
CVE-2002-0682
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
2004-09-01
2020-02-13
CVE-2002-0682
http://www.securityfocus.com/bid/5193
BID:5193
http://marc.info/?l=bugtraq&m=102631703811297&w=2
BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.osvdb.org/4973
OSVDB:4973
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html
VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting
https://exchange.xforce.ibmcloud.com/vulnerabilities/9520
XF:tomcat-servlet-xss(9520)
CVE-2002-0683
Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter.
2002-07-12
2016-10-17
CVE-2002-0683
http://www.securityfocus.com/bid/5192
BID:5192
http://marc.info/?l=bugtraq&m=102631808212876&w=2
BUGTRAQ:20020710 wp-02-0012: Carello 1.3 Remote File Execution
http://www.osvdb.org/6592
OSVDB:6592
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0015.html
VULNWATCH:20020710 wp-02-0012: Carello 1.3 Remote File Execution
VULNWATCH:20021002 wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002)
http://www.iss.net/security_center/static/9521.php
XF:carello-local-file-execution(9521)
CVE-2002-0684
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
2002-07-31
2016-10-17
CVE-2002-0684
http://marc.info/?l=bugtraq&m=102581482511612&w=2
BUGTRAQ:20020704 Re: Remote buffer overflow in resolver code of libc
CERT:CA-2002-19
http://www.kb.cert.org/vuls/id/542971
CERT-VN:VU#542971
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
CONECTIVA:CLSA-2002:507
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
MANDRAKE:MDKSA-2002:050
http://rhn.redhat.com/errata/RHSA-2002-139.html
REDHAT:RHSA-2002:139
SUSE:SuSE-SA:2002:026
CVE-2002-0685
Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.
2003-04-02
2003-03-23
CVE-2002-0685
http://www.securityfocus.com/bid/5202
BID:5202
http://marc.info/?l=bugtraq&m=102634756815773&w=2
BUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
http://www.kb.cert.org/vuls/id/821139
CERT-VN:VU#821139
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt
CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt
http://marc.info/?l=ntbugtraq&m=102639521518942&w=2
NTBUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
http://www.osvdb.org/4364
OSVDB:4364
http://www.iss.net/security_center/static/9525.php
XF:pgp-outlook-heap-overflow(9525)
CVE-2002-0686
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.
2002-07-15
2016-10-17
CVE-2002-0686
http://www.securityfocus.com/bid/4851
BID:4851
http://marc.info/?l=bugtraq&m=102622220416889&w=2
BUGTRAQ:20020709 Sun iPlanet Web Server Buffer Overflow (#NISR09072002)
http://www.kb.cert.org/vuls/id/612843
CERT-VN:VU#612843
http://www.nextgenss.com/vna/sun-iws.txt
MISC:http://www.nextgenss.com/vna/sun-iws.txt
http://www.iss.net/security_center/static/9506.php
XF:iplanet-search-bo(9506)
CVE-2002-0687
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
2003-04-02
2003-03-23
CVE-2002-0687
http://www.securityfocus.com/bid/5813
BID:5813
http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
http://www.osvdb.org/5166
OSVDB:5166
http://www.redhat.com/support/errata/RHSA-2002-060.html
REDHAT:RHSA-2002:060
http://www.iss.net/security_center/static/9621.php
XF:zope-inject-headers-dos(9621)
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
2003-04-02
2003-03-23
CVE-2002-0688
http://www.securityfocus.com/bid/5812
BID:5812
http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
http://www.debian.org/security/2004/dsa-490
DEBIAN:DSA-490
http://www.redhat.com/support/errata/RHSA-2002-060.html
REDHAT:RHSA-2002:060
http://www.iss.net/security_center/static/9610.php
XF:zope-zcatalog-index-bypass(9610)
CVE-2002-0689
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0689
CVE-2002-0690
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
2003-03-18
2018-10-19
CVE-2002-0690
http://www.atstake.com/research/advisories/2003/a031703-1.txt
ATSTAKE:A031703-1
http://www.securityfocus.com/bid/7111
BID:7111
http://www.securityfocus.com/archive/1/315230/30/25490/threaded
BUGTRAQ:20030317 McAfee ePolicy Orchestrator Format String Vulnerability (a031703-1)
http://www.osvdb.org/4375
OSVDB:4375
http://secunia.com/advisories/8311
SECUNIA:8311
https://exchange.xforce.ibmcloud.com/vulnerabilities/11559
XF:epolicy-get-format-string(11559)
CVE-2002-0691
Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.
2003-04-02
2003-03-23
CVE-2002-0691
http://www.securityfocus.com/bid/5561
BID:5561
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
MS:MS02-047
http://www.iss.net/security_center/static/9938.php
XF:ie-local-resource-xss(9938)
CVE-2002-0692
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
2004-09-01
2004-07-24
CVE-2002-0692
http://www.securityfocus.com/bid/5804
BID:5804
http://www.kb.cert.org/vuls/id/723537
CERT-VN:VU#723537
FULLDISC:20020927 Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-053
MS:MS02-053
http://www.iss.net/security_center/static/10195.php
XF:fpse-smarthtml-interpreter-bo(10195)
http://www.iss.net/security_center/static/10194.php
XF:fpse-smarthtml-interpreter-dos(10194)
CVE-2002-0693
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
2002-10-05
2018-10-12
CVE-2002-0693
http://www.securityfocus.com/bid/5874
BID:5874
http://marc.info/?l=bugtraq&m=103365849505409&w=2
BUGTRAQ:20021003 Buffer Overflow in IE/Outlook HTML Help
http://marc.info/?l=bugtraq&m=103419115517344&w=2
BUGTRAQ:20021009 Thor Larholm security advisory TL#004
http://marc.info/?l=bugtraq&m=103435279404182&w=2
BUGTRAQ:20021010 prover of concept code of windows help overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055
MS:MS02-055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A374
OVAL:oval:org.mitre.oval:def:374
http://www.iss.net/security_center/static/10253.php
XF:win-html-help-bo(10253)
CVE-2002-0694
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
2004-09-01
2006-10-31
CVE-2002-0694
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055
MS:MS02-055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A403
OVAL:oval:org.mitre.oval:def:403
http://www.iss.net/security_center/static/10254.php
XF:win-chm-code-execution(10254)
CVE-2002-0695
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
2003-04-02
2003-03-23
CVE-2002-0695
http://www.securityfocus.com/bid/5372
BID:5372
http://www.nextgenss.com/advisories/mssql-ors.txt
MISC:http://www.nextgenss.com/advisories/mssql-ors.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-040
MS:MS02-040
http://www.iss.net/security_center/static/9734.php
XF:mssql-mdac-openrowset-bo(9734)
CVE-2002-0696
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
2004-09-01
2002-12-11
CVE-2002-0696
http://www.securityfocus.com/bid/5633
BID:5633
http://www.ciac.org/ciac/bulletins/m-120.shtml
CIAC:M-120
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-049
MS:MS02-049
http://www.iss.net/security_center/static/10035.php
XF:ms-foxpro-app-execution(10035)
CVE-2002-0697
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
2003-04-02
2003-03-23
CVE-2002-0697
http://www.securityfocus.com/bid/5308
BID:5308
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036
MS:MS02-036
http://www.iss.net/security_center/static/9657.php
XF:mms-data-repository-access(9657)
CVE-2002-0698
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
2003-04-02
2003-03-23
CVE-2002-0698
http://www.securityfocus.com/bid/5306
BID:5306
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
ISS:20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037
MS:MS02-037
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q326322
MSKB:Q326322
http://www.iss.net/security_center/static/9658.php
XF:exchange-imc-ehlo-bo(9658)
CVE-2002-0699
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
2002-08-31
2018-10-12
CVE-2002-0699
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048
MS:MS02-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190
OVAL:oval:org.mitre.oval:def:190
CVE-2002-0700
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
2003-04-02
2003-03-23
CVE-2002-0700
http://www.securityfocus.com/bid/5420
BID:5420
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
MS:MS02-041
http://www.osvdb.org/4862
OSVDB:4862
http://www.iss.net/security_center/static/9783.php
XF:mcms-authentication-bo(9783)
CVE-2002-0701
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
2003-04-02
2003-03-23
CVE-2002-0701
http://www.securityfocus.com/bid/5133
BID:5133
http://marc.info/?l=bugtraq&m=102650797504351&w=2
FREEBSD:FreeBSD-SA-02:30
http://www.openbsd.org/errata.html#ktrace
OPENBSD:20020627 009: SECURITY FIX: June 27, 2002
http://www.iss.net/security_center/static/9474.php
XF:openbsd-ktrace-gain-privileges(9474)
CVE-2002-0702
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
2002-07-23
2016-10-17
CVE-2002-0702
http://www.securityfocus.com/bid/4701
BID:4701
http://marc.info/?l=bugtraq&m=102089498828206&w=2
BUGTRAQ:20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt
CALDERA:CSSA-2002-028.0
http://www.cert.org/advisories/CA-2002-12.html
CERT:CA-2002-12
http://www.kb.cert.org/vuls/id/854315
CERT-VN:VU#854315
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483
CONECTIVA:CLA-2002:483
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php
MANDRAKE:MDKSA-2002:037
http://www.novell.com/linux/security/advisories/2002_19_dhcp.html
SUSE:SuSE-SA:2002:019
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html
VULNWATCH:20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
http://www.iss.net/security_center/static/9039.php
XF:dhcpd-nsupdate-format-string(9039)
CVE-2002-0703
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
2003-04-02
2002-07-26
CVE-2002-0703
http://www.securityfocus.com/bid/4716
BID:4716
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php
MANDRAKE:MDKSA-2002:035
http://rhn.redhat.com/errata/RHSA-2002-081.html
REDHAT:RHSA-2002:081
http://www.iss.net/security_center/static/9051.php
XF:linux-utf8-incorrect-md5(9051)
CVE-2002-0704
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
2003-04-02
2002-07-26
CVE-2002-0704
http://www.securityfocus.com/bid/4699
BID:4699
http://marc.info/?l=bugtraq&m=102088521517722&w=2
BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
http://online.securityfocus.com/advisories/4116
HP:HPSBTL0205-039
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php
MANDRAKE:MDKSA-2002:030
http://www.redhat.com/support/errata/RHSA-2002-086.html
REDHAT:RHSA-2002:086
http://www.iss.net/security_center/static/9043.php
XF:linux-netfilter-information-leak(9043)
CVE-2002-0705
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.
2002-10-03
2016-10-17
CVE-2002-0705
http://www.securityfocus.com/bid/5856
BID:5856
http://marc.info/?l=bugtraq&m=103359690824103&w=2
BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt
http://www.osvdb.org/3489
OSVDB:3489
http://www.iss.net/security_center/static/10248.php
XF:superscout-webfilter-information-retrieval(10248)
CVE-2002-0706
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.
2002-10-03
2016-10-17
CVE-2002-0706
http://marc.info/?l=bugtraq&m=103359690824103&w=2
BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt
http://www.osvdb.org/3491
OSVDB:3491
http://www.iss.net/security_center/static/10247.php
XF:superscout-webfilter-weak-encryption(10247)
CVE-2002-0707
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.
2002-10-03
2016-10-17
CVE-2002-0707
http://www.securityfocus.com/bid/5854
BID:5854
http://marc.info/?l=bugtraq&m=103359690824103&w=2
BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
http://www.iss.net/security_center/static/10242.php
XF:superscout-webfilter-get-dos(10242)
CVE-2002-0708
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences.
2002-10-03
2016-10-17
CVE-2002-0708
http://www.securityfocus.com/bid/5857
BID:5857
http://marc.info/?l=bugtraq&m=103359690824103&w=2
BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
http://www.iss.net/security_center/static/10244.php
XF:superscout-webfilter-directory-traversal(10244)
CVE-2002-0709
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.
2002-10-03
2016-10-17
CVE-2002-0709
http://www.securityfocus.com/bid/5859
BID:5859
http://marc.info/?l=bugtraq&m=103359690824103&w=2
BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
http://www.iss.net/security_center/static/10245.php
XF:superscout-webfilter-sql-injection(10245)
CVE-2002-0710
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
2003-04-02
2003-03-23
CVE-2002-0710
http://www.securityfocus.com/bid/5286
BID:5286
http://marc.info/?l=bugtraq&m=102809084218422&w=2
BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi
http://www.scn.org/~bb615/scripts/sendform.html
CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html
http://www.osvdb.org/3568
OSVDB:3568
VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi
http://www.iss.net/security_center/static/9725.php
XF:sendform-blurbfile-directory-traversal(9725)
CVE-2002-0711
Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.
2002-11-10
2016-10-17
CVE-2002-0711
http://www.securityfocus.com/bid/6102
BID:6102
http://marc.info/?l=bugtraq&m=103651974926272&w=2
BUGTRAQ:20021105 RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect
http://www.securityfocus.com/advisories/4633
COMPAQ:SSRT2265
http://www.iss.net/security_center/static/10551.php
XF:hp-trucluster-interconnect-dos(10551)
CVE-2002-0712
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
2004-01-14
2017-07-10
CVE-2002-0712
http://www.securityfocus.com/bid/7284
BID:7284
http://www.kb.cert.org/vuls/id/720017
CERT-VN:VU#720017
http://www.kb.cert.org/vuls/id/AAMN-5KKVXC
CONFIRM:http://www.kb.cert.org/vuls/id/AAMN-5KKVXC
https://exchange.xforce.ibmcloud.com/vulnerabilities/11724
XF:easm-multiple-authorization-bypass(11724)
CVE-2002-0713
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
2002-07-23
2016-10-17
CVE-2002-0713
http://www.securityfocus.com/bid/5155
BID:5155
http://www.securityfocus.com/bid/5156
BID:5156
http://www.securityfocus.com/bid/5157
BID:5157
http://marc.info/?l=bugtraq&m=102674543407606&w=2
BUGTRAQ:20020715 TSLSA-2002-0062 - squid
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
CALDERA:CSSA-2002-046.0
CONECTIVA:CLA-2002:506
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
MANDRAKE:MDKSA-2002:044
http://rhn.redhat.com/errata/RHSA-2002-051.html
REDHAT:RHSA-2002:051
http://rhn.redhat.com/errata/RHSA-2002-130.html
REDHAT:RHSA-2002:130
SUSE:SuSE-SA:2002:025
http://www.iss.net/security_center/static/9481.php
XF:squid-ftp-dir-bo(9481)
http://www.iss.net/security_center/static/9480.php
XF:squid-gopher-bo(9480)
http://www.iss.net/security_center/static/9482.php
XF:squid-msnt-helper-bo(9482)
CVE-2002-0714
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
2003-04-02
2007-10-15
CVE-2002-0714
http://www.securityfocus.com/bid/5158
BID:5158
http://marc.info/?l=bugtraq&m=102674543407606&w=2
BUGTRAQ:20020715 TSLSA-2002-0062 - squid
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
CALDERA:CSSA-2002-046.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
CONECTIVA:CLA-2002:506
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
MANDRAKE:MDKSA-2002:044
http://www.osvdb.org/5924
OSVDB:5924
http://rhn.redhat.com/errata/RHSA-2002-051.html
REDHAT:RHSA-2002:051
http://rhn.redhat.com/errata/RHSA-2002-130.html
REDHAT:RHSA-2002:130
SUSE:SuSE-SA:2002:025
http://www.iss.net/security_center/static/9479.php
XF:squid-ftp-data-injection(9479)
CVE-2002-0715
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
2002-07-23
2016-10-17
CVE-2002-0715
http://www.securityfocus.com/bid/5154
BID:5154
http://marc.info/?l=bugtraq&m=102674543407606&w=2
BUGTRAQ:20020715 TSLSA-2002-0062 - squid
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
CALDERA:CSSA-2002-046.0
CONECTIVA:CLA-2002:506
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
http://www.squid-cache.org/Versions/v2/2.4/bugs/
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
MANDRAKE:MDKSA-2002:044
http://rhn.redhat.com/errata/RHSA-2002-051.html
REDHAT:RHSA-2002:051
http://rhn.redhat.com/errata/RHSA-2002-130.html
REDHAT:RHSA-2002:130
SUSE:SuSE-SA:2002:025
http://www.iss.net/security_center/static/9478.php
XF:squid-auth-header-forwarding(9478)
CVE-2002-0716
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
2003-04-02
2003-03-23
CVE-2002-0716
http://www.securityfocus.com/bid/4938
BID:4938
http://marc.info/?l=bugtraq&m=102323070305101&w=2
BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
CALDERA:CSSA-2002-SCO.35
http://marc.info/?l=vuln-dev&m=102323386107641&w=2
VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
http://www.iss.net/security_center/static/9271.php
XF:openserver-crontab-format-string(9271)
CVE-2002-0717
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
2002-07-23
2016-10-17
CVE-2002-0717
http://marc.info/?l=bugtraq&m=102734516023281&w=2
BUGTRAQ:20020722 Advisory 02/2002: PHP remote vulnerability
http://marc.info/?l=bugtraq&m=102734515923277&w=2
BUGTRAQ:20020722 PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
http://www.cert.org/advisories/CA-2002-21.html
CERT:CA-2002-21
http://www.kb.cert.org/vuls/id/929115
CERT-VN:VU#929115
http://www.iss.net/security_center/static/9635.php
XF:php-multipart-handler-bo(9635)
CVE-2002-0718
Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
2003-04-02
2003-03-23
CVE-2002-0718
http://www.securityfocus.com/bid/5421
BID:5421
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
MS:MS02-041
http://www.iss.net/security_center/static/9784.php
XF:mcms-authoring-file-execution(9784)
CVE-2002-0719
SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
2003-04-02
2003-03-23
CVE-2002-0719
http://www.securityfocus.com/bid/5422
BID:5422
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
MS:MS02-041
http://www.iss.net/security_center/static/9785.php
XF:mcms-resource-sql-injection(9785)
CVE-2002-0720
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
2003-04-02
2003-03-23
CVE-2002-0720
http://www.securityfocus.com/bid/5480
BID:5480
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-042
MS:MS02-042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A26
OVAL:oval:org.mitre.oval:def:26
http://www.iss.net/security_center/static/9856.php
XF:win2k-ncm-gain-privileges(9856)
CVE-2002-0721
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
2002-08-20
2018-10-12
CVE-2002-0721
http://marc.info/?l=bugtraq&m=102950473002959&w=2
BUGTRAQ:20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
http://www.kb.cert.org/vuls/id/399531
CERT-VN:VU#399531
http://www.kb.cert.org/vuls/id/818939
CERT-VN:VU#818939
http://www.kb.cert.org/vuls/id/939675
CERT-VN:VU#939675
http://www.ngssoftware.com/advisories/mssql-esppu.txt
MISC:http://www.ngssoftware.com/advisories/mssql-esppu.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043
MS:MS02-043
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
NTBUGTRAQ:20020815 Alert: Microsoft Security Bulletin - MS02-043
http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
NTBUGTRAQ:20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
CVE-2002-0722
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
2003-04-02
2003-03-23
CVE-2002-0722
http://www.securityfocus.com/bid/5559
BID:5559
http://marc.info/?l=bugtraq&m=103054692223380&w=2
BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
MS:MS02-047
http://www.osvdb.org/5129
OSVDB:5129
http://www.iss.net/security_center/static/9937.php
XF:ie-file-origin-spoofing(9937)
CVE-2002-0723
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
2002-08-24
2018-10-12
CVE-2002-0723
http://www.securityfocus.com/bid/5196
BID:5196
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
MS:MS02-047
http://www.iss.net/security_center/static/9537.php
XF:ie-object-scripting(9537)
CVE-2002-0724
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
2002-08-24
2018-10-12
CVE-2002-0724
http://marc.info/?l=bugtraq&m=103011556323184&w=2
BUGTRAQ:20020822 CORE-20020618: Vulnerabilities in Windows SMB (DoS)
http://www.kb.cert.org/vuls/id/250635
CERT-VN:VU#250635
http://www.kb.cert.org/vuls/id/311619
CERT-VN:VU#311619
http://www.kb.cert.org/vuls/id/342243
CERT-VN:VU#342243
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045
MS:MS02-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189
OVAL:oval:org.mitre.oval:def:189
CVE-2002-0725
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
2002-08-20
2004-07-24
CVE-2002-0725
http://www.atstake.com/research/advisories/2000/a081602-1.txt
ATSTAKE:A081602-1
http://www.securityfocus.com/bid/5484
BID:5484
http://www.iss.net/security_center/static/9869.php
XF:win-ntfs-bypass-auditing(9869)
CVE-2002-0726
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
2003-04-02
2003-03-23
CVE-2002-0726
http://www.atstake.com/research/advisories/2002/a082802-1.txt
ATSTAKE:A082802-1
http://www.securityfocus.com/bid/5554
BID:5554
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-046
MS:MS02-046
http://www.iss.net/security_center/static/9934.php
XF:ms-tsac-activex-bo(9934)
CVE-2002-0727
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
2003-04-02
2002-08-31
CVE-2002-0727
http://www.securityfocus.com/bid/4449
BID:4449
http://marc.info/?l=bugtraq&m=101829645415486&w=2
BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
MS:MS02-044
http://www.osvdb.org/3006
OSVDB:3006
http://www.iss.net/security_center/static/8777.php
XF:owc-spreadsheet-host-script-execution (8777)
CVE-2002-0728
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
2002-07-26
2002-08-16
CVE-2002-0728
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512
CONECTIVA:CLA-2002:512
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207
CONFIRM:ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207
http://www.debian.org/security/2002/dsa-140
DEBIAN:DSA-140
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php
MANDRAKE:MDKSA-2002:049
http://rhn.redhat.com/errata/RHSA-2002-152.html
REDHAT:RHSA-2002:152
CVE-2002-0729
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
2004-09-01
2002-07-31
CVE-2002-0729
http://marc.info/?l=bugtraq&m=102760196931518&w=2
BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
CVE-2002-0730
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
2002-07-26
2002-07-31
CVE-2002-0730
http://www.securityfocus.com/bid/4566
BID:4566
http://archives.neohapsis.com/archives/bugtraq/2002-04/0309.html
BUGTRAQ:20020421 Philip Chinery's Guestbook 1.1 fails to filter out js/html
http://www.iss.net/security_center/static/8916.php
XF:guestbook-pl-css(8916)
CVE-2002-0731
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
2002-07-26
2002-07-31
CVE-2002-0731
http://www.securityfocus.com/bid/4573
BID:4573
http://archives.neohapsis.com/archives/bugtraq/2002-04/0313.html
BUGTRAQ:20020421 vqServer Demo Files Cross-Site Scripting
http://www.iss.net/security_center/static/8935.php
XF:vqserver-samples-css(8935)
CVE-2002-0732
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
2002-07-26
2002-07-31
CVE-2002-0732
http://www.securityfocus.com/bid/4651
BID:4651
http://archives.neohapsis.com/archives/bugtraq/2002-04/0422.html
BUGTRAQ:20020430 Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
http://www.levcgi.com/programs.cgi?program=myguestbook&action=history
CONFIRM:http://www.levcgi.com/programs.cgi?program=myguestbook&action=history
http://www.iss.net/security_center/static/8968.php
XF:myguestbook-cgi-css(8968)
CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
2003-04-02
2002-07-31
CVE-2002-0733
http://www.securityfocus.com/bid/4601
BID:4601
http://www.acme.com/software/thttpd/#releasenotes
CONFIRM:http://www.acme.com/software/thttpd/#releasenotes
http://www.ifrance.com/kitetoua/tuto/5holes1.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes1.txt
http://www.osvdb.org/5125
OSVDB:5125
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html
VULNWATCH:20020417 Smalls holes on 5 products #1
http://www.iss.net/security_center/static/9029.php
XF:thttpd-error-page-css(9029)
CVE-2002-0734
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
2003-04-02
2003-03-23
CVE-2002-0734
http://www.securityfocus.com/bid/4673
BID:4673
http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html
BUGTRAQ:20020506 b2 php remote command execution
http://cafelog.com/
CONFIRM:http://cafelog.com/
http://www.iss.net/security_center/static/9013.php
XF:b2-b2inc-command-execution(9013)
CVE-2002-0735
Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.
2002-07-26
2016-10-17
CVE-2002-0735
http://www.securityfocus.com/bid/4679
BID:4679
http://online.securityfocus.com/archive/1/271173
BUGTRAQ:20020506 ldap vulnerabilities
http://marc.info/?l=vuln-dev&m=102070267500932&w=2
VULN-DEV:20020506 ldap vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
VULNWATCH:20020506 [VulnWatch] ldap vulnerabilities
http://www.iss.net/security_center/static/9019.php
XF:squidauthldap-logging-format-string(9019)
CVE-2002-0736
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
2003-04-02
2002-07-31
CVE-2002-0736
http://www.securityfocus.com/bid/4528
BID:4528
http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
BUGTRAQ:20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)
http://support.microsoft.com/support/kb/articles/q316/8/38.asp
MSKB:Q316838
http://www.iss.net/security_center/static/8862.php
XF:backoffice-bypass-authentication(8862)
CVE-2002-0737
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
2003-04-02
2002-07-31
CVE-2002-0737
http://www.securityfocus.com/bid/4533
BID:4533
http://online.securityfocus.com/archive/1/268121
BUGTRAQ:20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.osvdb.org/5123
OSVDB:5123
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html
VULNWATCH:20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
http://www.iss.net/security_center/static/8876.php
XF:sambar-script-source-disclosure(8876)
CVE-2002-0738
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
2003-04-02
2003-03-23
CVE-2002-0738
http://www.securityfocus.com/bid/4546
BID:4546
http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html
BUGTRAQ:20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability
http://www.mhonarc.org/MHonArc/CHANGES
CONFIRM:http://www.mhonarc.org/MHonArc/CHANGES
http://www.debian.org/security/2002/dsa-163
DEBIAN:DSA-163
http://www.iss.net/security_center/static/8894.php
XF:mhonarc-script-filtering-bypass(8894)
CVE-2002-0739
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
2002-07-26
2002-07-31
CVE-2002-0739
http://www.securityfocus.com/bid/4563
BID:4563
http://archives.neohapsis.com/archives/bugtraq/2002-04/0288.html
BUGTRAQ:20020420 Vulnerability in PostCalendar
http://www.iss.net/security_center/static/8899.php
XF:postcalendar-calendar-event-css(8899)
CVE-2002-0740
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
2002-07-26
2002-07-31
CVE-2002-0740
http://www.securityfocus.com/bid/4569
BID:4569
http://archives.neohapsis.com/archives/bugtraq/2002-04/0302.html
BUGTRAQ:20020422 Slrnpull Buffer Overflow (-d parameter)
http://online.securityfocus.com/archive/1/269667
BUGTRAQ:20020425 slrnpull -d PoC
http://online.securityfocus.com/archive/1/270235
BUGTRAQ:20020430 Re: Slrnpull Buffer Overflow (-d parameter)
http://www.iss.net/security_center/static/8910.php
XF:slrnpull-d-spooldir-bo(8910)
CVE-2002-0741
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
2003-04-02
2002-07-31
CVE-2002-0741
http://www.securityfocus.com/bid/4570
BID:4570
http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html
BUGTRAQ:20020422 Re: psyBNC 2.3 DoS / Bug
BUGTRAQ:20020422 psyBNC 2.3 DoS / bug
http://online.securityfocus.com/archive/1/269131
BUGTRAQ:20020423 PsyBNC Remote Dos POC
http://www.iss.net/security_center/static/8912.php
XF:psybnc-long-password-dos(8912)
CVE-2002-0742
Buffer overflow in pioout on AIX 4.3.3.
2002-07-26
2002-07-31
CVE-2002-0742
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY28880
CVE-2002-0743
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
2002-07-26
2002-07-31
CVE-2002-0743
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY29516
CVE-2002-0744
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
2002-07-26
2002-07-31
CVE-2002-0744
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY29517
CVE-2002-0745
Buffer overflow in uucp in AIX 4.3.3.
2002-07-26
2002-07-31
CVE-2002-0745
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY29518
CVE-2002-0746
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
2002-07-26
2002-07-31
CVE-2002-0746
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY29583
CVE-2002-0747
Buffer overflow in lsmcode in AIX 4.3.3.
2002-07-26
2002-07-31
CVE-2002-0747
http://archives.neohapsis.com/archives/aix/2002-q2/0005.html
AIXAPAR:IY29589
CVE-2002-0748
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
2003-04-02
2002-07-31
CVE-2002-0748
http://www.securityfocus.com/bid/4577
BID:4577
http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html
BUGTRAQ:20020423 LabVIEW Web Server DoS Vulnerability
http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
CONFIRM:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
http://www.osvdb.org/5119
OSVDB:5119
http://www.iss.net/security_center/static/8919.php
XF:labview-http-get-dos(8919)
CVE-2002-0749
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
2002-07-26
2002-07-31
CVE-2002-0749
http://www.securityfocus.com/bid/4579
BID:4579
http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html
BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution
http://www.iss.net/security_center/static/8930.php
XF:cgiscript-csmailto-command-execution(8930)
CVE-2002-0750
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
2002-07-26
2002-07-31
CVE-2002-0750
http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html
BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5
MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5
CVE-2002-0751
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
2002-07-26
2002-07-31
CVE-2002-0751
http://www.securityfocus.com/bid/4579
BID:4579
http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html
BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5
MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5
CVE-2002-0752
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
2002-07-26
2002-07-31
CVE-2002-0752
http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html
BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution
CVE-2002-0753
Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.
2002-07-26
2002-07-31
CVE-2002-0753
http://www.securityfocus.com/bid/4530
BID:4530
http://archives.neohapsis.com/archives/bugtraq/2002-04/0210.html
BUGTRAQ:20020416 Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B)
http://www.iss.net/security_center/static/8861.php
XF:webplus-long-cookie-bop(8861)
CVE-2002-0754
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
2003-04-02
2003-03-23
CVE-2002-0754
http://www.securityfocus.com/bid/3919
BID:3919
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
FREEBSD:FreeBSD-SA-02:07
http://www.iss.net/security_center/static/7956.php
XF:kerberos5-k5su-elevate-privileges(7956)
CVE-2002-0755
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
2003-04-02
2002-07-31
CVE-2002-0755
http://www.securityfocus.com/bid/4777
BID:4777
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc
FREEBSD:FreeBSD-SA-02:24
http://www.osvdb.org/4893
OSVDB:4893
http://www.iss.net/security_center/static/9125.php
XF:freebsd-k5su-gain-privileges(9125)
CVE-2002-0756
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
2002-07-26
2002-07-31
CVE-2002-0756
http://www.securityfocus.com/bid/4694
BID:4694
http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html
BUGTRAQ:20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
http://www.iss.net/security_center/static/9036.php
XF:webmin-usermin-authpage-css(9036)
CVE-2002-0757
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
2002-07-26
2002-07-31
CVE-2002-0757
http://www.securityfocus.com/bid/4700
BID:4700
http://online.securityfocus.com/archive/1/271466
BUGTRAQ:20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
MANDRAKE:MDKSA-2002:033
http://www.iss.net/security_center/static/9037.php
XF:webmin-usermin-sessionid-spoof(9037)
CVE-2002-0758
ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.
2003-04-02
2002-07-31
CVE-2002-0758
http://www.securityfocus.com/bid/4695
BID:4695
http://www.novell.com/linux/security/advisories/2002_016_sysconfig_txt.html
SUSE:SuSE-SA:2002:016
http://www.iss.net/security_center/static/9040.php
XF:suse-sysconfig-command-execution(9040)
CVE-2002-0759
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
2003-04-02
2003-03-23
CVE-2002-0759
http://www.securityfocus.com/bid/4774
BID:4774
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
CALDERA:CSSA-2002-039.0
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
FREEBSD:FreeBSD-SA-02:25
http://www.iss.net/security_center/static/9126.php
XF:bzip2-decompression-file-overwrite(9126)
CVE-2002-0760
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
2003-04-02
2003-03-23
CVE-2002-0760
http://www.securityfocus.com/bid/4775
BID:4775
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
CALDERA:CSSA-2002-039.0
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
FREEBSD:FreeBSD-SA-02:25
http://www.iss.net/security_center/static/9127.php
XF:bzip2-decompression-race-condition(9127)
CVE-2002-0761
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
2003-04-02
2003-03-23
CVE-2002-0761
http://www.securityfocus.com/bid/4776
BID:4776
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
CALDERA:CSSA-2002-039.0
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
FREEBSD:FreeBSD-SA-02:25
http://www.iss.net/security_center/static/9128.php
XF:bzip2-compression-symlink(9128)
CVE-2002-0762
shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.
2003-04-02
2002-07-31
CVE-2002-0762
http://www.securityfocus.com/bid/4757
BID:4757
http://www.novell.com/linux/security/advisories/2002_17_shadow.html
SUSE:SuSE-SA:2002:017
http://www.iss.net/security_center/static/9102.php
XF:suse-shadow-filesize-limits(9102)
CVE-2002-0763
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
2002-07-26
2002-07-31
CVE-2002-0763
http://www.securityfocus.com/bid/4690
BID:4690
http://archives.neohapsis.com/archives/hp/2002-q2/0037.html
HP:HPSBUX0205-193
http://www.iss.net/security_center/static/9038.php
XF:hp-virtualvault-admin-access(9038)
CVE-2002-0764
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
2002-07-26
2002-07-31
CVE-2002-0764
http://www.securityfocus.com/bid/4763
BID:4763
http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
BUGTRAQ:20020517 Phorum 3.3.2a remote command execution
http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
BUGTRAQ:20020518 Phorum 3.3.2a has another bug for remote command execution
http://www.phorum.org/
CONFIRM:http://www.phorum.org/
http://www.iss.net/security_center/static/9107.php
XF:phorum-php-command-execution(9107)
CVE-2002-0765
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
2003-04-02
2002-07-31
CVE-2002-0765
http://www.securityfocus.com/bid/4803
BID:4803
http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html
BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd)
http://www.openbsd.org/errata.html#sshbsdauth
OPENBSD:20020522 004: SECURITY FIX: May 22, 2002
http://www.osvdb.org/5113
OSVDB:5113
http://www.iss.net/security_center/static/9215.php
XF:bsd-sshd-authentication-error(9215)
CVE-2002-0766
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
2003-04-02
2002-07-31
CVE-2002-0766
http://www.securityfocus.com/bid/4708
BID:4708
http://online.securityfocus.com/archive/1/271702
BUGTRAQ:20020509 OpenBSD local DoS and root exploit
http://www.kb.cert.org/vuls/id/314963
CERT-VN:VU#314963
http://www.openbsd.org/errata.html#fdalloc2
OPENBSD:20020508 003: SECURITY FIX: May 8, 2002
http://www.osvdb.org/5114
OSVDB:5114
http://www.osvdb.org/5715
OSVDB:5715
VULNWATCH:20020509 OpenBSD local DoS and root exploit
http://www.iss.net/security_center/static/9048.php
XF:openbsd-file-descriptor-dos(9048)
CVE-2002-0767
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
2002-07-26
2002-07-31
CVE-2002-0767
http://www.securityfocus.com/bid/5001
BID:5001
http://online.securityfocus.com/archive/1/276739
BUGTRAQ:20020613 simpleinit root exploit - file descriptor left open
http://www.iss.net/security_center/static/9357.php
XF:simpleinit-file-descriptor-open(9357)
CVE-2002-0768
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
2003-04-02
2002-07-31
CVE-2002-0768
http://www.novell.com/linux/security/advisories/2002_18_lukemftp.html
SUSE:SuSE-SA:2002:018
http://www.iss.net/security_center/static/9130.php
XF:lukemftp-pasv-bo(9130)
CVE-2002-0769
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.
2002-07-26
2002-07-31
CVE-2002-0769
http://www.securityfocus.com/bid/4711
BID:4711
http://www.securityfocus.com/bid/4712
BID:4712
http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html
BUGTRAQ:20020509 Cisco ATA-186 admin password can be trivially circumvented
http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
CISCO:20020523 ATA-186 Password Disclosure Vulnerability
http://www.iss.net/security_center/static/9057.php
XF:cisco-ata-bypass-auth(9057)
http://www.iss.net/security_center/static/9056.php
XF:cisco-ata-reveal-info(9056)
CVE-2002-0770
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
2002-07-26
2005-11-27
CVE-2002-0770
http://www.securityfocus.com/bid/4744
BID:4744
http://online.securityfocus.com/archive/1/272548
BUGTRAQ:20020514 Remote quake 2 3.2x server cvar leak
http://www.kb.cert.org/vuls/id/970915
CERT-VN:VU#970915
http://www.quakesrc.org/forum/topicDisplay.php?topicID=160
MISC:http://www.quakesrc.org/forum/topicDisplay.php?topicID=160
http://www.osvdb.org/11187
OSVDB:11187
http://www.iss.net/security_center/static/9095.php
XF:quake2-unexpanded-var-disclosure(9095)
CVE-2002-0771
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
2002-07-26
2016-11-17
CVE-2002-0771
http://www.securityfocus.com/bid/4818
BID:4818
http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html
BUGTRAQ:20020518 cross-site scripting bug of ViewCVS
http://www.iss.net/security_center/static/9112.php
XF:viewcvs-css(9112)
CVE-2002-0772
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
2002-07-26
2002-07-31
CVE-2002-0772
http://www.securityfocus.com/bid/4759
BID:4759
http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html
BUGTRAQ:20020517 Hosting Controller still have dangerous bugs!
http://www.iss.net/security_center/static/9104.php
XF:hosting-controller-dsnmanager-traversal(9104)
CVE-2002-0773
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
2002-07-26
2002-07-31
CVE-2002-0773
http://www.securityfocus.com/bid/4761
BID:4761
http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html
BUGTRAQ:20020517 Hosting Controller still have dangerous bugs!
http://www.iss.net/security_center/static/9105.php
XF:hosting-controller-improotdir-commands(9105)
CVE-2002-0774
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
2002-07-26
2002-07-31
CVE-2002-0774
http://www.securityfocus.com/bid/4779
BID:4779
http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
BUGTRAQ:20020519 Another vulnerability in hosting controller
http://www.iss.net/security_center/static/9131.php
XF:hosting-controller-default-account(9131)
CVE-2002-0775
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
2002-07-26
2002-07-31
CVE-2002-0775
http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
BUGTRAQ:20020519 Another vulnerability in hosting controller
http://hostingcontroller.com/english/logs/sp2log.html
CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html
http://www.hostingcontroller.com/english/patches/ForAll/download/drivebrowse.zip
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/drivebrowse.zip
CVE-2002-0776
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
2003-04-02
2003-03-23
CVE-2002-0776
http://www.securityfocus.com/bid/5229
BID:5229
http://online.securityfocus.com/archive/1/282129
BUGTRAQ:20020713 Hosting Controller Vulnerability
http://hostingcontroller.com/english/logs/sp2log.html
CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html
http://www.iss.net/security_center/static/9554.php
XF:hosting-controller-password-modification(9554)
CVE-2002-0777
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
2003-04-02
2002-07-31
CVE-2002-0777
http://www.securityfocus.com/bid/4780
BID:4780
http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html
BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)
http://www.iss.net/security_center/static/9116.php
XF:imail-ldap-bo(9116)
CVE-2002-0778
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
2003-04-02
2002-07-31
CVE-2002-0778
http://www.securityfocus.com/bid/4751
BID:4751
http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml
CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability
http://www.iss.net/security_center/static/9082.php
XF:cisco-cache-content-tcp-forward(9082)
CVE-2002-0779
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.
2002-07-26
2002-07-31
CVE-2002-0779
http://www.securityfocus.com/bid/4696
BID:4696
http://online.securityfocus.com/archive/1/271475
BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
http://www.iss.net/security_center/static/9031.php
XF:novell-bordermanager-ftp-dos(9031)
CVE-2002-0780
IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.
2002-07-26
2002-07-31
CVE-2002-0780
http://www.securityfocus.com/bid/4697
BID:4697
http://online.securityfocus.com/archive/1/271475
BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
http://www.iss.net/security_center/static/9032.php
XF:novell-bordermanager-ipipx-dos(9032)
CVE-2002-0781
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.
2002-07-26
2002-07-31
CVE-2002-0781
http://www.securityfocus.com/bid/4698
BID:4698
http://online.securityfocus.com/archive/1/271475
BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
http://www.iss.net/security_center/static/9033.php
XF:novell-bordermanager-rtsp-dos(9033)
CVE-2002-0782
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
2002-07-26
2002-07-31
CVE-2002-0782
http://www.securityfocus.com/bid/4726
BID:4726
http://online.securityfocus.com/archive/1/271957
BUGTRAQ:20020510 Re: cqure.net.20020412.bordermanager_36_mv1.a
http://www.iss.net/security_center/static/9062.php
XF:novell-bordermanager-conntable-dos(9062)
CVE-2002-0783
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
2002-07-26
2002-07-31
CVE-2002-0783
http://www.securityfocus.com/bid/4745
BID:4745
http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html
BUGTRAQ:20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]
http://www.iss.net/security_center/static/9096.php
XF:opera-sameoriginpolicy-bypass(9096)
CVE-2002-0784
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot).
2002-07-26
2002-07-31
CVE-2002-0784
http://www.securityfocus.com/bid/4691
BID:4691
http://archives.neohapsis.com/archives/bugtraq/2002-05/0039.html
BUGTRAQ:20020507 Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability
http://www.lysias.de/send/news/index.php?page=3
CONFIRM:http://www.lysias.de/send/news/index.php?page=3
http://www.iss.net/security_center/static/9028.php
XF:lidek-webserver-directory-traversal(9028)
CVE-2002-0785
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.
2003-04-02
2002-07-31
CVE-2002-0785
http://www.securityfocus.com/bid/4709
BID:4709
http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
BUGTRAQ:20020508 Hole in AOL Instant Messenger
http://www.kb.cert.org/vuls/id/259435
CERT-VN:VU#259435
http://www.osvdb.org/5109
OSVDB:5109
http://www.iss.net/security_center/static/9058.php
XF:aim-addbuddy-bo(9058)
CVE-2002-0786
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.
2002-07-26
2002-07-31
CVE-2002-0786
http://www.securityfocus.com/bid/4718
BID:4718
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html
VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues
http://www.iss.net/security_center/static/9054.php
XF:injoin-admin-interface-view-files(9054)
CVE-2002-0787
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
2002-07-26
2002-07-31
CVE-2002-0787
http://www.securityfocus.com/bid/4717
BID:4717
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html
VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues
http://www.iss.net/security_center/static/9053.php
XF:injoin-admin-interface-css(9053)
CVE-2002-0788
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
2003-04-02
2002-07-31
CVE-2002-0788
http://www.securityfocus.com/bid/4702
BID:4702
http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html
BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
http://www.osvdb.org/4363
OSVDB:4363
http://www.iss.net/security_center/static/9044.php
XF:pgp-ntfs-reveal-data(9044)
CVE-2002-0789
Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.
2003-04-02
2002-07-31
CVE-2002-0789
http://www.securityfocus.com/bid/4724
BID:4724
http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html
BUGTRAQ:20020511 Bug in mnogosearch-3.1.19
http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz
CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz
http://www.mnogosearch.org/history.html#log31
MISC:http://www.mnogosearch.org/history.html#log31
http://www.iss.net/security_center/static/9060.php
XF:mnogosearch-search-cgi-bo(9060)
CVE-2002-0790
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
2003-04-02
2002-07-31
CVE-2002-0790
http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin
AIXAPAR:IY24556
CVE-2002-0791
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
2002-07-26
2002-07-31
CVE-2002-0791
http://www.securityfocus.com/bid/4693
BID:4693
http://online.securityfocus.com/archive/1/271589
BUGTRAQ:20020508 Re: cqure.net.20020408.netware_nwftpd.a
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2962252.htm
MISC:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2962252.htm
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0059.html
VULNWATCH:20020508 [VulnWatch] cqure.net.20020408.netware_nwftpd.a
http://www.iss.net/security_center/static/9034.php
XF:netware-ftp-dos(9034)
CVE-2002-0792
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
2002-07-26
2005-03-12
CVE-2002-0792
http://www.securityfocus.com/bid/4747
BID:4747
http://www.securityfocus.com/bid/4748
BID:4748
http://www.kb.cert.org/vuls/id/330275
CERT-VN:VU#330275
http://www.kb.cert.org/vuls/id/686939
CERT-VN:VU#686939
http://www.cisco.com/warp/public/707/css-http-post-pub.shtml
CISCO:20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities
http://www.iss.net/security_center/static/9083.php
XF:cisco-css-http-dos(9083)
CVE-2002-0793
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
2002-07-26
2017-07-10
CVE-2002-0793
http://www.securityfocus.com/bid/4901
BID:4901
http://www.securityfocus.com/bid/4902
BID:4902
http://www.securityfocus.com/bid/4903
BID:4903
http://www.securityfocus.com/bid/4904
BID:4904
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
BUGTRAQ:20020531 Multiple vulnerabilities in QNX
https://exchange.xforce.ibmcloud.com/vulnerabilities/9232
XF:qnx-rtos-crttrap-c(9232)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9234
XF:qnx-rtos-dumper-symlink(9234)
http://www.iss.net/security_center/static/9231.php
XF:qnx-rtos-monitor-f(9231)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9233
XF:qnx-rtos-watcom-sample(9233)
CVE-2002-0794
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.
2003-04-02
2002-07-31
CVE-2002-0794
http://www.securityfocus.com/bid/4879
BID:4879
http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html
FREEBSD:FreeBSD-SA-02:26
http://www.osvdb.org/5081
OSVDB:5081
http://www.iss.net/security_center/static/9209.php
XF:freebsd-accept-filter-dos(9209)
CVE-2002-0795
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
2003-04-02
2002-07-31
CVE-2002-0795
http://www.securityfocus.com/bid/4880
BID:4880
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc
FREEBSD:FreeBSD-SA-02:27
http://www.osvdb.org/5083
OSVDB:5083
http://www.iss.net/security_center/static/9217.php
XF:freebsd-rc-delete-directories(9217)
CVE-2002-0796
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
2002-07-26
2017-10-09
CVE-2002-0796
http://www.securityfocus.com/bid/4932
BID:4932
http://marc.info/?l=bugtraq&m=102321107714554&w=2
BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11
OVAL:oval:org.mitre.oval:def:11
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A114
OVAL:oval:org.mitre.oval:def:114
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219
SUN:00219
http://www.iss.net/security_center/static/9241.php
XF:solaris-snmpdx-format-string(9241)
CVE-2002-0797
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
2002-07-26
2017-10-09
CVE-2002-0797
http://www.securityfocus.com/bid/4933
BID:4933
http://marc.info/?l=bugtraq&m=102321107714554&w=2
BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A62
OVAL:oval:org.mitre.oval:def:62
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A94
OVAL:oval:org.mitre.oval:def:94
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219
SUN:00219
http://www.iss.net/security_center/static/9242.php
XF:solaris-mibiisa-bo(9242)
CVE-2002-0798
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
2002-07-26
2017-10-09
CVE-2002-0798
http://www.securityfocus.com/bid/4886
BID:4886
http://archives.neohapsis.com/archives/hp/2002-q2/0059.html
HP:HPSBUX0205-194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5623
OVAL:oval:org.mitre.oval:def:5623
http://www.iss.net/security_center/static/9207.php
XF:hpux-sd-view-files(9207)
CVE-2002-0799
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
2002-07-26
2002-07-31
CVE-2002-0799
http://www.securityfocus.com/bid/4789
BID:4789
http://online.securityfocus.com/archive/1/273512
BUGTRAQ:20020521 YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!
http://www.iss.net/security_center/static/9132.php
XF:cmailserver-user-bo(9132)
CVE-2002-0800
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
2002-07-26
2002-07-31
CVE-2002-0800
http://www.securityfocus.com/bid/4912
BID:4912
http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html
BUGTRAQ:20020601 BadBlue Web Server v1.7.0 Directory Contents Disclosure
http://www.iss.net/security_center/static/9239.php
XF:badblue-directory-contents-disclosure(9239)
CVE-2002-0801
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
2003-04-02
2002-07-31
CVE-2002-0801
http://www.securityfocus.com/bid/4873
BID:4873
http://online.securityfocus.com/archive/1/274601
BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)
http://online.securityfocus.com/archive/1/274528
BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
http://www.cert.org/advisories/CA-2002-14.html
CERT:CA-2002-14
http://www.kb.cert.org/vuls/id/703835
CERT-VN:VU#703835
http://www.osvdb.org/5082
OSVDB:5082
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html
VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
http://www.iss.net/security_center/static/9194.php
XF:jrun-isapi-host-bo(9194)
CVE-2002-0802
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
2003-04-02
2003-03-23
CVE-2002-0802
http://marc.info/?l=postgresql-general&m=102032794322362
MISC:http://marc.info/?l=postgresql-general&m=102032794322362
http://www.redhat.com/support/errata/RHSA-2002-149.html
REDHAT:RHSA-2002:149
http://www.iss.net/security_center/static/10328.php
XF:postgresql-sqlascii-sql-injection(10328)
CVE-2002-0803
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
2002-07-31
2007-10-31
CVE-2002-0803
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=126801
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=126801
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc
MISC:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9300.php
XF:bugzilla-queryhelp-obtain-information(9300)
CVE-2002-0804
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
2003-04-02
2003-03-23
CVE-2002-0804
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=129466
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466
http://www.osvdb.org/6394
OSVDB:6394
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9301.php
XF:bugzilla-reversedns-hostname-spoof(9301)
CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
2003-04-02
2003-03-23
CVE-2002-0805
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=134575
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575
http://www.osvdb.org/6395
OSVDB:6395
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9302.php
XF:bugzilla-world-writable-dir(9302)
CVE-2002-0806
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
2003-04-02
2003-03-23
CVE-2002-0806
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=141557
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557
http://www.osvdb.org/5080
OSVDB:5080
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9303.php
XF:bugzilla-edituser-user-delete(9303)
CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
2002-07-31
2007-10-31
CVE-2002-0807
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=146447
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=146447
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9304.php
XF:bugzilla-real-name-xss(9304)
CVE-2002-0808
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
2003-04-02
2003-03-23
CVE-2002-0808
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=107718
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9305.php
XF:bugzilla-masschange-change-groupset(9305)
CVE-2002-0809
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
2003-04-02
2003-03-23
CVE-2002-0809
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=148674
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/10141.php
XF:bugzilla-group-permissions-removal(10141)
CVE-2002-0810
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
2003-04-02
2003-03-23
CVE-2002-0810
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=92263
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.osvdb.org/6399
OSVDB:6399
http://www.redhat.com/support/errata/RHSA-2002-109.html
REDHAT:RHSA-2002:109
http://www.iss.net/security_center/static/9306.php
XF:bugzilla-shadow-database-information(9306)
CVE-2002-0811
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
2002-07-31
2002-08-14
CVE-2002-0811
http://www.securityfocus.com/bid/4964
BID:4964
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
http://bugzilla.mozilla.org/show_bug.cgi?id=130821
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=130821
REDHAT:RHSA-2002:109
CVE-2002-0812
Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
2002-08-10
2004-07-24
CVE-2002-0812
http://www.securityfocus.com/bid/5436
BID:5436
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0066.html
VULNWATCH:20020809 Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0075.html
VULNWATCH:20020813 Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points [updated]
http://www.iss.net/security_center/static/9810.php
XF:orinoco-rg-default-snmp(9810)
CVE-2002-0813
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
2003-04-02
2009-03-01
CVE-2002-0813
http://www.securityfocus.com/bid/5328
BID:5328
http://online.securityfocus.com/archive/1/284634
BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp
http://marc.info/?l=bugtraq&m=103002169829669&w=2
BUGTRAQ:20020822 Cisco IOS exploit PoC
http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
CISCO:20020730 TFTP Long Filename Vulnerability
http://www.osvdb.org/854
OSVDB:854
http://www.iss.net/security_center/static/9700.php
XF:cisco-tftp-filename-bo(9700)
CVE-2002-0814
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
2003-04-02
2002-08-31
CVE-2002-0814
http://www.securityfocus.com/bid/5294
BID:5294
http://marc.info/?l=bugtraq&m=102752511030425&w=2
BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow
http://marc.info/?l=bugtraq&m=102765223418716&w=2
BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow
http://www.vmware.com/download/gsx_security.html
CONFIRM:http://www.vmware.com/download/gsx_security.html
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html
NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert
http://www.iss.net/security_center/static/9663.php
XF:vmware-gsx-auth-bo(9663)
CVE-2002-0815
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
2002-08-01
2016-10-17
CVE-2002-0815
http://marc.info/?l=bugtraq&m=102798282208686&w=2
BUGTRAQ:20020729 RE: XWT Foundation Advisory
http://marc.info/?l=bugtraq&m=102796732924658&w=2
BUGTRAQ:20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers
CVE-2002-0816
Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.
2003-04-02
2002-08-30
CVE-2002-0816
http://www.securityfocus.com/bid/5272
BID:5272
http://marc.info/?l=bugtraq&m=102709593117171&w=2
BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass
http://www.kb.cert.org/vuls/id/229867
CERT-VN:VU#229867
http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
COMPAQ:SSRT2257
http://www.iss.net/security_center/static/9640.php
XF:tru64-su-bo(9640)
CVE-2002-0817
Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.
2003-04-02
2003-03-23
CVE-2002-0817
http://www.securityfocus.com/bid/5367
BID:5367
http://marc.info/?l=bugtraq&m=102812622416695&w=2
BUGTRAQ:20020731 The SUPER Bug
http://www.debian.org/security/2002/dsa-139
DEBIAN:DSA-139
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html
VULNWATCH:20020730 The SUPER Bug
http://www.iss.net/security_center/static/9741.php
XF:super-syslog-format-string(9741)
CVE-2002-0818
wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.
2003-04-02
2003-03-23
CVE-2002-0818
http://www.securityfocus.com/bid/5260
BID:5260
http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html
BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-048.0.txt
CALDERA:CSSA-2002-048.0
http://www.debian.org/security/2002/dsa-144
DEBIAN:DSA-144
http://marc.info/?l=bugtraq&m=102821890317683&w=2
SUSE:SuSE-SA:2002:029
http://www.iss.net/security_center/static/9619.php
XF:wwwoffle-neg-length-bo(9619)
CVE-2002-0819
Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.
2002-08-02
2016-10-17
CVE-2002-0819
http://marc.info/?l=bugtraq&m=102607688730228&w=2
BUGTRAQ:20020706 LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT
http://marc.info/?l=kde-multimedia&m=102607939232023&w=2
CONFIRM:http://marc.info/?l=kde-multimedia&m=102607939232023&w=2
http://marc.info/?l=vuln-dev&m=102614898620164&w=2
VULN-DEV:20020613 Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT
CVE-2002-0820
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
2002-08-02
2016-10-17
CVE-2002-0820
http://marc.info/?l=bugtraq&m=102979180524452&w=2
BUGTRAQ:20020819 Freebsd FD exploit
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
FREEBSD:FreeBSD-SA-02:23
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16
MISC:http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html
VULNWATCH:20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows
CVE-2002-0821
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
2002-08-02
2002-08-14
CVE-2002-0821
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
CONECTIVA:CLSA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00005.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html
REDHAT:RHSA-2002:169
CVE-2002-0822
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
2002-08-02
2008-03-03
CVE-2002-0822
http://www.securityfocus.com/bid/5167
BID:5167
CONECTIVA:CLA-2002:505
http://www.ethereal.com/appnotes/enpa-sa-00005.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html
REDHAT:RHSA-2002:169
CVE-2002-0823
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
2003-04-02
2007-10-15
CVE-2002-0823
http://www.securityfocus.com/bid/4857
BID:4857
http://marc.info/?l=bugtraq&m=102822806329440&w=2
BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun
http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338
MSKB:Q293338
NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun
http://www.osvdb.org/2991
OSVDB:2991
http://www.iss.net/security_center/static/9746.php
XF:htmlhelp-item-bo(9746)
CVE-2002-0824
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
2003-04-02
2003-03-23
CVE-2002-0824
http://www.securityfocus.com/bid/5355
BID:5355
http://marc.info/?l=bugtraq&m=102812546815606&w=2
FREEBSD:FreeBSD-SA-02:32.pppd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc
NETBSD:NetBSD-SA2002-010
http://www.openbsd.org/errata31.html
OPENBSD:20020729 011: SECURITY FIX: July 29, 2002
http://www.iss.net/security_center/static/9738.php
XF:pppd-race-condition(9738)
CVE-2002-0825
Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2002-08-07
2002-08-31
CVE-2002-0825
http://www.padl.com/Articles/PotentialBufferOverflowin.html
CONFIRM:http://www.padl.com/Articles/PotentialBufferOverflowin.html
CVE-2002-0826
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
2003-04-02
2003-03-23
CVE-2002-0826
http://www.atstake.com/research/advisories/2002/a080802-1.txt
ATSTAKE:A080802-1
http://www.securityfocus.com/bid/5427
BID:5427
http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
http://www.iss.net/security_center/static/9794.php
XF:wsftp-site-cpwd-bo(9794)
CVE-2002-0827
Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.
2002-08-07
2002-08-20
CVE-2002-0827
http://www.securityfocus.com/bid/5051
BID:5051
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27/CSSA-2002-SCO.27.txt
CALDERA:CSSA-2002-SCO.27.txt
http://www.iss.net/security_center/static/9380.php
XF:ppptalk-local-elevated-privileges(9380)
CVE-2002-0828
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0862. Reason: This is a duplicate of CVE-2002-0862. Notes: All CVE users should reference CVE-2002-0862 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-08-07
2005-02-03
CVE-2002-0828
CVE-2002-0829
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
2003-04-02
2003-03-23
CVE-2002-0829
http://www.securityfocus.com/bid/5399
BID:5399
http://marc.info/?l=bugtraq&m=102865404413458&w=2
FREEBSD:FreeBSD-SA-02:35.ffs
http://www.osvdb.org/5073
OSVDB:5073
http://www.iss.net/security_center/static/9771.php
XF:freebsd-ffs-integer-overflow(9771)
CVE-2002-0830
Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.
2003-04-02
2007-10-15
CVE-2002-0830
http://www.securityfocus.com/bid/5402
BID:5402
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://marc.info/?l=bugtraq&m=102865517214722&w=2
FREEBSD:FreeBSD-SA-02:36.nfs
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc
NETBSD:NetBSD-SA2002-013
http://www.osvdb.org/5072
OSVDB:5072
https://exchange.xforce.ibmcloud.com/vulnerabilities/9772
XF:bsd-nfs-rpc-dos(9772)
CVE-2002-0831
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
2003-04-02
2003-03-24
CVE-2002-0831
http://www.securityfocus.com/bid/5405
BID:5405
http://marc.info/?l=bugtraq&m=102865142610126&w=2
FREEBSD:FreeBSD-SA-02:37.kqueue
http://www.osvdb.org/5069
OSVDB:5069
http://www.iss.net/security_center/static/9774.php
XF:freebsd-kqueue-dos(9774)
CVE-2002-0832
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
2002-08-07
2016-10-17
CVE-2002-0832
http://marc.info/?l=bugtraq&m=102864890006745&w=2
BUGTRAQ:20020804 Bypassing cookie restrictions in IE 5+6
CVE-2002-0833
Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.
2002-08-07
2016-10-17
CVE-2002-0833
http://www.securityfocus.com/bid/5397
BID:5397
http://marc.info/?l=bugtraq&m=102858453720304&w=2
BUGTRAQ:20020805 [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability
http://marc.info/?l=bugtraq&m=102883538924494&w=2
BUGTRAQ:20020808 [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/9765.php
XF:eudora-boundary-bo(9765)
CVE-2002-0834
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
2002-08-23
2002-08-31
CVE-2002-0834
http://www.ethereal.com/appnotes/enpa-sa-00006.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00006.html
REDHAT:RHSA-2002:169
CVE-2002-0835
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
2004-09-01
2002-11-14
CVE-2002-0835
http://www.securityfocus.com/bid/5596
BID:5596
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
CALDERA:CSSA-2002-044.0
http://online.securityfocus.com/advisories/4449
HP:HPSBTL0209-066
http://www.redhat.com/support/errata/RHSA-2002-162.html
REDHAT:RHSA-2002:162
http://www.redhat.com/support/errata/RHSA-2002-165.html
REDHAT:RHSA-2002:165
http://www.iss.net/security_center/static/10003.php
XF:pxe-dhcp-dos(10003)
CVE-2002-0836
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
2004-09-01
2004-07-24
CVE-2002-0836
http://www.securityfocus.com/bid/5978
BID:5978
http://marc.info/?l=bugtraq&m=103497852330838&w=2
BUGTRAQ:20021018 GLSA: tetex
http://marc.info/?l=bugtraq&m=104005975415582&w=2
BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)
http://www.kb.cert.org/vuls/id/169841
CERT-VN:VU#169841
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
CONECTIVA:CLA-2002:537
http://www.debian.org/security/2002/dsa-207
DEBIAN:DSA-207
http://www.securityfocus.com/advisories/4567
HP:HPSBTL0210-073
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
MANDRAKE:MDKSA-2002:070
http://www.redhat.com/support/errata/RHSA-2002-194.html
REDHAT:RHSA-2002:194
http://www.redhat.com/support/errata/RHSA-2002-195.html
REDHAT:RHSA-2002:195
http://www.iss.net/security_center/static/10365.php
XF:dvips-system-execute-commands(10365)
CVE-2002-0837
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.
2002-09-10
2016-10-17
CVE-2002-0837
http://www.securityfocus.com/bid/5671
BID:5671
http://www.securityfocus.com/bid/5674
BID:5674
http://marc.info/?l=bugtraq&m=103158607631137&w=2
BUGTRAQ:20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities
http://www.guardent.com/comp_news_wordtrans-web.html#
MISC:http://www.guardent.com/comp_news_wordtrans-web.html#
http://rhn.redhat.com/errata/RHSA-2002-188.html
REDHAT:RHSA-2002:188
http://www.iss.net/security_center/static/10063.php
XF:wordtrans-web-code-execution(10063)
http://www.iss.net/security_center/static/10059.php
XF:wordtrans-web-php-xss(10059)
CVE-2002-0838
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
2002-10-01
2016-10-17
CVE-2002-0838
http://www.securityfocus.com/bid/5808
BID:5808
http://marc.info/?l=bugtraq&m=103305778615625&w=2
BUGTRAQ:20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
http://marc.info/?l=bugtraq&m=103305615613319&w=2
BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
http://marc.info/?l=bugtraq&m=103487806800388&w=2
BUGTRAQ:20021017 GLSA: ggv
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt
CALDERA:CSSA-2002-053.0
http://www.kb.cert.org/vuls/id/600777
CERT-VN:VU#600777
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542
CONECTIVA:CLA-2002:542
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security
http://www.kde.org/info/security/advisory-20021008-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
http://www.debian.org/security/2002/dsa-176
DEBIAN:DSA-176
http://www.debian.org/security/2002/dsa-179
DEBIAN:DSA-179
http://www.debian.org/security/2002/dsa-182
DEBIAN:DSA-182
http://www.mandriva.com/security/advisories?name=MDKSA-2002:069
MANDRAKE:MDKSA-2002:069
http://www.mandriva.com/security/advisories?name=MDKSA-2002:071
MANDRAKE:MDKSA-2002:071
http://www.redhat.com/support/errata/RHSA-2002-207.html
REDHAT:RHSA-2002:207
http://www.redhat.com/support/errata/RHSA-2002-212.html
REDHAT:RHSA-2002:212
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.iss.net/security_center/static/10201.php
XF:gv-sscanf-function-bo(10201)
CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
2002-10-05
2021-06-06
CVE-2002-0839
http://www.securityfocus.com/bid/5884
BID:5884
http://marc.info/?l=bugtraq&m=103376585508776&w=2
BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
BUGTRAQ:20021015 GLSA: apache
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
BUGTRAQ:20021017 TSLSA-2002-0069-apache
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
CONECTIVA:CLA-2002:530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://www.apacheweek.com/issues/02-10-04
CONFIRM:http://www.apacheweek.com/issues/02-10-04
http://www.debian.org/security/2002/dsa-187
DEBIAN:DSA-187
http://www.debian.org/security/2002/dsa-188
DEBIAN:DSA-188
http://www.debian.org/security/2002/dsa-195
DEBIAN:DSA-195
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
ENGARDE:ESA-20021007-024
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP:HPSBOV02683
http://online.securityfocus.com/advisories/4617
HP:HPSBUX0210-224
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP:SSRT090208
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
MANDRAKE:MDKSA-2002:068
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
SGI:20021105-01-I
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
VULNWATCH:20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities
http://www.iss.net/security_center/static/10280.php
XF:apache-scorecard-memory-overwrite(10280)
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
2004-09-01
2021-06-06
CVE-2002-0840
http://www.securityfocus.com/bid/5847
BID:5847
http://marc.info/?l=bugtraq&m=103357160425708&w=2
BUGTRAQ:20021002 Apache 2 Cross-Site Scripting
http://marc.info/?l=bugtraq&m=103376585508776&w=2
BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
BUGTRAQ:20021017 TSLSA-2002-0069-apache
http://www.kb.cert.org/vuls/id/240329
CERT-VN:VU#240329
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
CONECTIVA:CLA-2002:530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://www.apacheweek.com/issues/02-10-04
CONFIRM:http://www.apacheweek.com/issues/02-10-04
http://www.debian.org/security/2002/dsa-187
DEBIAN:DSA-187
http://www.debian.org/security/2002/dsa-188
DEBIAN:DSA-188
http://www.debian.org/security/2002/dsa-195
DEBIAN:DSA-195
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
ENGARDE:ESA-20021007-024
http://online.securityfocus.com/advisories/4617
HP:HPSBUX0210-224
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
MANDRAKE:MDKSA-2002:068
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.osvdb.org/862
OSVDB:862
http://www.redhat.com/support/errata/RHSA-2002-222.html
REDHAT:RHSA-2002:222
http://www.redhat.com/support/errata/RHSA-2002-243.html
REDHAT:RHSA-2002:243
http://www.redhat.com/support/errata/RHSA-2002-244.html
REDHAT:RHSA-2002:244
http://www.redhat.com/support/errata/RHSA-2002-248.html
REDHAT:RHSA-2002:248
http://www.redhat.com/support/errata/RHSA-2002-251.html
REDHAT:RHSA-2002:251
http://www.redhat.com/support/errata/RHSA-2003-106.html
REDHAT:RHSA-2003:106
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
SGI:20021105-02-I
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
VULNWATCH:20021002 Apache 2 Cross-Site Scripting
https://exchange.xforce.ibmcloud.com/vulnerabilities/10241
XF:apache-http-host-xss(10241)
CVE-2002-0841
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0842. Reason: This candidate is a duplicate of CVE-2002-0842. The duplicate assignment was made before public disclosure. Notes: none.
2003-02-21
2004-01-26
CVE-2002-0841
CVE-2002-0842
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
2004-09-01
2007-11-28
CVE-2002-0842
http://www.securityfocus.com/bid/6846
BID:6846
http://marc.info/?l=bugtraq&m=104549708626309&w=2
BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
http://marc.info/?l=bugtraq&m=104559446010858&w=2
BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
http://marc.info/?l=bugtraq&m=104560577227981&w=2
BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
http://www.cert.org/advisories/CA-2003-05.html
CERT:CA-2003-05
http://www.kb.cert.org/vuls/id/849993
CERT-VN:VU#849993
http://www.ciac.org/ciac/bulletins/n-046.shtml
CIAC:N-046
http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
FULLDISC:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
http://www.nextgenss.com/advisories/ora-appservfmtst.txt
MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt
http://marc.info/?l=bugtraq&m=104549708626309&w=2
NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html
VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
http://www.iss.net/security_center/static/11330.php
XF:oracle-appserver-davpublic-dos(11330)
CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
2002-10-05
2021-06-06
CVE-2002-0843
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
AIXAPAR:IY87070
http://www.securityfocus.com/bid/5887
BID:5887
http://www.securityfocus.com/bid/5995
BID:5995
http://www.securityfocus.com/bid/5996
BID:5996
http://marc.info/?l=bugtraq&m=103376585508776&w=2
BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
BUGTRAQ:20021016 Apache 1.3.26
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
BUGTRAQ:20021017 TSLSA-2002-0069-apache
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
CONECTIVA:000530
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
CONECTIVA:CLA-2002:530
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
CONECTIVA:CLSA-2002:530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://www.apacheweek.com/issues/02-10-04
CONFIRM:http://www.apacheweek.com/issues/02-10-04
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
http://www.debian.org/security/2002/dsa-187
DEBIAN:DSA-187
http://www.debian.org/security/2002/dsa-188
DEBIAN:DSA-188
http://www.debian.org/security/2002/dsa-195
DEBIAN:DSA-195
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
ENGARDE:ESA-20021007-024
http://online.securityfocus.com/advisories/4617
HP:HPSBUX0210-224
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
MANDRAKE:MDKSA-2002:068
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://secunia.com/advisories/21425
SECUNIA:21425
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
SGI:20021105-01-I
http://www.vupen.com/english/advisories/2006/3263
VUPEN:ADV-2006-3263
http://www.iss.net/security_center/static/10281.php
XF:apache-apachebench-response-bo(10281)
CVE-2002-0844
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
2004-09-01
2011-07-16
CVE-2002-0844
http://www.securityfocus.com/bid/4829
BID:4829
http://marc.info/?l=bugtraq&m=102233767925177&w=2
BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt
CALDERA:CSSA-2002-035.0
http://www.redhat.com/support/errata/RHSA-2004-004.html
REDHAT:RHSA-2004:004
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD
https://exchange.xforce.ibmcloud.com/vulnerabilities/9175
XF:cvs-rcs-offbyone-bo(9175)
CVE-2002-0845
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.
2003-04-02
2002-08-23
CVE-2002-0845
http://www.securityfocus.com/bid/5433
BID:5433
http://marc.info/?l=bugtraq&m=102890933623192&w=2
BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html
CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html
http://www.iss.net/security_center/static/9799.php
XF:iplanet-chunked-encoding-bo(9799)
CVE-2002-0846
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
2003-04-02
2003-03-24
CVE-2002-0846
http://www.securityfocus.com/bid/5430
BID:5430
BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow
http://marc.info/?l=bugtraq&m=103072708329280&w=2
BUGTRAQ:20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow
http://www.macromedia.com/v1/handlers/index.cfm?ID=23293
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293
http://www.redhat.com/support/errata/RHSA-2003-026.html
REDHAT:RHSA-2003:026
http://www.redhat.com/support/errata/RHSA-2003-027.html
REDHAT:RHSA-2003:027
http://www.iss.net/security_center/static/9798.php
XF:flash-swf-header-bo(9798)
CVE-2002-0847
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
2003-04-02
2002-08-31
CVE-2002-0847
http://www.securityfocus.com/bid/4731
BID:4731
http://sourceforge.net/project/shownotes.php?release_id=88790
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790
https://www.debian.org/security/2002/dsa-145
DEBIAN:DSA-145
http://www.iss.net/security_center/static/9079.php
XF:tinyproxy-memory-corruption(9079)
CVE-2002-0848
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
2003-04-02
2003-03-24
CVE-2002-0848
http://www.securityfocus.com/bid/5417
BID:5417
http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
http://www.iss.net/security_center/static/9781.php
XF:cisco-vpn5000-plaintext-password(9781)
CVE-2002-0849
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password.
2002-08-10
2016-10-17
CVE-2002-0849
http://www.securityfocus.com/bid/5423
BID:5423
http://marc.info/?l=bugtraq&m=102891036424424&w=2
BUGTRAQ:20020808 Re: [VulnWatch] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
http://marc.info/?l=bugtraq&m=102882056105806&w=2
BUGTRAQ:20020808 iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
http://www.iss.net/security_center/static/9792.php
XF:linux-iscsi-conf-insecure(9792)
CVE-2002-0850
Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted.
2004-09-01
2004-07-24
CVE-2002-0850
http://www.securityfocus.com/bid/5656
BID:5656
http://marc.info/?l=bugtraq&m=103133995920090&w=2
BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt
CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html
VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
https://exchange.xforce.ibmcloud.com/vulnerabilities/10043
XF:pgp-long-filename-bo(10043)
CVE-2002-0851
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.
2003-04-02
2002-08-31
CVE-2002-0851
http://www.securityfocus.com/bid/5437
BID:5437
SUSE:SuSE-SA:2002:030
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html
VULNWATCH:20020809 Local Root Exploit
http://www.iss.net/security_center/static/9811.php
XF:isdn4linux-ipppd-format-string(9811)
CVE-2002-0852
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
2002-08-14
2002-08-31
CVE-2002-0852
http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
CVE-2002-0853
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.
2003-04-02
2003-03-24
CVE-2002-0853
http://www.securityfocus.com/bid/5440
BID:5440
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
http://www.iss.net/security_center/static/9821.php
XF:cisco-vpn-zerolength-dos(9821)
CVE-2002-0854
Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges.
2002-08-14
2017-11-01
CVE-2002-0854
https://lists.opensuse.org/opensuse-security-announce/2002-08/msg00006.html
SUSE:SuSE-SA:2002:030
CVE-2002-0855
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
2002-08-14
2003-03-24
CVE-2002-0855
http://www.securityfocus.com/bid/5298
BID:5298
http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html
BUGTRAQ:20020724 cross-site scripting bug of Mailman
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522
CONECTIVA:CLA-2002:522
http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
http://www.debian.org/security/2002/dsa-147
DEBIAN:DSA-147
http://www.redhat.com/support/errata/RHSA-2002-176.html
REDHAT:RHSA-2002:176
http://www.redhat.com/support/errata/RHSA-2002-177.html
REDHAT:RHSA-2002:177
http://www.redhat.com/support/errata/RHSA-2002-178.html
REDHAT:RHSA-2002:178
http://www.redhat.com/support/errata/RHSA-2002-181.html
REDHAT:RHSA-2002:181
http://www.iss.net/security_center/static/9985.php
XF:mailman-subscription-option-xss(9985)
CVE-2002-0856
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
2003-04-02
2003-03-24
CVE-2002-0856
http://www.securityfocus.com/bid/5457
BID:5457
http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html
VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET
http://www.iss.net/security_center/static/9237.php
XF:oracle-listener-debug-dos(9237)
CVE-2002-0857
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
2002-08-20
2016-10-17
CVE-2002-0857
http://www.securityfocus.com/bid/5460
BID:5460
http://marc.info/?l=bugtraq&m=102933735716634&w=2
BUGTRAQ:20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
http://www.kb.cert.org/vuls/id/301059
CERT-VN:VU#301059
http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt
MISC:http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt
http://securitytracker.com/id?1005037
SECTRACK:1005037
CVE-2002-0858
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
2002-08-20
2016-10-17
CVE-2002-0858
http://marc.info/?l=bugtraq&m=102918005402808&w=2
BUGTRAQ:20020812 Vulnerability in Oracle
http://www.osvdb.org/9476
OSVDB:9476
http://www.iss.net/security_center/static/9932.php
XF:oracle-catsnmp-default-account(9932)
CVE-2002-0859
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
2003-04-02
2003-03-24
CVE-2002-0859
http://www.securityfocus.com/bid/5057
BID:5057
http://marc.info/?l=bugtraq&m=102450188620081&w=2
BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)
http://www.nextgenss.com/advisories/mssql-ods.txt
MISC:http://www.nextgenss.com/advisories/mssql-ods.txt
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q282010
MSKB:Q282010
http://www.iss.net/security_center/static/9375.php
XF:mssql-jet-ods-bo(9375)
CVE-2002-0860
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
2003-04-02
2002-08-31
CVE-2002-0860
http://www.securityfocus.com/bid/4453
BID:4453
http://marc.info/?l=bugtraq&m=101829911018463&w=2
BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
MS:MS02-044
http://www.osvdb.org/3007
OSVDB:3007
http://www.iss.net/security_center/static/8778.php
XF:owc-spreadsheet-loadtext-read-files (8778)
CVE-2002-0861
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
2002-08-23
2018-10-12
CVE-2002-0861
http://www.securityfocus.com/bid/4457
BID:4457
http://marc.info/?l=bugtraq&m=101829726516346&w=2
BUGTRAQ:20020408 Controlling the clipboard with OWC in IE (GM#007-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
MS:MS02-044
http://www.iss.net/security_center/static/8779.php
XF:owc-spreadsheet-clipboard-access(8779)
CVE-2002-0862
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
2002-09-10
2018-10-12
CVE-2002-0862
http://marc.info/?l=bugtraq&m=102866120821995&w=2
BUGTRAQ:20020805 IE SSL Vulnerability
http://marc.info/?l=bugtraq&m=102918200405308&w=2
BUGTRAQ:20020812 IE SSL Exploit
http://marc.info/?l=bugtraq&m=102976967730450&w=2
BUGTRAQ:20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
MS:MS02-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056
OVAL:oval:org.mitre.oval:def:1056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332
OVAL:oval:org.mitre.oval:def:1332
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671
OVAL:oval:org.mitre.oval:def:2671
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
XF:ssl-ca-certificate-spoofing(9776)
CVE-2002-0863
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
2002-10-01
2018-10-12
CVE-2002-0863
http://www.securityfocus.com/bid/5711
BID:5711
http://www.securityfocus.com/bid/5712
BID:5712
http://marc.info/?l=bugtraq&m=103235960119404&w=2
BUGTRAQ:20020916 Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities
http://marc.info/?l=bugtraq&m=103236181522253&w=2
BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
http://www.kb.cert.org/vuls/id/865833
CERT-VN:VU#865833
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051
MS:MS02-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A199
OVAL:oval:org.mitre.oval:def:199
http://www.iss.net/security_center/static/10121.php
XF:win-rdp-checksum-leak(10121)
http://www.iss.net/security_center/static/10122.php
XF:win-rdp-keystroke-monitoring(10122)
CVE-2002-0864
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
2004-09-01
2002-12-03
CVE-2002-0864
http://www.securityfocus.com/bid/5713
BID:5713
http://marc.info/?l=bugtraq&m=103235745116592&w=2
BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability
http://marc.info/?l=bugtraq&m=103236181522253&w=2
BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051
MS:MS02-051
http://www.iss.net/security_center/static/10120.php
XF:winxp-remote-desktop-dos(10120)
CVE-2002-0865
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
2004-09-01
2004-07-24
CVE-2002-0865
http://www.securityfocus.com/bid/5752
BID:5752
http://www.kb.cert.org/vuls/id/140898
CERT-VN:VU#140898
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
MS:MS02-052
http://www.iss.net/security_center/static/10135.php
XF:msvm-xml-methods-access(10135)
CVE-2002-0866
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
2004-09-01
2004-07-24
CVE-2002-0866
http://www.securityfocus.com/bid/5751
BID:5751
http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52
http://www.kb.cert.org/vuls/id/307306
CERT-VN:VU#307306
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
MS:MS02-052
http://www.iss.net/security_center/static/10133.php
XF:msvm-jdbc-dll-execution(10133)
CVE-2002-0867
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
2004-09-01
2004-07-24
CVE-2002-0867
http://www.securityfocus.com/bid/5750
BID:5750
http://www.kb.cert.org/vuls/id/792881
CERT-VN:VU#792881
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
MS:MS02-052
http://www.iss.net/security_center/static/10134.php
XF:msvm-jdbc-ie-dos(10134)
CVE-2002-0868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-0868
CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
2002-11-02
2018-10-12
CVE-2002-0869
http://marc.info/?l=bugtraq&m=103642839205574&w=2
BUGTRAQ:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
http://www.ciac.org/ciac/bulletins/n-011.shtml
CIAC:N-011
http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
MISC:http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
MS:MS02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929
OVAL:oval:org.mitre.oval:def:929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A930
OVAL:oval:org.mitre.oval:def:930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A983
OVAL:oval:org.mitre.oval:def:983
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
VULNWATCH:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
http://www.iss.net/security_center/static/10502.php
XF:iis-outofprocess-privilege-elevation(10502)
CVE-2002-0870
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549.
2002-08-20
2002-08-31
CVE-2002-0870
http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml
CISCO:20020814 Cisco Content Service Switch 11000 Series Web Management Vulnerability
CVE-2002-0871
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.
2003-04-02
2003-03-24
CVE-2002-0871
http://www.securityfocus.com/bid/5458
BID:5458
http://marc.info/?l=bugtraq&m=102935383506155&w=2
BUGTRAQ:20020814 GLSA: xinetd
https://www.debian.org/security/2002/dsa-151
DEBIAN:DSA-151
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php
MANDRAKE:MDKSA-2002:053
http://www.redhat.com/support/errata/RHSA-2002-196.html
REDHAT:RHSA-2002:196
http://www.redhat.com/support/errata/RHSA-2003-228.html
REDHAT:RHSA-2003:228
http://www.iss.net/security_center/static/9844.php
XF:xinetd-signal-leak-dos(9844)
CVE-2002-0872
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
2003-04-02
2003-03-24
CVE-2002-0872
http://www.securityfocus.com/bid/5451
BID:5451
BUGTRAQ:20020813 New l2tpd release 0.68
http://www.debian.org/security/2002/dsa-152
DEBIAN:DSA-152
http://www.iss.net/security_center/static/9845.php
XF:l2tpd-rand-number-predictable(9845)
CVE-2002-0873
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.
2003-04-02
2003-03-24
CVE-2002-0873
BUGTRAQ:20020813 New l2tpd release 0.68
http://www.debian.org/security/2002/dsa-152
DEBIAN:DSA-152
http://www.iss.net/security_center/static/10460.php
XF:l2tpd-vendor-field-bo(10460)
CVE-2002-0874
Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.
2002-08-20
2002-08-31
CVE-2002-0874
http://www.debian.org/security/2002/dsa-150
DEBIAN:DSA-150
CVE-2002-0875
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.
2003-04-02
2003-03-24
CVE-2002-0875
http://www.securityfocus.com/bid/5487
BID:5487
http://www.debian.org/security/2002/dsa-154
DEBIAN:DSA-154
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.redhat.com/support/errata/RHSA-2005-005.html
REDHAT:RHSA-2005:005
ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
SGI:20000301-03-I
http://www.iss.net/security_center/static/9880.php
XF:sgi-fam-insecure-permissions(9880)
CVE-2002-0876
Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request.
2002-08-31
2002-09-10
CVE-2002-0876
http://www.securityfocus.com/bid/4897
BID:4897
http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html
BUGTRAQ:20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS
http://online.securityfocus.com/archive/1/281265
BUGTRAQ:20020709 Exploit for previously reported DoS issues in Shambala Server 4.5
http://www.iss.net/security_center/static/9225.php
XF:shambala-web-request-dos(9225)
CVE-2002-0877
Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands.
2002-08-31
2002-09-10
CVE-2002-0877
http://www.securityfocus.com/bid/4896
BID:4896
http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html
BUGTRAQ:20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS
http://www.iss.net/security_center/static/9224.php
XF:shambala-dotdot-directory-traversal(9224)
CVE-2002-0878
SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field.
2002-08-31
2002-09-10
CVE-2002-0878
http://www.securityfocus.com/bid/4931
BID:4931
http://archives.neohapsis.com/archives/bugtraq/2002-06/0010.html
BUGTRAQ:20020604 sql injection in Logisense software
http://www.iss.net/security_center/static/9268.php
XF:logisense-sql-injection(9268)
CVE-2002-0879
showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter.
2002-08-31
2002-09-10
CVE-2002-0879
http://www.securityfocus.com/bid/4882
BID:4882
http://archives.neohapsis.com/archives/bugtraq/2002-05/0256.html
BUGTRAQ:20020529 Gafware's CFXImage vulnerability
http://www.iss.net/security_center/static/9196.php
XF:cfximage-dotdot-directory-traversal(9196)
CVE-2002-0880
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2."
2002-08-31
2002-09-10
CVE-2002-0880
http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones
CVE-2002-0881
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
2002-08-31
2002-09-10
CVE-2002-0881
http://www.securityfocus.com/bid/4799
BID:4799
http://online.securityfocus.com/archive/1/273673
BUGTRAQ:20020522 Multiple Vulnerabilities in CISCO VoIP Phones
http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones
http://www.iss.net/security_center/static/9144.php
XF:cisco-ipphone-configuration-access(9144)
CVE-2002-0882
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
2002-08-31
2002-09-10
CVE-2002-0882
http://www.securityfocus.com/bid/4794
BID:4794
http://www.securityfocus.com/bid/4798
BID:4798
http://online.securityfocus.com/archive/1/273673
BUGTRAQ:20020522 Multiple Vulnerabilities in CISCO VoIP Phones
http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones
http://www.iss.net/security_center/static/9143.php
XF:cisco-ipphone-portinformation(9143)
http://www.iss.net/security_center/static/9142.php
XF:cisco-ipphone-streamingstatistics-dos(9142)
CVE-2002-0883
Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.
2002-08-31
2002-09-10
CVE-2002-0883
http://www.securityfocus.com/bid/4802
BID:4802
http://ftp.support.compaq.com/patches/.new/html/SSRT2179.shtml
COMPAQ:SSRT2179
http://www.iss.net/security_center/static/9202.php
XF:compaq-proliant-gain-access(9202)
CVE-2002-0884
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.
2002-08-31
2002-09-10
CVE-2002-0884
http://www.securityfocus.com/bid/4791
BID:4791
http://online.securityfocus.com/archive/1/273584
BUGTRAQ:20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt
CALDERA:CSSA-2002-SCO.29
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html
VULNWATCH:20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd
http://www.iss.net/security_center/static/9150.php
XF:solaris-inrarpd-code-execution(9150)
CVE-2002-0885
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
2002-08-31
2002-09-10
CVE-2002-0885
http://www.securityfocus.com/bid/4791
BID:4791
http://online.securityfocus.com/archive/1/273584
BUGTRAQ:20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt
MISC:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html
VULNWATCH:20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd
http://www.iss.net/security_center/static/9150.php
XF:solaris-inrarpd-code-execution(9150)
CVE-2002-0886
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
2002-08-31
2017-07-10
CVE-2002-0886
http://www.securityfocus.com/bid/4813
BID:4813
http://www.securityfocus.com/bid/4814
BID:4814
http://www.securityfocus.com/bid/4815
BID:4815
http://www.cisco.com/warp/public/707/CBOS-DoS.shtml
CISCO:20020523 CBOS - Improving Resilience to Denial-of-Service Attacks
http://www.iss.net/security_center/static/9151.php
XF:cisco-cbos-dhcp-dos(9151)
http://www.iss.net/security_center/static/9153.php
XF:cisco-cbos-tcpip-dos(9153)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9152
XF:cisco-cbos-telnet-cpe-dos(9152)
CVE-2002-0887
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.
2003-04-02
2003-03-24
CVE-2002-0887
http://www.securityfocus.com/bid/4875
BID:4875
http://marc.info/?l=bugtraq&m=99057164129869&w=2
BUGTRAQ:20010522 [SRT2001-10] - scoadmin /tmp issues
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt
CALDERA:CSSA-2002-SCO.22
http://www.iss.net/security_center/static/9210.php
XF:openserver-scoadmin-symlink(9210)
CVE-2002-0888
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.
2002-08-31
2002-09-10
CVE-2002-0888
http://www.securityfocus.com/bid/4841
BID:4841
http://archives.neohapsis.com/archives/bugtraq/2002-05/0230.html
BUGTRAQ:20020527 Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router
http://archives.neohapsis.com/archives/bugtraq/2002-06/0102.html
BUGTRAQ:20020612 Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router
http://www.iss.net/security_center/static/9185.php
XF:3com-officeconnect-pat-access(9185)
CVE-2002-0889
Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.
2003-04-02
2002-09-10
CVE-2002-0889
http://www.securityfocus.com/bid/4614
BID:4614
http://online.securityfocus.com/archive/1/269969
BUGTRAQ:20020428 QPopper 4.0.4 buffer overflow
CALDERA:CSSA-2002-SCO.20
http://marc.info/?l=vuln-dev&m=102003707432457&w=2
VULN-DEV:20020428 QPopper 4.0.4 buffer overflow
http://www.iss.net/security_center/static/8949.php
XF:qpopper-bulldir-bo(8949)
CVE-2002-0891
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
2003-04-02
2002-09-10
CVE-2002-0891
http://www.securityfocus.com/bid/4842
BID:4842
http://online.securityfocus.com/archive/1/274240
BUGTRAQ:20020527 Netscreen 25 unauthorised reboot issue
http://www.netscreen.com/support/ns25_reboot.html
CONFIRM:http://www.netscreen.com/support/ns25_reboot.html
http://www.iss.net/security_center/static/9186.php
XF:netscreen-screenos-username-dos(9186)
CVE-2002-0892
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
2003-04-02
2002-09-10
CVE-2002-0892
http://www.securityfocus.com/bid/4793
BID:4793
http://online.securityfocus.com/archive/1/273615
BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://www.newatlanta.com/do/findFaq?faq_id=151
CONFIRM:http://www.newatlanta.com/do/findFaq?faq_id=151
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://www.iss.net/security_center/static/9139.php
XF:servletexec-jsp10servlet-path-disclosure(9139)
CVE-2002-0893
Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.
2002-08-31
2002-09-10
CVE-2002-0893
http://www.securityfocus.com/bid/4795
BID:4795
http://online.securityfocus.com/archive/1/273615
BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://www.iss.net/security_center/static/9140.php
XF:servletexec-dotdot-directory-traversal(9140)
CVE-2002-0894
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.
2002-08-31
2002-09-10
CVE-2002-0894
http://www.securityfocus.com/bid/4796
BID:4796
http://online.securityfocus.com/archive/1/273615
BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
http://www.iss.net/security_center/static/9141.php
XF:servletexec-long-jsp-dos(9141)
CVE-2002-0895
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
2004-09-01
2002-09-10
CVE-2002-0895
http://www.securityfocus.com/bid/4792
BID:4792
http://online.securityfocus.com/archive/1/273581
BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS
http://www.iss.net/security_center/static/9138.php
XF:matuftpserver-pass-bo(9138)
CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.
2002-08-31
2002-09-10
CVE-2002-0896
http://www.securityfocus.com/bid/4746
BID:4746
http://online.securityfocus.com/archive/1/272582
BUGTRAQ:20020515 swatch bug in throttle
http://www.iss.net/security_center/static/9100.php
XF:swatch-event-reporting-failure(9100)
CVE-2002-0897
LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
2003-04-02
2003-03-24
CVE-2002-0897
http://www.securityfocus.com/bid/4820
BID:4820
http://online.securityfocus.com/archive/1/274020
BUGTRAQ:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html
VULNWATCH:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
http://www.iss.net/security_center/static/9165.php
XF:localweb2k-protection-bypass(9165)
CVE-2002-0898
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
2003-04-02
2003-03-24
CVE-2002-0898
http://www.securityfocus.com/bid/4834
BID:4834
http://online.securityfocus.com/archive/1/274202
BUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
http://www.opera.com/windows/changelog/log603.html
CONFIRM:http://www.opera.com/windows/changelog/log603.html
http://marc.info/?l=ntbugtraq&m=102256058220402&w=2
NTBUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
http://www.iss.net/security_center/static/9188.php
XF:opera-browser-file-retrieval(9188)
CVE-2002-0899
Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).
2002-08-31
2002-09-10
CVE-2002-0899
http://www.securityfocus.com/bid/4833
BID:4833
http://online.securityfocus.com/archive/1/274205
BUGTRAQ:20020527 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0084.html
VULNWATCH:20020527 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2
http://www.iss.net/security_center/static/9179.php
XF:falcon-protected-file-access(9179)
CVE-2002-0900
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
2003-04-02
2003-03-24
CVE-2002-0900
http://www.securityfocus.com/bid/4828
BID:4828
http://online.securityfocus.com/archive/1/274107
BUGTRAQ:20020524 pks public key server DOS and remote execution
http://www.rubin.ch/pgp/src/patch_buffoverflow20020525
CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525
http://www.iss.net/security_center/static/9171.php
XF:pgp-pks-search-bo(9171)
CVE-2002-0901
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.
2002-08-31
2002-09-10
CVE-2002-0901
http://www.securityfocus.com/bid/4836
BID:4836
http://www.securityfocus.com/bid/4840
BID:4840
http://online.securityfocus.com/archive/1/274215
BUGTRAQ:20020527 AMANDA security issues
http://www.iss.net/security_center/static/9181.php
XF:amanda-amindexd-bo(9181)
http://www.iss.net/security_center/static/9182.php
XF:amanda-operator-bo(9182)
CVE-2002-0902
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
2002-08-31
2002-09-10
CVE-2002-0902
http://www.securityfocus.com/bid/4858
BID:4858
http://online.securityfocus.com/archive/1/274273
BUGTRAQ:20020526 Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar
http://www.iss.net/security_center/static/9178.php
XF:phpbb-bbcode-image-css(9178)
CVE-2002-0903
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
2002-08-31
2002-09-10
CVE-2002-0903
http://www.securityfocus.com/bid/4859
BID:4859
http://online.securityfocus.com/archive/1/274269
BUGTRAQ:20020526 wbbboard 1.1.1 registration _new_users_vulnerability_
http://www.iss.net/security_center/static/9177.php
XF:burningboard-bbs-account-hijacking(9177)
CVE-2002-0904
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
2003-04-02
2002-09-10
CVE-2002-0904
http://www.securityfocus.com/bid/4883
BID:4883
http://archives.neohapsis.com/archives/bugtraq/2002-05/0259.html
BUGTRAQ:20020528 New Kismet Packages available - SayText() and suid kismet_server issues
http://www.kismetwireless.net/CHANGELOG
CONFIRM:http://www.kismetwireless.net/CHANGELOG
http://marc.info/?l=vuln-dev&m=102269718506080&w=2
VULN-DEV:20020529 New Kismet Packages available - SayText() and suid kismet_server issues
http://www.iss.net/security_center/static/9213.php
XF:kismet-saytext-command-execution(9213)
CVE-2002-0905
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
2002-08-31
2002-09-10
CVE-2002-0905
http://www.securityfocus.com/bid/4891
BID:4891
http://archives.neohapsis.com/archives/bugtraq/2002-05/0270.html
BUGTRAQ:20020529 Informix SE-7.25 /lib/sqlexec Vulnerability
http://www.iss.net/security_center/static/9219.php
XF:informix-sqlexec-bo(9219)
CVE-2002-0906
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
2003-04-02
2002-09-10
CVE-2002-0906
http://www.securityfocus.com/bid/5122
BID:5122
http://www.kb.cert.org/vuls/id/814627
CERT-VN:VU#814627
http://www.sendmail.org/8.12.5.html
CONFIRM:http://www.sendmail.org/8.12.5.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2183
OVAL:oval:org.mitre.oval:def:2183
http://www.iss.net/security_center/static/9443.php
XF:sendmail-dns-txt-bo(9443)
CVE-2002-0907
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
2002-08-31
2002-09-10
CVE-2002-0907
http://www.securityfocus.com/bid/4934
BID:4934
http://archives.neohapsis.com/archives/bugtraq/2002-06/0016.html
BUGTRAQ:20020604 SHOUTcast 1.8.9 bufferoverflow
http://www.iss.net/security_center/static/9251.php
XF:shoutcast-icy-remote-bo(9251)
CVE-2002-0908
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
2002-08-31
2002-09-10
CVE-2002-0908
http://www.securityfocus.com/bid/4760
BID:4760
http://archives.neohapsis.com/archives/bugtraq/2002-05/0214.html
BUGTRAQ:20020524 Cisco IDS Device Manager 3.1.1 Advisory
http://www.iss.net/security_center/static/9174.php
XF:cisco-ids-directory-traversal(9174)
CVE-2002-0909
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.
2002-08-31
2016-10-17
CVE-2002-0909
http://www.securityfocus.com/bid/4899
BID:4899
http://www.securityfocus.com/bid/4900
BID:4900
http://marc.info/?l=bugtraq&m=102306166201275&w=2
BUGTRAQ:20020531 Mnews 1.22 PoC exploit
http://archives.neohapsis.com/archives/bugtraq/2002-05/0287.html
BUGTRAQ:20020531 SRT Security Advisory (SRT2002-04-31-1159): Mnews
http://marc.info/?l=vuln-dev&m=102297259123103&w=2
VULN-DEV:20020531 Mnews 1.22 PoC exploit
http://www.iss.net/security_center/static/9227.php
XF:mnews-multiple-local-bo(9227)
http://www.iss.net/security_center/static/9226.php
XF:mnews-nntp-response-bo(9226)
CVE-2002-0910
Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.
2002-08-31
2002-09-10
CVE-2002-0910
http://www.securityfocus.com/bid/4816
BID:4816
http://online.securityfocus.com/archive/1/273987
BUGTRAQ:20020524 Netstd 3.07-17 multiple remote buffer overflows
http://online.securityfocus.com/archive/1/274143
BUGTRAQ:20020525 Re: Netstd 3.07-17 multiple remote buffer overflows
http://www.iss.net/security_center/static/9164.php
XF:netstd-utilities-bo(9164)
CVE-2002-0911
Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.
2003-04-02
2002-09-10
CVE-2002-0911
http://www.securityfocus.com/bid/4923
BID:4923
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt
CALDERA:CSSA-2002-024.0
http://www.iss.net/security_center/static/9240.php
XF:volution-manager-plaintext-password(9240)
CVE-2002-0912
in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.
2002-08-31
2002-09-10
CVE-2002-0912
http://www.securityfocus.com/bid/4910
BID:4910
http://www.debian.org/security/2002/dsa-129
DEBIAN:DSA-129
http://www.iss.net/security_center/static/9230.php
XF:debian-in-uucpd-dos(9230)
CVE-2002-0913
Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response.
2002-08-31
2016-10-17
CVE-2002-0913
http://www.securityfocus.com/bid/4935
BID:4935
http://archives.neohapsis.com/archives/bugtraq/2002-06/0014.html
BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp
http://marc.info/?l=vuln-dev&m=102323341407280&w=2
VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp
http://www.iss.net/security_center/static/9270.php
XF:slurp-syslog-format-string(9270)
CVE-2002-0914
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
2003-04-02
2002-09-10
CVE-2002-0914
http://www.securityfocus.com/bid/4908
BID:4908
BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw
http://sourceforge.net/project/shownotes.php?release_id=93065
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065
http://www.osvdb.org/5052
OSVDB:5052
http://www.iss.net/security_center/static/9228.php
XF:courier-mta-year-dos(9228)
CVE-2002-0915
autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
2002-08-31
2002-09-10
CVE-2002-0915
http://www.securityfocus.com/bid/4884
BID:4884
http://archives.neohapsis.com/archives/bugtraq/2002-05/0260.html
BUGTRAQ:20020528 Xandros based linux autorun -c
http://www.iss.net/security_center/static/9211.php
XF:xandros-autorun-view-files(9211)
CVE-2002-0916
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.
2003-04-02
2002-09-10
CVE-2002-0916
http://www.securityfocus.com/bid/4929
BID:4929
http://online.securityfocus.com/archive/1/275347
BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid
http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz
CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html
VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid
http://www.iss.net/security_center/static/9248.php
XF:msntauth-squid-format-string(9248)
CVE-2002-0917
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
2002-08-31
2002-09-10
CVE-2002-0917
http://www.securityfocus.com/bid/4885
BID:4885
http://online.securityfocus.com/archive/1/274727
BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9220.php
XF:cgiscript-cspassword-htpasswd-access(9220)
CVE-2002-0918
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.
2002-08-31
2002-09-10
CVE-2002-0918
http://www.securityfocus.com/bid/4887
BID:4887
http://online.securityfocus.com/archive/1/274727
BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9221.php
XF:cgiscript-cspassword-information-disclosure(9221)
CVE-2002-0919
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
2002-08-31
2002-09-10
CVE-2002-0919
http://www.securityfocus.com/bid/4888
BID:4888
http://online.securityfocus.com/archive/1/274727
BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9222.php
XF:cgiscript-cspassword-htaccess-modification(9222)
CVE-2002-0920
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
2002-08-31
2002-09-10
CVE-2002-0920
http://www.securityfocus.com/bid/4889
BID:4889
http://online.securityfocus.com/archive/1/274727
BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9223.php
XF:cgiscript-cspassword-tmpfile-access(9223)
CVE-2002-0921
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.
2002-08-31
2002-09-10
CVE-2002-0921
http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9331.php
XF:cgiscript-csnews-information-disclosure(9331)
CVE-2002-0922
CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
2002-08-31
2002-09-10
CVE-2002-0922
http://www.securityfocus.com/bid/4991
BID:4991
http://www.securityfocus.com/bid/4993
BID:4993
http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9333.php
XF:cgiscript-csnews-admin-access(9333)
http://www.iss.net/security_center/static/9332.php
XF:cgiscript-csnews-file-disclosure(9332)
CVE-2002-0923
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.
2002-08-31
2002-09-10
CVE-2002-0923
http://www.securityfocus.com/bid/4994
BID:4994
http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
http://www.iss.net/security_center/static/9333.php
XF:cgiscript-csnews-admin-access(9333)
CVE-2002-0924
CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
2002-08-31
2002-09-10
CVE-2002-0924
http://www.securityfocus.com/bid/4451
BID:4451
http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
CVE-2002-0925
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
2002-08-31
2002-09-10
CVE-2002-0925
http://www.securityfocus.com/bid/4990
BID:4990
http://www.securityfocus.com/bid/4999
BID:4999
http://online.securityfocus.com/archive/1/276523
BUGTRAQ:20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
BUGTRAQ:20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability
http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
CONFIRM:http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
CONFIRM:http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
http://www.iss.net/security_center/static/9337.php
XF:mmftpd-mmsyslog-format-string(9337)
http://www.iss.net/security_center/static/9336.php
XF:mmmail-mmsyslog-format-string(9336)
CVE-2002-0926
Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter.
2002-08-31
2005-03-27
CVE-2002-0926
http://www.securityfocus.com/bid/5035
BID:5035
http://archives.neohapsis.com/archives/bugtraq/2002-06/0174.html
BUGTRAQ:20020617 Directory Traversal in Wolfram Research's webMathematica
http://www.kb.cert.org/vuls/id/664323
CERT-VN:VU#664323
http://support.wolfram.com/webmathematica/security/fileaccess.html
CONFIRM:http://support.wolfram.com/webmathematica/security/fileaccess.html
http://www.iss.net/security_center/static/9373.php
XF:webmathematica-dot-directory-traversal(9373)
CVE-2002-0928
Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message.
2002-08-31
2002-09-10
CVE-2002-0928
http://www.securityfocus.com/bid/5079
BID:5079
http://archives.neohapsis.com/archives/bugtraq/2002-06/0256.html
BUGTRAQ:20020621 Pirch 98 Link Handling Buffer Overflow
http://www.iss.net/security_center/static/9409.php
XF:pirch-irc-link-bo(9409)
CVE-2002-0929
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
2002-08-31
2002-09-10
CVE-2002-0929
http://www.securityfocus.com/bid/5097
BID:5097
http://support.novell.com/servlet/tidfinder/2962999
CONFIRM:http://support.novell.com/servlet/tidfinder/2962999
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0126.html
VULNWATCH:20020625 [VulnWatch] cqure.net.20020604.netware_dhcpsrvr
http://www.iss.net/security_center/static/9428.php
XF:netware-dhcp-dos(9428)
CVE-2002-0930
Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.
2002-08-31
2002-09-10
CVE-2002-0930
http://www.securityfocus.com/bid/5099
BID:5099
http://online.securityfocus.com/archive/1/278689
BUGTRAQ:20020625 cqure.net.20020521.netware_nwftpd_fmtstr
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html
VULNWATCH:20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr
http://www.iss.net/security_center/static/9429.php
XF:netware-ftp-username-dos(9429)
CVE-2002-0931
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
2002-08-31
2002-09-10
CVE-2002-0931
http://www.securityfocus.com/bid/4967
BID:4967
http://www.securityfocus.com/bid/4970
BID:4970
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk
http://www.iss.net/security_center/static/9320.php
XF:myhelpdesk-index-php-xss(9320)
http://www.iss.net/security_center/static/9319.php
XF:myhelpdesk-new-ticket-xss(9319)
CVE-2002-0932
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
2002-08-31
2002-09-10
CVE-2002-0932
http://www.securityfocus.com/bid/4971
BID:4971
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk
http://www.iss.net/security_center/static/9321.php
XF:myhelpdesk-sql-injection(9321)
CVE-2002-0933
Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks.
2002-08-31
2002-09-10
CVE-2002-0933
http://www.securityfocus.com/bid/4972
BID:4972
http://archives.neohapsis.com/archives/bugtraq/2002-06/0063.html
BUGTRAQ:20020610 Datalex BookIt! Consumer Password Vulnerabilities
http://www.iss.net/security_center/static/9316.php
XF:bookit-plaintext-passwords(9316)
CVE-2002-0934
Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.
2002-08-31
2002-09-10
CVE-2002-0934
http://www.securityfocus.com/bid/4983
BID:4983
http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html
BUGTRAQ:20020610 AlienForm2 CGI script: arbitrary file read/write
http://www.iss.net/security_center/static/9325.php
XF:alienform2-directory-traversal(9325)
CVE-2002-0935
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
2003-04-02
2020-02-13
CVE-2002-0935
http://www.securityfocus.com/bid/5067
BID:5067
http://online.securityfocus.com/archive/1/277940
BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.osvdb.org/5051
OSVDB:5051
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service
http://www.iss.net/security_center/static/9396.php
XF:tomcat-null-thread-dos(9396)
CVE-2002-0936
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
2002-08-31
2020-02-13
CVE-2002-0936
http://www.securityfocus.com/bid/4995
BID:4995
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html
VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP
http://www.iss.net/security_center/static/9339.php
XF:jsp-engine-wprinterjob-dos(9339)
CVE-2002-0937
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
2002-08-31
2002-09-10
CVE-2002-0937
http://www.securityfocus.com/bid/4997
BID:4997
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html
VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP
http://www.iss.net/security_center/static/9339.php
XF:jsp-engine-wprinterjob-dos(9339)
CVE-2002-0938
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
2003-04-02
2002-09-10
CVE-2002-0938
http://www.securityfocus.com/bid/5026
BID:5026
http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html
BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0
http://online.securityfocus.com/archive/1/278222
BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0
http://www.iss.net/security_center/static/9353.php
XF:ciscosecure-web-css(9353)
CVE-2002-0939
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
2002-08-31
2002-09-10
CVE-2002-0939
http://www.securityfocus.com/bid/4729
BID:4729
http://archives.neohapsis.com/archives/bugtraq/2002-05/0103.html
BUGTRAQ:20020513 nCipher Security Advisory #3: MSCAPI CSP Install Wizard
http://www.iss.net/security_center/static/9076.php
XF:mscapi-csp-key-generation(9076)
CVE-2002-0940
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
2002-08-31
2002-09-10
CVE-2002-0940
http://www.securityfocus.com/bid/4729
BID:4729
http://archives.neohapsis.com/archives/bugtraq/2002-05/0103.html
BUGTRAQ:20020513 nCipher Security Advisory #3: MSCAPI CSP Install Wizard
http://online.securityfocus.com/archive/1/277241
BUGTRAQ:20020617 nCipher Advisory #3: MSCAPI keys erroneously module-protected - update
CVE-2002-0941
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
2003-04-02
2002-09-10
CVE-2002-0941
http://www.securityfocus.com/bid/5024
BID:5024
http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows
http://www.iss.net/security_center/static/9354.php
XF:ncipher-consolecallback-passphrase-leak(9354)
CVE-2002-0942
Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.
2002-08-31
2002-09-10
CVE-2002-0942
http://www.securityfocus.com/bid/5016
BID:5016
http://www.securityfocus.com/bid/5017
BID:5017
http://www.securityfocus.com/bid/5018
BID:5018
http://online.securityfocus.com/archive/1/277026
BUGTRAQ:20020614 Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow
http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html
BUGTRAQ:20020614 Lumigent Log Explorer 3.xx extended stored procedures buffer overflow
http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm
CONFIRM:http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm
http://www.iss.net/security_center/static/9346.php
XF:logexplorer-mssql-xplogattach-bo(9346)
CVE-2002-0943
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
2002-08-31
2002-09-10
CVE-2002-0943
http://www.securityfocus.com/bid/5042
BID:5042
http://archives.neohapsis.com/archives/bugtraq/2002-06/0200.html
BUGTRAQ:20020618 Metacart vuln.
http://www.iss.net/security_center/static/9393.php
XF:metacart2sql-insecure-database-access(9393)
CVE-2002-0944
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
2002-08-31
2003-03-24
CVE-2002-0944
http://www.securityfocus.com/bid/5047
BID:5047
http://archives.neohapsis.com/archives/bugtraq/2002-06/0207.html
BUGTRAQ:20020617 DeepMetrix LiveStats javascript injection
http://www.deepmetrix.com/log_analyzer/xsp/service/release_notes/index.asp
CONFIRM:http://www.deepmetrix.com/log_analyzer/xsp/service/release_notes/index.asp
http://www.iss.net/security_center/static/9390.php
XF:livestats-report-execute-code(9390)
CVE-2002-0945
Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
2003-04-02
2002-09-10
CVE-2002-0945
http://www.securityfocus.com/bid/4979
BID:4979
http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
http://www.seanox.de/projects.devwex.php
CONFIRM:http://www.seanox.de/projects.devwex.php
http://www.osvdb.org/5047
OSVDB:5047
http://www.iss.net/security_center/static/9298.php
XF:devwex-get-bo(9298)
CVE-2002-0946
Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request.
2003-04-02
2002-09-10
CVE-2002-0946
http://www.securityfocus.com/bid/4978
BID:4978
http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
http://www.seanox.de/projects.devwex.php
CONFIRM:http://www.seanox.de/projects.devwex.php
http://www.osvdb.org/5048
OSVDB:5048
http://www.iss.net/security_center/static/9299.php
XF:devwex-dotdot-directory-traversal(9299)
CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
2003-04-02
2003-03-24
CVE-2002-0947
http://www.securityfocus.com/bid/4848
BID:4848
http://online.securityfocus.com/archive/1/276524
BUGTRAQ:20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)
http://www.kb.cert.org/vuls/id/997403
CERT-VN:VU#997403
http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf
CONFIRM:http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf
http://www.nextgenss.com/vna/ora-reports.txt
MISC:http://www.nextgenss.com/vna/ora-reports.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html
VULNWATCH:20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)
http://www.iss.net/security_center/static/9289.php
XF:oracle-reports-server-bo(9289)
CVE-2002-0948
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.
2002-08-31
2002-09-10
CVE-2002-0948
http://www.securityfocus.com/bid/4996
BID:4996
http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html
BUGTRAQ:20020612 SSI & CSS execution in MakeBook 2.2
http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html
BUGTRAQ:20020613 Re: SSI & CSS execution in MakeBook 2.2
http://www.linguistic-funland.com/scripts/MakeBook/makebook.script
CONFIRM:http://www.linguistic-funland.com/scripts/MakeBook/makebook.script
http://www.tesol.net/scriptmail.html
CONFIRM:http://www.tesol.net/scriptmail.html
http://www.iss.net/security_center/static/9356.php
XF:makebook-name-field-validation(9356)
CVE-2002-0949
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
2002-08-31
2002-09-10
CVE-2002-0949
http://www.securityfocus.com/bid/4946
BID:4946
http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html
BUGTRAQ:20020605 Some vulnerabilities in the Telindus 11xx router series
http://www.iss.net/security_center/static/9277.php
XF:telindus-adsl-information-leak(9277)
CVE-2002-0950
Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered.
2002-08-31
2002-09-10
CVE-2002-0950
http://www.securityfocus.com/bid/5007
BID:5007
http://archives.neohapsis.com/archives/bugtraq/2002-06/0108.html
BUGTRAQ:20020613 [SNS Advisory No.54] Active! mail Executing the Script upon the Opening of a Mail Message Vulnerability
http://www.iss.net/security_center/static/9358.php
XF:activemail-script-tag-header(9358)
CVE-2002-0951
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
2002-08-31
2002-09-10
CVE-2002-0951
http://www.securityfocus.com/bid/5008
BID:5008
http://archives.neohapsis.com/archives/bugtraq/2002-06/0120.html
BUGTRAQ:20020613 [LBYTE] Ruslan Communications <BODY>Builder SQL modification
http://www.iss.net/security_center/static/9359.php
XF:bodybuilder-bypass-authentication(9359)
CVE-2002-0952
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.
2003-04-02
2002-09-10
CVE-2002-0952
http://www.securityfocus.com/bid/5058
BID:5058
http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml
CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability
http://www.iss.net/security_center/static/9377.php
XF:cisco-ons-tcc-dos(9377)
CVE-2002-0953
globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.
2003-04-02
2002-09-10
CVE-2002-0953
http://www.securityfocus.com/bid/5039
BID:5039
http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html
BUGTRAQ:20020617 PHP source injection in PHPAddress
http://online.securityfocus.com/archive/1/277987
BUGTRAQ:20020619 Source Injection into PHPAddress
http://www.iss.net/security_center/static/9379.php
XF:phpaddress-include-remote-files(9379)
CVE-2002-0954
The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
2002-08-31
2016-10-17
CVE-2002-0954
http://marc.info/?l=bugtraq&m=102651159507659&w=2
BUGTRAQ:20020712 The answer to the PIX encryption issue
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html
VULNWATCH:20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm
CVE-2002-0955
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
2002-08-31
2002-09-10
CVE-2002-0955
http://www.securityfocus.com/bid/5078
BID:5078
http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html
BUGTRAQ:20020621 [AP] YaBB Cross-Site Scripting vulnerability
http://www.iss.net/security_center/static/9408.php
XF:yabb-invalid-thread-xss(9408)
CVE-2002-0956
BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions.
2002-08-31
2002-09-10
CVE-2002-0956
http://www.securityfocus.com/bid/4950
BID:4950
http://online.securityfocus.com/archive/1/275710
BUGTRAQ:20020606 KPMG-2002019: BlackICE Agent not Firewalling After Standby
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0090.html
VULNWATCH:20020606 [VulnWatch] KPMG-2002019: BlackICE Agent not Firewalling After Standby
http://www.iss.net/security_center/static/9275.php
XF:blackice-standby-inactivate(9275)
CVE-2002-0957
The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user.
2002-08-31
2002-09-10
CVE-2002-0957
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0114.html
VULNWATCH:20020619 [VulnWatch] KPMG-2002023: BlackICE Agent Temporary Memory Buildup
http://www.iss.net/security_center/static/9405.php
XF:blackice-excessive-memory-consumption(9405)
CVE-2002-0958
Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section.
2003-04-02
2002-09-10
CVE-2002-0958
http://www.securityfocus.com/bid/4952
BID:4952
http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html
BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability
http://sourceforge.net/project/shownotes.php?release_id=91877
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877
http://www.iss.net/security_center/static/9280.php
XF:phpreactor-browse-xss(9280)
CVE-2002-0959
Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
2002-08-31
2002-09-10
CVE-2002-0959
http://www.securityfocus.com/bid/4953
BID:4953
http://online.securityfocus.com/archive/1/275744
BUGTRAQ:20020606 Splatt Forum XSS
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0091.html
VULNWATCH:20020606 [VulnWatch] Splatt Forum XSS
http://www.iss.net/security_center/static/9279.php
XF:splatt-forum-img-xss(9279)
CVE-2002-0960
Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users.
2002-08-31
2002-09-10
CVE-2002-0960
http://www.securityfocus.com/bid/4957
BID:4957
http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html
BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes
http://www.iss.net/security_center/static/9294.php
XF:cbms-php-xss(9294)
CVE-2002-0961
Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.
2002-08-31
2002-09-10
CVE-2002-0961
http://www.securityfocus.com/bid/4957
BID:4957
http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html
BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes
http://www.iss.net/security_center/static/9295.php
XF:cbms-php-sql-injection(9295)
CVE-2002-0962
Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
2002-08-31
2002-09-10
CVE-2002-0962
http://www.securityfocus.com/bid/4969
BID:4969
http://www.securityfocus.com/bid/4974
BID:4974
http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog
http://geeklog.sourceforge.net/article.php?story=20020610013358149
CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149
http://www.iss.net/security_center/static/9309.php
XF:geeklog-calendar-event-xss(9309)
http://www.iss.net/security_center/static/9310.php
XF:geeklog-index-comment-xss(9310)
CVE-2002-0963
SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
2002-08-31
2002-09-10
CVE-2002-0963
http://www.securityfocus.com/bid/4968
BID:4968
http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog
http://geeklog.sourceforge.net/article.php?story=20020610013358149
CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149
http://www.iss.net/security_center/static/9311.php
XF:geeklog-sql-injection(9311)
CVE-2002-0964
Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out.
2003-04-02
2002-09-10
CVE-2002-0964
http://www.securityfocus.com/bid/5076
BID:5076
http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html
BUGTRAQ:20020620 Half-life fake players bug
http://www.iss.net/security_center/static/9412.php
XF:halflife-mulitple-player-dos(9412)
CVE-2002-0965
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
2003-04-02
2003-03-24
CVE-2002-0965
http://www.securityfocus.com/bid/4845
BID:4845
http://online.securityfocus.com/archive/1/276526
BUGTRAQ:20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)
http://www.kb.cert.org/vuls/id/630091
CERT-VN:VU#630091
http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html
VULNWATCH:20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)
http://www.iss.net/security_center/static/9288.php
XF:oracle-listener-servicename-bo(9288)
CVE-2002-0966
Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request.
2002-08-31
2002-09-10
CVE-2002-0966
http://www.securityfocus.com/bid/5045
BID:5045
http://archives.neohapsis.com/archives/bugtraq/2002-06/0208.html
BUGTRAQ:20020618 4D 6.7 DOS and Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/9374.php
XF:4d-long-http-bo(9374)
CVE-2002-0967
Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL.
2003-04-02
2006-08-15
CVE-2002-0967
http://www.securityfocus.com/bid/4951
BID:4951
http://online.securityfocus.com/archive/1/275708
BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow
http://www.edonkey2000.com/
CONFIRM:http://www.edonkey2000.com/
http://www.osvdb.org/5042
OSVDB:5042
http://www.iss.net/security_center/static/9278.php
XF:edonkey2000-ed2k-filename-bo(9278)
CVE-2002-0968
Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.
2003-04-02
2002-09-10
CVE-2002-0968
http://www.securityfocus.com/bid/5006
BID:5006
http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html
BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16
http://marc.info/?l=bugtraq&m=102563702928443&w=2
BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16
http://www.analogx.com/contents/download/network/sswww.htm
CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
http://www.osvdb.org/3780
OSVDB:3780
http://www.iss.net/security_center/static/9338.php
XF:analogx-simpleserver-at-dos(9338)
CVE-2002-0969
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
2004-09-01
2004-07-24
CVE-2002-0969
http://www.securityfocus.com/bid/5853
BID:5853
http://marc.info/?l=bugtraq&m=103358628011935&w=2
BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
http://www.iss.net/security_center/static/10243.php
XF:mysql-myini-datadir-bo(10243)
CVE-2002-0970
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
2004-09-01
2004-08-17
CVE-2002-0970
http://www.securityfocus.com/bid/5410
BID:5410
http://marc.info/?l=bugtraq&m=102918241005893&w=2
BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too)
http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html
BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
CALDERA:CSSA-2002-047.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519
CONECTIVA:CLA-2002:519
http://www.kde.org/info/security/advisory-20020818-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt
http://www.debian.org/security/2002/dsa-155
DEBIAN:DSA-155
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058
MANDRAKE:MDKSA-2002:058
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.redhat.com/support/errata/RHSA-2002-221.html
REDHAT:RHSA-2002:221
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
XF:ssl-ca-certificate-spoofing(9776)
CVE-2002-0971
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
2002-08-23
2016-10-17
CVE-2002-0971
http://www.securityfocus.com/bid/5530
BID:5530
http://marc.info/?l=bugtraq&m=102994289123085&w=2
BUGTRAQ:20020821 Win32 API 'shatter' vulnerability found in VNC-based products
http://www.iss.net/security_center/static/9979.php
XF:vnc-win32-messaging-privileges(9979)
CVE-2002-0972
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.
2002-08-23
2016-10-17
CVE-2002-0972
http://marc.info/?l=bugtraq&m=102987608300785&w=2
BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
CVE-2002-0973
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
2002-08-23
2016-10-17
CVE-2002-0973
http://www.securityfocus.com/bid/5493
BID:5493
http://marc.info/?l=bugtraq&m=102976839728706&w=2
FREEBSD:FreeBSD-SA-02:38
http://www.iss.net/security_center/static/9903.php
XF:freebsd-negative-system-call-bo(9903)
CVE-2002-0974
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
2004-09-01
2004-08-17
CVE-2002-0974
http://www.securityfocus.com/bid/5478
BID:5478
http://marc.info/?l=bugtraq&m=102942549832077&w=2
BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-060
MS:MS02-060
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q328940
MSKB:Q328940
http://www.osvdb.org/3001
OSVDB:3001
http://www.iss.net/security_center/static/9878.php
XF:winxp-helpctr-delete-files(9878)
CVE-2002-0975
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
2002-08-23
2016-10-17
CVE-2002-0975
http://www.securityfocus.com/bid/5489
BID:5489
http://marc.info/?l=bugtraq&m=102953851705859&w=2
BUGTRAQ:20020816 Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample
http://www.iss.net/security_center/static/9877.php
XF:ms-directx-files-viewer-bo(9877)
CVE-2002-0976
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
2002-08-23
2016-10-17
CVE-2002-0976
http://www.securityfocus.com/bid/5490
BID:5490
http://marc.info/?l=bugtraq&m=102960731805373&w=2
BUGTRAQ:20020817 Internet explorer can read local files
http://www.iss.net/security_center/static/9885.php
XF:ie-xml-read-files(9885)
CVE-2002-0977
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
2002-08-23
2002-08-31
CVE-2002-0977
http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html
BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download]
CVE-2002-0978
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
2002-08-23
2002-08-31
CVE-2002-0978
http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html
BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download]
CVE-2002-0979
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.
2002-08-23
2016-10-17
CVE-2002-0979
http://www.securityfocus.com/bid/5491
BID:5491
http://marc.info/?l=bugtraq&m=102961031107261&w=2
BUGTRAQ:20020817 Enableing java logging in MSIE is dangerous
http://www.iss.net/security_center/static/9886.php
XF:ie-javalogging-code-execution(9886)
CVE-2002-0980
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
2002-08-23
2018-10-12
CVE-2002-0980
http://www.securityfocus.com/bid/5473
BID:5473
http://marc.info/?l=bugtraq&m=102942234427691&w=2
BUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-014
MS:MS03-014
http://marc.info/?l=ntbugtraq&m=102937705527922&w=2
NTBUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
http://marc.info/?l=vuln-dev&m=102943486811091&w=2
VULN-DEV:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
http://www.iss.net/security_center/static/9881.php
XF:ie-webfolder-script-injection(9881)
CVE-2002-0981
Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.
2003-04-02
2003-03-24
CVE-2002-0981
http://www.securityfocus.com/bid/5551
BID:5551
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt
CALDERA:CSSA-2002-SCO.36
http://www.iss.net/security_center/static/9945.php
XF:openunix-unixware-ndcfg-bo(9945)
CVE-2002-0982
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
2002-08-23
2016-10-17
CVE-2002-0982
http://marc.info/?l=bugtraq&m=103004505027360&w=2
BUGTRAQ:20020822 Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)
CVE-2002-0983
IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
2002-08-24
2017-07-10
CVE-2002-0983
http://www.securityfocus.com/bid/5055
BID:5055
http://www.debian.org/security/2002/dsa-157
DEBIAN:DSA-157
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc
FREEBSD:FreeBSD-SN-02:05
https://exchange.xforce.ibmcloud.com/vulnerabilities/9395
XF:irssi-long-topic-dos(9395)
CVE-2002-0984
The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code.
2003-04-02
2003-03-24
CVE-2002-0984
http://www.securityfocus.com/bid/5555
BID:5555
http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html
BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution
http://www.debian.org/security/2002/dsa-156
DEBIAN:DSA-156
http://www.iss.net/security_center/static/9943.php
XF:light-channel-execute-script(9943)
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
2004-09-01
2007-11-12
CVE-2002-0985
http://marc.info/?l=bugtraq&m=103011916928204&w=2
BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
http://marc.info/?l=bugtraq&m=105760591228031&w=2
BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
CALDERA:CSSA-2003-008.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
CONECTIVA:CLA-2002:545
http://www.debian.org/security/2002/dsa-168
DEBIAN:DSA-168
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
MANDRAKE:MDKSA-2003:082
http://www.osvdb.org/2111
OSVDB:2111
http://www.redhat.com/support/errata/RHSA-2002-213.html
REDHAT:RHSA-2002:213
http://www.redhat.com/support/errata/RHSA-2002-214.html
REDHAT:RHSA-2002:214
http://www.redhat.com/support/errata/RHSA-2002-243.html
REDHAT:RHSA-2002:243
http://www.redhat.com/support/errata/RHSA-2002-244.html
REDHAT:RHSA-2002:244
http://www.redhat.com/support/errata/RHSA-2002-248.html
REDHAT:RHSA-2002:248
http://www.redhat.com/support/errata/RHSA-2003-159.html
REDHAT:RHSA-2003:159
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
SUSE:SuSE-SA:2002:036
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966
XF:php-mail-safemode-bypass(9966)
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
2004-09-01
2007-11-12
CVE-2002-0986
http://www.securityfocus.com/bid/5562
BID:5562
http://marc.info/?l=bugtraq&m=103011916928204&w=2
BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
http://marc.info/?l=bugtraq&m=105760591228031&w=2
BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
CALDERA:CSSA-2003-008.0
http://www.kb.cert.org/vuls/id/410609
CERT-VN:VU#410609
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
CONECTIVA:CLA-2002:545
http://www.debian.org/security/2002/dsa-168
DEBIAN:DSA-168
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
MANDRAKE:MDKSA-2003:082
http://www.osvdb.org/2160
OSVDB:2160
http://www.redhat.com/support/errata/RHSA-2002-213.html
REDHAT:RHSA-2002:213
http://www.redhat.com/support/errata/RHSA-2002-214.html
REDHAT:RHSA-2002:214
http://www.redhat.com/support/errata/RHSA-2002-243.html
REDHAT:RHSA-2002:243
http://www.redhat.com/support/errata/RHSA-2002-244.html
REDHAT:RHSA-2002:244
http://www.redhat.com/support/errata/RHSA-2002-248.html
REDHAT:RHSA-2002:248
http://www.redhat.com/support/errata/RHSA-2003-159.html
REDHAT:RHSA-2003:159
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
SUSE:SuSE-SA:2002:036
https://exchange.xforce.ibmcloud.com/vulnerabilities/9959
XF:php-mail-ascii-injection(9959)
CVE-2002-0987
X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.
2003-04-02
2003-03-24
CVE-2002-0987
http://www.securityfocus.com/bid/5575
BID:5575
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
CALDERA:CSSA-2002-SCO.38
http://www.osvdb.org/5044
OSVDB:5044
http://www.iss.net/security_center/static/9976.php
XF:openunix-unixware-xsco-privileges(9976)
CVE-2002-0988
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.
2003-04-02
2003-03-24
CVE-2002-0988
http://www.securityfocus.com/bid/5577
BID:5577
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
CALDERA:CSSA-2002-SCO.38
http://www.iss.net/security_center/static/9977.php
XF:openunix-unixware-xsco-bo(9977)
CVE-2002-0989
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.
2003-04-02
2003-03-24
CVE-2002-0989
http://www.securityfocus.com/bid/5574
BID:5574
http://marc.info/?l=bugtraq&m=103046442403404&w=2
BUGTRAQ:20020827 GLSA: gaim
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521
CONECTIVA:CLA-2002:521
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728
http://gaim.sourceforge.net/ChangeLog
CONFIRM:http://gaim.sourceforge.net/ChangeLog
http://www.debian.org/security/2002/dsa-158
DEBIAN:DSA-158
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc
FREEBSD:FreeBSD-SN-02:06
http://online.securityfocus.com/advisories/4471
HP:HPSBTL0209-067
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054
MANDRAKE:MDKSA-2002:054
http://www.osvdb.org/5033
OSVDB:5033
http://www.redhat.com/support/errata/RHSA-2002-189.html
REDHAT:RHSA-2002:189
http://www.redhat.com/support/errata/RHSA-2002-190.html
REDHAT:RHSA-2002:190
http://www.redhat.com/support/errata/RHSA-2002-191.html
REDHAT:RHSA-2002:191
http://www.redhat.com/support/errata/RHSA-2003-156.html
REDHAT:RHSA-2003:156
http://www.iss.net/security_center/static/9978.php
XF:gaim-url-handler-command-execution(9978)
CVE-2002-0990
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.
2004-09-01
2003-02-26
CVE-2002-0990
http://www.securityfocus.com/bid/5958
BID:5958
http://marc.info/?l=bugtraq&m=103463869503124&w=2
BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
http://www.iss.net/security_center/static/10364.php
XF:simple-webserver-url-dos(10364)
CVE-2002-0991
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
2002-08-31
2002-09-10
CVE-2002-0991
http://www.securityfocus.com/bid/5088
BID:5088
http://archives.neohapsis.com/archives/bugtraq/2002-06/0300.html
BUGTRAQ:20020624 Sharity Cifslogin Buffer Overflow (arguments)
http://archives.neohapsis.com/archives/hp/2002-q3/0016.html
HP:HPSBUX0207-200
http://www.iss.net/security_center/static/9431.php
XF:hp-cifs-login-bo(9431)
CVE-2002-0992
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
2002-08-31
2002-09-10
CVE-2002-0992
http://www.securityfocus.com/bid/5143
BID:5143
http://online.securityfocus.com/advisories/4258
HP:HPSBUX0207-196
http://www.iss.net/security_center/static/9475.php
XF:hp-ipv6-dce-dos(9475)
CVE-2002-0993
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files.
2002-08-31
2017-07-18
CVE-2002-0993
http://www.securityfocus.com/bid/5267
BID:5267
http://archives.neohapsis.com/archives/hp/2002-q3/0023.html
HP:HPSBUX0207-201
http://www.iss.net/security_center/static/9620.php
XF:hp-isee-unauth-access(9620)
CVE-2002-0994
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
2002-08-31
2002-09-10
CVE-2002-0994
http://www.securityfocus.com/bid/5146
BID:5146
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html
VULNWATCH:20020703 SunPCi II VNC weak authentication scheme vulnerability
http://www.iss.net/security_center/static/9476.php
XF:sunpci-vnc-weak-authentication(9476)
CVE-2002-0995
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
2003-04-02
2002-09-10
CVE-2002-0995
http://www.securityfocus.com/bid/5141
BID:5141
http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
BUGTRAQ:20020702 PHPAuction bug
http://www.phpauction.org/viewnew.php?id=5
CONFIRM:http://www.phpauction.org/viewnew.php?id=5
http://www.iss.net/security_center/static/9462.php
XF:phpauction-admin-account-creation(9462)
CVE-2002-0996
Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb.
2002-08-31
2002-09-10
CVE-2002-0996
http://www.securityfocus.com/bid/5230
BID:5230
http://www.securityfocus.com/bid/5231
BID:5231
http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html
BUGTRAQ:20020715 pwc.20020630.nims_modweb.b
http://support.novell.com/servlet/tidfinder/2963051
CONFIRM:http://support.novell.com/servlet/tidfinder/2963051
http://www.iss.net/security_center/static/9560.php
XF:netmail-web-interface-bo(9560)
CVE-2002-0997
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
2002-08-31
2002-09-10
CVE-2002-0997
http://www.securityfocus.com/bid/5232
BID:5232
http://archives.neohapsis.com/archives/bugtraq/2002-07/0152.html
BUGTRAQ:20020715 pwc.20020630.nims_3.0.3_imapd.a
http://support.novell.com/servlet/tidfinder/2962974
CONFIRM:http://support.novell.com/servlet/tidfinder/2962974
http://www.iss.net/security_center/static/9559.php
XF:netmail-imap-dos(9559)
CVE-2002-0998
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
2002-08-31
2002-09-10
CVE-2002-0998
http://www.securityfocus.com/bid/5218
BID:5218
http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html
BUGTRAQ:20020712 Several problems in CARE 2002
http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
http://www.iss.net/security_center/static/9552.php
XF:care2002-include-read-files(9552)
CVE-2002-0999
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.
2002-08-31
2002-09-10
CVE-2002-0999
http://www.securityfocus.com/bid/5219
BID:5219
http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html
BUGTRAQ:20020712 Several problems in CARE 2002
http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
http://www.iss.net/security_center/static/9553.php
XF:care2002-sql-injection(9553)
CVE-2002-1000
Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001.
2003-04-02
2002-09-10
CVE-2002-1000
http://www.securityfocus.com/bid/5104
BID:5104
http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html
BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
http://www.analogx.com/contents/download/network/ssshout.htm
CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm
http://www.osvdb.org/3782
OSVDB:3782
http://www.iss.net/security_center/static/9427.php
XF:analogx-simpleserver-shout-bo(9427)
CVE-2002-1001
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
2002-08-31
2002-09-10
CVE-2002-1001
http://www.securityfocus.com/bid/5138
BID:5138
http://www.securityfocus.com/bid/5139
BID:5139
http://archives.neohapsis.com/archives/bugtraq/2002-07/0006.html
BUGTRAQ:20020701 Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)
http://www.analogx.com/contents/download/network/proxy.htm
CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
http://www.iss.net/security_center/static/9455.php
XF:analogx-proxy-http-bo(9455)
http://www.iss.net/security_center/static/9456.php
XF:analogx-proxy-socks4a-bo(9456)
CVE-2002-1002
Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.
2003-04-02
2002-09-10
CVE-2002-1002
http://www.securityfocus.com/bid/5117
BID:5117
http://online.securityfocus.com/archive/1/279683
BUGTRAQ:20020627 Cluestick Advisory #001
http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html
BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack
http://www.iss.net/security_center/static/9444.php
XF:netware-imanage-username-dos(9444)
CVE-2002-1003
Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2002-08-31
2002-09-10
CVE-2002-1003
http://www.securityfocus.com/bid/5184
BID:5184
http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html
BUGTRAQ:20020708 Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)
http://www.iss.net/security_center/static/9501.php
XF:mywebserver-long-url-bo(9501)
CVE-2002-1004
Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
2003-04-02
2002-09-10
CVE-2002-1004
http://www.securityfocus.com/bid/5144
BID:5144
http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
http://www.argosoft.com/applications/mailserver/changelist.asp
CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp
http://www.iss.net/security_center/static/9477.php
XF:argosoft-dotdot-directory-traversal(9477)
CVE-2002-1005
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop.
2002-08-31
2002-09-10
CVE-2002-1005
http://www.securityfocus.com/bid/5395
BID:5395
http://archives.neohapsis.com/archives/bugtraq/2002-07/0515.html
BUGTRAQ:20020804 Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS
http://www.iss.net/security_center/static/9759.php
XF:argosoft-autoresponse-dos(9759)
CVE-2002-1006
Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.
2003-04-02
2003-03-24
CVE-2002-1006
http://www.securityfocus.com/bid/5135
BID:5135
http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html
BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln
http://www.bbc.co.uk/education/betsie/parser.pl.txt
CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt
http://www.iss.net/security_center/static/9468.php
XF:betsie-parserl-xss(9468)
CVE-2002-1007
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi.
2002-08-31
2002-09-10
CVE-2002-1007
http://www.securityfocus.com/bid/5137
BID:5137
http://archives.neohapsis.com/archives/bugtraq/2002-07/0005.html
BUGTRAQ:20020701 CSS in blackboard
http://www.iss.net/security_center/static/9467.php
XF:blackboard-login-xss(9467)
CVE-2002-1008
Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request.
2002-08-31
2002-09-10
CVE-2002-1008
http://www.securityfocus.com/bid/5115
BID:5115
http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html
BUGTRAQ:20020626 ALERT: Lil'HTTP Server (Summit Computer Networks)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html
BUGTRAQ:20020708 Technical Details of Urlcount.cgi Vulnerability
http://www.iss.net/security_center/static/9445.php
XF:lilhttp-report-urlcount-xss(9445)
CVE-2002-1009
Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.
2002-08-31
2002-09-10
CVE-2002-1009
http://www.securityfocus.com/bid/5211
BID:5211
http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html
BUGTRAQ:20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability
http://www.iss.net/security_center/static/9548.php
XF:lilhttp-pbcgi-xss(9548)
CVE-2002-1010
Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers.
2002-08-31
2002-09-10
CVE-2002-1010
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html
VULNWATCH:20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...
CVE-2002-1011
Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
2002-08-31
2002-09-10
CVE-2002-1011
http://www.securityfocus.com/bid/5235
BID:5235
http://online.securityfocus.com/archive/1/282292
BUGTRAQ:20020715 Tivoli TMF Endpoint Buffer Overflow
http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0023.html
VULNWATCH:20020715 Tivoli TMF Endpoint Buffer Overflow
http://www.iss.net/security_center/static/9555.php
XF:tivoli-tmr-endpoint-bo(9555)
CVE-2002-1012
Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
2002-08-31
2002-09-10
CVE-2002-1012
http://www.securityfocus.com/bid/5233
BID:5233
http://online.securityfocus.com/archive/1/282283
BUGTRAQ:20020715 Tivoli TMF ManagedNode Buffer Overflow
http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0024.html
VULNWATCH:20020715 Tivoli TMF ManagedNode Buffer Overflow
http://www.iss.net/security_center/static/9556.php
XF:tivoli-tmr-managednode-bo(9556)
CVE-2002-1013
Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
2003-04-02
2002-09-10
CVE-2002-1013
http://www.securityfocus.com/bid/5098
BID:5098
http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html
BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow
http://support.inktomi.com/kb/070202-003.html
CONFIRM:http://support.inktomi.com/kb/070202-003.html
http://www.iss.net/security_center/static/9465.php
XF:inktomi-trafficserver-manager-bo(9465)
CVE-2002-1014
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
2003-04-02
2002-09-10
CVE-2002-1014
http://www.securityfocus.com/bid/5217
BID:5217
http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html
BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow
http://www.kb.cert.org/vuls/id/843667
CERT-VN:VU#843667
http://service.real.com/help/faq/security/bufferoverrun07092002.html
CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
http://www.iss.net/security_center/static/9538.php
XF:realplayer-rjs-controlnimage-bo(9538)
CVE-2002-1015
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
2003-04-02
2002-09-10
CVE-2002-1015
http://www.securityfocus.com/bid/5210
BID:5210
http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
http://www.kb.cert.org/vuls/id/888547
CERT-VN:VU#888547
http://service.real.com/help/faq/security/bufferoverrun07092002.html
CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
http://www.iss.net/security_center/static/9539.php
XF:realplayer-rjs-file-download(9539)
CVE-2002-1016
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.
2002-08-31
2005-03-18
CVE-2002-1016
http://www.securityfocus.com/bid/5273
BID:5273
http://www.kb.cert.org/vuls/id/438867
CERT-VN:VU#438867
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000177.html
FULLDISC:20020719 Vulnerability found: Adobe Acrobat eBook Reader and Content Server
http://www.iss.net/security_center/static/9634.php
XF:adobe-ebook-bypass-restrictions(9634)
CVE-2002-1017
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.
2002-08-31
2002-09-10
CVE-2002-1017
http://www.securityfocus.com/bid/5358
BID:5358
http://online.securityfocus.com/archive/1/285093
BUGTRAQ:20020730 Vulnerability: protected Adobe eBooks can be copied between computers
http://www.iss.net/security_center/static/9740.php
XF:adobe-ebook-bypass-activation(9740)
CVE-2002-1018
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.
2002-08-31
2016-10-17
CVE-2002-1018
http://marc.info/?l=vuln-dev&m=102650064028760&w=2
BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
http://marc.info/?l=vuln-dev&m=102649215618643&w=2
VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
CVE-2002-1019
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
2002-08-31
2016-10-17
CVE-2002-1019
http://marc.info/?l=vuln-dev&m=102650064028760&w=2
BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
http://marc.info/?l=vuln-dev&m=102649215618643&w=2
VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
CVE-2002-1020
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available.
2002-08-31
2016-10-17
CVE-2002-1020
http://marc.info/?l=vuln-dev&m=102650064028760&w=2
BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
http://marc.info/?l=vuln-dev&m=102649215618643&w=2
VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
CVE-2002-1021
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
2002-08-31
2002-09-10
CVE-2002-1021
http://www.securityfocus.com/bid/5226
BID:5226
http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
BUGTRAQ:20020712 Three BadBlue Vulnerabilities
http://www.iss.net/security_center/static/9557.php
XF:badblue-null-file-disclosure(9557)
CVE-2002-1022
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
2002-08-31
2005-06-27
CVE-2002-1022
http://www.securityfocus.com/bid/5228
BID:5228
http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
BUGTRAQ:20020712 Three BadBlue Vulnerabilities
http://www.iss.net/security_center/static/9558.php
XF:badblue-plaintext-passwords(9558)
CVE-2002-1023
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
2002-08-31
2005-06-27
CVE-2002-1023
http://www.securityfocus.com/bid/5187
BID:5187
http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html
BUGTRAQ:20020709 ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
BUGTRAQ:20020712 Three BadBlue Vulnerabilities
http://www.iss.net/security_center/static/9528.php
XF:badblue-get-dos(9528)
CVE-2002-1024
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).
2003-04-02
2009-03-01
CVE-2002-1024
http://www.securityfocus.com/bid/5114
BID:5114
http://www.kb.cert.org/vuls/id/290140
CERT-VN:VU#290140
http://www.cisco.com/warp/public/707/SSH-scanning.shtml
CISCO:20020627 Scanning for SSH Can Cause a Crash
http://www.iss.net/security_center/static/9437.php
XF:cisco-ssh-scan-dos(9437)
CVE-2002-1025
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
2003-04-02
2002-09-10
CVE-2002-1025
http://www.securityfocus.com/bid/5134
BID:5134
http://online.securityfocus.com/archive/1/280062
BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://www.osvdb.org/5028
OSVDB:5028
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure
http://www.iss.net/security_center/static/9459.php
XF:jrun-null-view-source(9459)
CVE-2002-1026
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
2002-08-31
2002-09-10
CVE-2002-1026
http://www.securityfocus.com/bid/5132
BID:5132
http://online.securityfocus.com/archive/1/280079
BUGTRAQ:20020701 KPMG-2002028: Sitespring Server Denial of Service
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0140.html
VULNWATCH:20020701 [VulnWatch] KPMG-2002028: Sitespring Server Denial of Service
http://www.iss.net/security_center/static/9458.php
XF:sitespring-sybase-dos(9458)
CVE-2002-1027
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
2002-08-31
2002-09-10
CVE-2002-1027
http://www.securityfocus.com/bid/5249
BID:5249
http://online.securityfocus.com/archive/1/282742
BUGTRAQ:20020717 KPMG-2002032: Macromedia Sitespring Cross Site Scripting
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html
VULNWATCH:20020717 [VulnWatch] KPMG-2002032: Macromedia Sitespring Cross Site Scripting
http://www.iss.net/security_center/static/9588.php
XF:sitespring-500error-xss(9588)
CVE-2002-1028
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.
2002-08-31
2002-09-10
CVE-2002-1028
http://www.securityfocus.com/bid/5248
BID:5248
http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html
BUGTRAQ:20020716 Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability
http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:
MISC:http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:
http://www.iss.net/security_center/static/9585.php
XF:oddsock-song-requester-dos(9585)
CVE-2002-1029
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
2002-08-31
2006-09-24
CVE-2002-1029
http://www.securityfocus.com/bid/5169
BID:5169
http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html
BUGTRAQ:20020704 Worldspan DoS
http://www.osvdb.org/14478
OSVDB:14478
http://www.iss.net/security_center/static/9490.php
XF:worldspan-res-manager-dos(9490)
CVE-2002-1030
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
2003-04-02
2002-09-10
CVE-2002-1030
http://www.securityfocus.com/bid/5159
BID:5159
http://online.securityfocus.com/archive/1/281046
BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html
VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
http://www.iss.net/security_center/static/9486.php
XF:weblogic-race-condition-dos(9486)
CVE-2002-1031
KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character.
2003-04-02
2002-09-10
CVE-2002-1031
http://www.securityfocus.com/bid/5177
BID:5177
http://online.securityfocus.com/archive/1/281102
BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content
http://www.keyfocus.net/kfws/support/
CONFIRM:http://www.keyfocus.net/kfws/support/
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html
VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content
http://www.iss.net/security_center/static/9500.php
XF:kfwebserver-null-view-dir(9500)
CVE-2002-1032
Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header.
2002-08-31
2002-09-10
CVE-2002-1032
http://www.keyfocus.net/kfws/support/
CONFIRM:http://www.keyfocus.net/kfws/support/
CVE-2002-1033
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
2002-08-31
2002-09-10
CVE-2002-1033
http://www.securityfocus.com/bid/5209
BID:5209
http://online.securityfocus.com/archive/1/281786
BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
http://www.iss.net/security_center/static/9549.php
XF:sun-irunbook-information-disclosure(9549)
CVE-2002-1034
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
2002-08-31
2002-09-10
CVE-2002-1034
http://www.securityfocus.com/bid/5209
BID:5209
http://online.securityfocus.com/archive/1/281786
BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
http://www.iss.net/security_center/static/9549.php
XF:sun-irunbook-information-disclosure(9549)
CVE-2002-1035
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number.
2003-04-02
2002-09-10
CVE-2002-1035
http://www.securityfocus.com/bid/5136
BID:5136
http://online.securityfocus.com/archive/1/280132
BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09
http://www.osvdb.org/5000
OSVDB:5000
http://www.iss.net/security_center/static/9457.php
XF:omnihttpd-http-version-bo(9457)
CVE-2002-1036
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters.
2002-08-31
2002-09-10
CVE-2002-1036
http://www.securityfocus.com/bid/5199
BID:5199
http://archives.neohapsis.com/archives/bugtraq/2002-07/0094.html
BUGTRAQ:20020710 RE: XSS Hole in Fluid Dynamics Search engine
http://archives.neohapsis.com/archives/bugtraq/2002-07/0096.html
BUGTRAQ:20020710 XSS Hole in Fluid Dynamics search Engine
http://www.xav.com/scripts/search/changes.htm#4
CONFIRM:http://www.xav.com/scripts/search/changes.htm#4
http://www.iss.net/security_center/static/9533.php
XF:fd-search-xss(9533)
CVE-2002-1037
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
2002-08-31
2016-10-17
CVE-2002-1037
http://www.securityfocus.com/bid/5182
BID:5182
http://marc.info/?l=bugtraq&m=102668783632589&w=2
BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
http://dcl.sourceforge.net/index.php
CONFIRM:http://dcl.sourceforge.net/index.php
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
http://www.iss.net/security_center/static/9532.php
XF:dcl-html-injection(9532)
CVE-2002-1038
Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features.
2002-08-31
2016-10-17
CVE-2002-1038
http://marc.info/?l=bugtraq&m=102668783632589&w=2
BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
http://dcl.sourceforge.net/index.php
CONFIRM:http://dcl.sourceforge.net/index.php
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
http://www.iss.net/security_center/static/9742.php
XF:dcl-file-upload(9742)
CVE-2002-1039
Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature.
2003-04-02
2002-09-10
CVE-2002-1039
http://marc.info/?l=bugtraq&m=102668783632589&w=2
BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
http://dcl.sourceforge.net/index.php
CONFIRM:http://dcl.sourceforge.net/index.php
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
http://www.iss.net/security_center/static/9743.php
XF:dcl-dotdot-directory-traversal(9743)
CVE-2002-1040
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
2002-08-31
2002-09-10
CVE-2002-1040
http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
AIXAPAR:IY29749
CVE-2002-1041
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
2002-08-31
2002-09-10
CVE-2002-1041
http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
AIXAPAR:IY23359
http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
AIXAPAR:IY29579
CVE-2002-1042
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
2002-08-31
2002-09-10
CVE-2002-1042
http://www.securityfocus.com/bid/5191
BID:5191
http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
BUGTRAQ:20020709 iPlanet Remote File Viewing
http://www.iss.net/security_center/static/9517.php
XF:iplanet-search-view-files(9517)
CVE-2002-1043
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t").
2002-08-31
2002-09-10
CVE-2002-1043
http://www.securityfocus.com/bid/5212
BID:5212
http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
BUGTRAQ:20020711 Popcorn vulnerabilities
http://www.iss.net/security_center/static/9547.php
XF:popcorn-mail-dos(9547)
CVE-2002-1044
Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field.
2002-08-31
2002-09-10
CVE-2002-1044
http://www.securityfocus.com/bid/5212
BID:5212
http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
BUGTRAQ:20020711 Popcorn vulnerabilities
http://www.iss.net/security_center/static/9547.php
XF:popcorn-mail-dos(9547)
CVE-2002-1045
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.
2002-08-31
2002-09-10
CVE-2002-1045
http://www.securityfocus.com/bid/5212
BID:5212
http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
BUGTRAQ:20020711 Popcorn vulnerabilities
http://www.iss.net/security_center/static/9547.php
XF:popcorn-mail-dos(9547)
CVE-2002-1046
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.
2003-04-02
2003-03-24
CVE-2002-1046
http://www.securityfocus.com/bid/5186
BID:5186
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html
VULNWATCH:20020709 KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
http://www.iss.net/security_center/static/9509.php
XF:firebox-dvcp-dos(9509)
CVE-2002-1047
The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name.
2002-08-31
2002-09-10
CVE-2002-1047
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html
VULNWATCH:20020701 [VulnWatch] KPMG-2002027: Watchguard Soho FTP authentication flaw
http://www.iss.net/security_center/static/9511.php
XF:firebox-soho-ftp-insecure(9511)
CVE-2002-1048
HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.
2002-08-31
2007-10-31
CVE-2002-1048
http://www.securityfocus.com/bid/5331
BID:5331
http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html
BUGTRAQ:20020727 Phenoelit Advisory #0815 +-+
http://www.kb.cert.org/vuls/id/377003
CERT-VN:VU#377003
http://www.iss.net/security_center/static/9693.php
XF:hp-jetdirect-snmp-read(9693)
CVE-2002-1049
Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.
2003-04-02
2003-03-24
CVE-2002-1049
http://www.securityfocus.com/bid/5348
BID:5348
http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300
CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300
http://www.debian.org/security/2002/dsa-148
DEBIAN:DSA-148
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055
MANDRAKE:MDKSA-2002:055
http://www.osvdb.org/5002
OSVDB:5002
http://www.novell.com/linux/security/advisories/2002_035_hylafax.html
SUSE:SuSE-SA:2002:035
http://www.iss.net/security_center/static/9728.php
XF:hylafax-faxgetty-tsi-dos(9728)
CVE-2002-1050
Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
2003-04-02
2003-03-24
CVE-2002-1050
http://www.securityfocus.com/bid/5349
BID:5349
http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312
CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312
http://www.debian.org/security/2002/dsa-148
DEBIAN:DSA-148
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055
MANDRAKE:MDKSA-2002:055
http://www.novell.com/linux/security/advisories/2002_035_hylafax.html
SUSE:SuSE-SA:2002:035
http://www.iss.net/security_center/static/9729.php
XF:hylafax-faxgetty-image-bo(9729)
CVE-2002-1051
Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.
2003-04-02
2002-09-10
CVE-2002-1051
http://www.securityfocus.com/bid/4956
BID:4956
http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD
http://marc.info/?l=bugtraq&m=102737546927749&w=2
BUGTRAQ:20020721 Nanog traceroute format string exploit.
http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
BUGTRAQ:20020723 Re: Nanog traceroute format string exploit.
http://marc.info/?l=bugtraq&m=102753136231920&w=2
BUGTRAQ:20020724 Re: Nanog traceroute format string exploit.
http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html
SUSE:SuSE-SA:2000:041
http://www.iss.net/security_center/static/9291.php
XF:tracesroute-t-format-string(9291)
CVE-2002-1052
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
2002-08-31
2016-10-17
CVE-2002-1052
http://www.securityfocus.com/bid/5251
BID:5251
http://www.securityfocus.com/bid/5258
BID:5258
http://marc.info/?l=bugtraq&m=102691753204392&w=2
BUGTRAQ:20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure
http://marc.info/?l=bugtraq&m=102692936820193&w=2
BUGTRAQ:20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html
VULNWATCH:20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html
VULNWATCH:20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS
http://www.iss.net/security_center/static/9586.php
XF:jigsaw-aux-path-disclosure(9586)
http://www.iss.net/security_center/static/9587.php
XF:jigsaw-dos-device-dos(9587)
CVE-2002-1053
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
2003-04-02
2003-03-24
CVE-2002-1053
http://www.securityfocus.com/bid/5506
BID:5506
http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html
BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
http://www.osvdb.org/4015
OSVDB:4015
http://www.iss.net/security_center/static/9914.php
XF:jigsaw-http-proxy-xss(9914)
CVE-2002-1054
Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.
2003-04-02
2016-09-15
CVE-2002-1054
http://www.securityfocus.com/bid/5283
BID:5283
http://online.securityfocus.com/archive/1/283665
BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
http://www.pablovandermeer.nl/ftpserversrc.zip
CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip
http://www.osvdb.org/4995
OSVDB:4995
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html
VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
http://www.iss.net/security_center/static/9647.php
XF:pablo-ftp-directory-traversal(9647)
CVE-2002-1055
Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password.
2002-08-31
2002-09-10
CVE-2002-1055
http://www.securityfocus.com/bid/5339
BID:5339
http://archives.neohapsis.com/archives/bugtraq/2002-07/0353.html
BUGTRAQ:20020727 phenoelit advisory, Brother Printers ++/-
http://www.iss.net/security_center/static/9701.php
XF:brother-nc-password-bo(9701)
CVE-2002-1056
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
2002-06-25
2002-06-15
CVE-2002-1056
http://www.securityfocus.com/bid/4397
BID:4397
http://marc.info/?l=bugtraq&m=101760380418890&w=2
BUGTRAQ:20020331 More Office XP Problems
http://online.securityfocus.com/archive/1/265621
BUGTRAQ:20020403 More Office XP problems (Version 2.0)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
MS:MS02-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
OVAL:oval:org.mitre.oval:def:205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429
OVAL:oval:org.mitre.oval:def:429
http://www.iss.net/security_center/static/8708.php
XF:outlook-object-execute-script(8708)
CVE-2002-1057
Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command.
2003-04-02
2012-11-16
CVE-2002-1057
http://www.securityfocus.com/bid/5285
BID:5285
http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html
BUGTRAQ:20020723 MailMax security advisory/exploit/patch
http://www.iss.net/security_center/static/9651.php
XF:mailmax-pop3max-user-bo(9651)
CVE-2002-1058
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
2002-08-31
2002-09-10
CVE-2002-1058
http://www.securityfocus.com/bid/5297
BID:5297
http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html
BUGTRAQ:20020723 Cobalt Qube 3 Administration page
http://www.iss.net/security_center/static/9669.php
XF:cobalt-qube-admin-access(9669)
CVE-2002-1059
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
2003-04-02
2002-09-10
CVE-2002-1059
http://www.securityfocus.com/bid/5287
BID:5287
http://marc.info/?l=bugtraq&m=102744150718462&w=2
BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
http://marc.info/?l=bugtraq&m=102746007908689&w=2
BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
http://www.vandyke.com/products/securecrt/security07-25-02.html
CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html
http://www.osvdb.org/4991
OSVDB:4991
http://www.iss.net/security_center/static/9650.php
XF:securecrt-ssh1-identifier-bo(9650)
CVE-2002-1060
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.
2003-04-02
2007-11-18
CVE-2002-1060
http://www.securityfocus.com/bid/5305
BID:5305
http://www.securityfocus.com/bid/5608
BID:5608
http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html
BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability
BUGTRAQ:20020903 Re: CacheFlow CacheOS Cross-site Scripting Vulnerability
http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
http://www.iss.net/security_center/static/9674.php
XF:cacheos-unresolved-error-xss(9674)
CVE-2002-1061
Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.
2002-08-31
2002-09-10
CVE-2002-1061
http://www.securityfocus.com/bid/5319
BID:5319
http://www.securityfocus.com/bid/5320
BID:5320
http://www.securityfocus.com/bid/5322
BID:5322
http://www.securityfocus.com/bid/5324
BID:5324
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9682.php
XF:jana-http-logging-bo(9682)
http://www.iss.net/security_center/static/9683.php
XF:jana-http-proxy-bo(9683)
http://www.iss.net/security_center/static/9685.php
XF:jana-pop3-logging-bo(9685)
http://www.iss.net/security_center/static/9686.php
XF:jana-smtp-logging-bo(9686)
CVE-2002-1062
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.
2002-08-31
2002-09-10
CVE-2002-1062
http://www.securityfocus.com/bid/5321
BID:5321
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9684.php
XF:jana-socks5-bo(9684)
CVE-2002-1063
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.
2002-08-31
2002-09-10
CVE-2002-1063
http://www.securityfocus.com/bid/5325
BID:5325
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9687.php
XF:jana-ftp-pasv-dos(9687)
CVE-2002-1064
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
2002-08-31
2002-09-10
CVE-2002-1064
http://www.securityfocus.com/bid/5326
BID:5326
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9688.php
XF:jana-pop3-bruteforce(9688)
CVE-2002-1065
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.
2002-08-31
2002-09-10
CVE-2002-1065
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9688.php
XF:jana-pop3-bruteforce(9688)
CVE-2002-1066
Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.
2002-08-31
2002-09-10
CVE-2002-1066
http://www.securityfocus.com/bid/5327
BID:5327
http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
http://www.iss.net/security_center/static/9689.php
XF:jana-pop3-index-bo(9689)
CVE-2002-1067
Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow.
2002-08-31
2002-09-10
CVE-2002-1067
http://www.securityfocus.com/bid/5329
BID:5329
http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html
BUGTRAQ:20020727 0815 ++ */ SEH_Web
http://www.iss.net/security_center/static/9702.php
XF:seh-ic9-password-bo(9702)
CVE-2002-1068
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
2002-08-31
2016-10-17
CVE-2002-1068
http://www.securityfocus.com/bid/5330
BID:5330
http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html
BUGTRAQ:20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)
http://marc.info/?l=vuln-dev&m=102779425117680&w=2
VULN-DEV:20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)
http://www.iss.net/security_center/static/9703.php
XF:dlink-dp-post-dos(9703)
CVE-2002-1069
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
2002-08-31
2016-10-17
CVE-2002-1069
http://www.securityfocus.com/bid/5544
BID:5544
http://www.securityfocus.com/bid/5553
BID:5553
http://marc.info/?l=bugtraq&m=103004834131542&w=2
BUGTRAQ:20020822 Re: possible exploit: D-Link DI-804 unauthorized DHCP release
http://online.securityfocus.com/archive/1/288584
BUGTRAQ:20020822 possible exploit: D-Link DI-804 unauthorized DHCP release from WAN
http://www.iss.net/security_center/static/9969.php
XF:dlink-admin-device-information(9969)
http://www.iss.net/security_center/static/9967.php
XF:dlink-admin-dhcp-release(9967)
CVE-2002-1070
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
2002-08-31
2002-09-10
CVE-2002-1070
http://www.securityfocus.com/bid/5254
BID:5254
http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html
BUGTRAQ:20020716 Wiki module postnuke Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/9627.php
XF:phpwiki-xss(9627)
CVE-2002-1071
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.
2002-08-31
2002-09-10
CVE-2002-1071
http://www.securityfocus.com/bid/5034
BID:5034
http://online.securityfocus.com/archive/1/277303
BUGTRAQ:20020617 Follow: ZyXEL 642R-11 AJ.6 service DoS -- additional informations
http://online.securityfocus.com/archive/1/277307
BUGTRAQ:20020617 Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing
http://online.securityfocus.com/archive/1/277242
BUGTRAQ:20020617 ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS
http://www.iss.net/security_center/static/9372.php
XF:zyxel-tcp-packet-dos(9372)
CVE-2002-1072
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.
2002-08-31
2002-09-10
CVE-2002-1072
http://www.securityfocus.com/bid/5292
BID:5292
http://online.securityfocus.com/archive/1/283999
BUGTRAQ:20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html
VULNWATCH:20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)
http://www.iss.net/security_center/static/9655.php
XF:zyxel-jolt-dos(9655)
CVE-2002-1073
Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password.
2002-08-31
2002-09-10
CVE-2002-1073
http://www.securityfocus.com/bid/5261
BID:5261
http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html
BUGTRAQ:20020717 MERCUR Mailserver advisory/remote exploit
http://www.iss.net/security_center/static/9618.php
XF:mercur-control-service-bo(9618)
CVE-2002-1075
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
2002-08-31
2002-09-10
CVE-2002-1075
http://www.securityfocus.com/bid/5302
BID:5302
http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html
BUGTRAQ:20020724 Pegasus mail DoS
http://www.iss.net/security_center/static/9673.php
XF:pegasus-message-header-bo(9673)
CVE-2002-1076
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
2003-04-02
2002-09-10
CVE-2002-1076
http://www.securityfocus.com/bid/5323
BID:5323
http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html
BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH
http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html
BUGTRAQ:20020729 Hoax Exploit
http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html
BUGTRAQ:20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)
http://support.ipswitch.com/kb/IM-20020729-DM01.htm
CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm
http://support.ipswitch.com/kb/IM-20020731-DM02.htm
CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm
http://www.iss.net/security_center/static/9679.php
XF:imail-web-messaging-bo(9679)
CVE-2002-1077
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
2002-08-31
2002-09-10
CVE-2002-1077
http://www.securityfocus.com/bid/5365
BID:5365
http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html
BUGTRAQ:20020730 IPSwitch IMail Advisory #2
http://www.iss.net/security_center/static/9722.php
XF:imail-iwebcal-content-length-dos(9722)
CVE-2002-1078
Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters.
2002-08-31
2002-09-10
CVE-2002-1078
http://www.securityfocus.com/bid/5345
BID:5345
http://online.securityfocus.com/archive/1/284904
BUGTRAQ:20020729 Abyss Web Server version 1.0.3 shows file and directory content
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html
VULNWATCH:20020729 [VulnWatch] Abyss Web Server version 1.0.3 shows file and directory content
http://www.iss.net/security_center/static/9721.php
XF:abyss-slash-directory-traversal(9721)
CVE-2002-1079
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.
2003-04-02
2003-03-24
CVE-2002-1079
http://www.securityfocus.com/bid/5547
BID:5547
http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
http://www.aprelium.com/news/patch1033.html
CONFIRM:http://www.aprelium.com/news/patch1033.html
http://www.osvdb.org/3285
OSVDB:3285
http://www.iss.net/security_center/static/9941.php
XF:abyss-get-directory-traversal(9941)
http://www.iss.net/security_center/static/9940.php
XF:abyss-http-directory-traversal(9940)
CVE-2002-1080
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.
2002-08-31
2007-10-15
CVE-2002-1080
http://www.securityfocus.com/bid/5548
BID:5548
http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
http://www.aprelium.com/news/patch1033.html
CONFIRM:http://www.aprelium.com/news/patch1033.html
http://www.iss.net/security_center/static/9957.php
XF:abyss-admin-console-access(9957)
CVE-2002-1081
The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.
2003-04-02
2003-03-24
CVE-2002-1081
http://www.securityfocus.com/bid/5549
BID:5549
http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
http://www.aprelium.com/news/patch1033.html
CONFIRM:http://www.aprelium.com/news/patch1033.html
http://www.osvdb.org/3286
OSVDB:3286
http://www.iss.net/security_center/static/9956.php
XF:abyss-plus-file-disclosure(9956)
CVE-2002-1082
The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded.
2002-08-31
2002-09-10
CVE-2002-1082
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
http://www.iss.net/security_center/static/9698.php
XF:ezcontents-image-file-upload(9698)
CVE-2002-1083
Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences.
2002-08-31
2002-09-10
CVE-2002-1083
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
http://www.iss.net/security_center/static/9710.php
XF:ezcontents-dotdot-directory-traversal(9710)
CVE-2002-1084
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
2002-08-31
2002-09-10
CVE-2002-1084
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
http://www.iss.net/security_center/static/9711.php
XF:ezcontents-verifylogin-post-data(9711)
CVE-2002-1085
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.
2002-08-31
2002-09-10
CVE-2002-1085
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
http://www.iss.net/security_center/static/9712.php
XF:ezcontents-diary-entry-xss(9712)
CVE-2002-1086
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
2002-08-31
2002-09-10
CVE-2002-1086
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
http://www.iss.net/security_center/static/9713.php
XF:ezcontents-sql-injection(9713)
CVE-2002-1087
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
2002-08-31
2002-09-10
CVE-2002-1087
http://online.securityfocus.com/archive/1/284229
BUGTRAQ:20020725 ezContents multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
CVE-2002-1088
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
2003-04-02
2002-09-10
CVE-2002-1088
http://www.securityfocus.com/bid/5313
BID:5313
http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html
BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
http://support.novell.com/servlet/tidfinder/2963273
CONFIRM:http://support.novell.com/servlet/tidfinder/2963273
http://www.iss.net/security_center/static/9671.php
XF:groupwise-rcpt-bo(9671)
CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
2002-08-31
2005-06-09
CVE-2002-1089
http://www.securityfocus.com/bid/5262
BID:5262
http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html
BUGTRAQ:20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability
http://www.iss.net/security_center/static/9628.php
XF:oracle-reports-information-disclosure(9628)
CVE-2002-1090
Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
2002-09-10
2003-03-18
CVE-2002-1090
http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt
CONFIRM:http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt
CVE-2002-1091
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
2004-09-01
2007-11-12
CVE-2002-1091
http://www.securityfocus.com/bid/5665
BID:5665
http://marc.info/?l=bugtraq&m=103134051120770&w=2
BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs
http://bugzilla.mozilla.org/show_bug.cgi?id=157989
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
MANDRAKE:MDKSA-2002:075
http://crash.ihug.co.nz/~Sneuro/zerogif/
MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/
http://www.redhat.com/support/errata/RHSA-2002-192.html
REDHAT:RHSA-2002:192
http://www.redhat.com/support/errata/RHSA-2003-046.html
REDHAT:RHSA-2003:046
http://www.iss.net/security_center/static/10058.php
XF:netscape-zero-gif-bo(10058)
CVE-2002-1092
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
2004-09-01
2004-07-24
CVE-2002-1092
http://www.securityfocus.com/bid/5613
BID:5613
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/10017
XF:cisco-vpn-bypass-authentication(10017)
CVE-2002-1093
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
2004-09-01
2003-01-10
CVE-2002-1093
http://www.securityfocus.com/bid/5615
BID:5615
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10018.php
XF:cisco-vpn-html-parser-dos(10018)
CVE-2002-1094
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
2002-09-10
2003-01-10
CVE-2002-1094
http://www.securityfocus.com/bid/5621
BID:5621
http://www.securityfocus.com/bid/5623
BID:5623
http://www.securityfocus.com/bid/5624
BID:5624
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10020.php
XF:cisco-vpn-banner-information(10020)
CVE-2002-1095
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
2004-09-01
2003-01-10
CVE-2002-1095
http://www.securityfocus.com/bid/5625
BID:5625
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10021.php
XF:cisco-vpn-pptp-dos(10021)
CVE-2002-1096
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
2004-09-01
2003-01-10
CVE-2002-1096
http://www.securityfocus.com/bid/5611
BID:5611
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10019.php
XF:cisco-vpn-user-passwords(10019)
CVE-2002-1097
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
2004-09-01
2003-01-10
CVE-2002-1097
http://www.securityfocus.com/bid/5612
BID:5612
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10022.php
XF:cisco-vpn-certificate-passwords(10022)
CVE-2002-1098
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
2004-09-01
2002-10-15
CVE-2002-1098
http://www.securityfocus.com/bid/5614
BID:5614
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10023.php
XF:cisco-vpn-xml-filter(10023)
CVE-2002-1099
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
2004-09-01
2003-01-10
CVE-2002-1099
http://www.securityfocus.com/bid/5616
BID:5616
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10024.php
XF:cisco-vpn-web-access(10024)
CVE-2002-1100
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.
2002-09-10
2003-01-10
CVE-2002-1100
http://www.securityfocus.com/bid/5617
BID:5617
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.iss.net/security_center/static/10025.php
XF:cisco-vpn-html-interface-dos(10025)
CVE-2002-1101
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name.
2002-09-10
2003-03-18
CVE-2002-1101
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
CVE-2002-1102
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
2004-09-01
2004-07-24
CVE-2002-1102
http://www.securityfocus.com/bid/5622
BID:5622
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/10027
XF:cisco-vpn-lan-connection-dos(10027)
CVE-2002-1103
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.
2002-09-10
2002-09-24
CVE-2002-1103
http://www.kb.cert.org/vuls/id/761651
CERT-VN:VU#761651
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
CVE-2002-1104
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
2004-09-01
2004-07-24
CVE-2002-1104
http://www.securityfocus.com/bid/5649
BID:5649
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
https://exchange.xforce.ibmcloud.com/vulnerabilities/10042
XF:cisco-vpn-tcp-dos(10042)
CVE-2002-1105
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
2004-09-01
2004-07-24
CVE-2002-1105
http://www.securityfocus.com/bid/5650
BID:5650
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
https://exchange.xforce.ibmcloud.com/vulnerabilities/10044
XF:cisco-vpn-obtain-password(10044)
CVE-2002-1106
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
2004-09-01
2004-07-24
CVE-2002-1106
http://www.securityfocus.com/bid/5652
BID:5652
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
https://exchange.xforce.ibmcloud.com/vulnerabilities/10045
XF:cisco-vpn-certificate-mitm(10045)
CVE-2002-1107
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
2004-09-01
2004-07-24
CVE-2002-1107
http://www.securityfocus.com/bid/5653
BID:5653
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
https://exchange.xforce.ibmcloud.com/vulnerabilities/10046
XF:cisco-vpn-random-numbers(10046)
CVE-2002-1108
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
2004-09-01
2004-07-24
CVE-2002-1108
http://www.securityfocus.com/bid/5651
BID:5651
http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
https://exchange.xforce.ibmcloud.com/vulnerabilities/10047
XF:cisco-vpn-tcp-filter(10047)
CVE-2002-1109
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
2004-09-01
2003-01-10
CVE-2002-1109
http://marc.info/?l=bugtraq&m=103124270321404&w=2
BUGTRAQ:20020905 GLSA: amavis
http://marc.info/?l=amavis-announce&m=103121272122242&w=2
CONFIRM:http://marc.info/?l=amavis-announce&m=103121272122242&w=2
http://www.iss.net/security_center/static/10056.php
XF:amavis-securetar-tar-dos(10056)
CVE-2002-1110
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
2002-09-10
2016-10-17
CVE-2002-1110
http://www.securityfocus.com/bid/5510
BID:5510
http://marc.info/?l=bugtraq&m=102978728718851&w=2
BUGTRAQ:20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis
http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
http://www.debian.org/security/2002/dsa-153
DEBIAN:DSA-153
http://www.iss.net/security_center/static/9897.php
XF:mantis-user-sql-injection(9897)
CVE-2002-1111
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
2004-09-01
2004-07-24
CVE-2002-1111
http://www.securityfocus.com/bid/5515
BID:5515
http://marc.info/?l=bugtraq&m=102978873620491&w=2
BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt
CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt
http://www.debian.org/security/2002/dsa-153
DEBIAN:DSA-153
https://exchange.xforce.ibmcloud.com/vulnerabilities/9898
XF:mantis-limit-reporters-bypass(9898)
CVE-2002-1112
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
2004-09-01
2004-07-24
CVE-2002-1112
http://www.securityfocus.com/bid/5514
BID:5514
http://marc.info/?l=bugtraq&m=102978673018271&w=2
BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
http://www.debian.org/security/2002/dsa-153
DEBIAN:DSA-153
https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
XF:mantis-private-project-bug-listing(9899)
CVE-2002-1113
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
2004-09-01
2004-08-19
CVE-2002-1113
http://www.securityfocus.com/bid/5504
BID:5504
http://marc.info/?l=bugtraq&m=102927873301965&w=2
BUGTRAQ:20020813 mantisbt security flaw
http://marc.info/?l=bugtraq&m=102978924821040&w=2
BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution
http://www.debian.org/security/2002/dsa-153
DEBIAN:DSA-153
http://www.osvdb.org/4858
OSVDB:4858
https://exchange.xforce.ibmcloud.com/vulnerabilities/9829
XF:mantis-include-remote-files(9829)
CVE-2002-1114
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
2002-09-10
2016-10-17
CVE-2002-1114
http://www.securityfocus.com/bid/5509
BID:5509
http://marc.info/?l=bugtraq&m=102978711618648&w=2
BUGTRAQ:20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis
http://www.debian.org/security/2002/dsa-153
DEBIAN:DSA-153
http://www.iss.net/security_center/static/9900.php
XF:mantis-configinc-var-include(9900)
CVE-2002-1115
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
2002-09-10
2016-10-17
CVE-2002-1115
http://www.securityfocus.com/bid/5563
BID:5563
http://marc.info/?l=bugtraq&m=103013249211164&w=2
BUGTRAQ:20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis
http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt
CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt
http://www.debian.org/security/2002/dsa-161
DEBIAN:DSA-161
http://www.iss.net/security_center/static/9954.php
XF:mantis-view-private-bugs(9954)
CVE-2002-1116
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
2004-09-01
2003-03-18
CVE-2002-1116
http://www.securityfocus.com/bid/5565
BID:5565
http://marc.info/?l=bugtraq&m=103014152320112&w=2
BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'
http://www.debian.org/security/2002/dsa-161
DEBIAN:DSA-161
https://exchange.xforce.ibmcloud.com/vulnerabilities/9955
XF:mantis-viewbugs-bug-listing(9955)
CVE-2002-1117
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
2004-09-01
2006-10-31
CVE-2002-1117
http://marc.info/?l=bugtraq&m=103134930629683&w=2
BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
http://marc.info/?l=bugtraq&m=103134395124579&w=2
BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
http://seer.support.veritas.com/docs/238618.htm
CONFIRM:http://seer.support.veritas.com/docs/238618.htm
http://www.osvdb.org/8230
OSVDB:8230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1036
OVAL:oval:org.mitre.oval:def:1036
https://exchange.xforce.ibmcloud.com/vulnerabilities/10093
XF:veritas-backupexec-restrictanonymous-zero(10093)
CVE-2002-1118
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
2004-09-01
2004-08-03
CVE-2002-1118
http://www.securityfocus.com/bid/5678
BID:5678
http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
http://www.iss.net/security_center/static/10283.php
XF:oracle-net-services-dos(10283)
CVE-2002-1119
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
2004-09-01
2007-11-12
CVE-2002-1119
http://www.securityfocus.com/bid/5581
BID:5581
http://marc.info/?l=bugtraq&m=104333092200589&w=2
BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt
CALDERA:CSSA-2002-045.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
CONECTIVA:CLA-2002:527
http://www.debian.org/security/2002/dsa-159
DEBIAN:DSA-159
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
MANDRAKE:MDKSA-2002:082
http://mail.python.org/pipermail/python-dev/2002-August/027229.html
MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html
http://www.redhat.com/support/errata/RHSA-2002-202.html
REDHAT:RHSA-2002:202
http://www.redhat.com/support/errata/RHSA-2003-048.html
REDHAT:RHSA-2003:048
http://www.iss.net/security_center/static/10009.php
XF:python-execvpe-tmpfile-symlink(10009)
CVE-2002-1120
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2002-09-12
2017-10-04
CVE-2002-1120
http://www.securityfocus.com/bid/5686
BID:5686
https://www.exploit-db.com/exploits/16770/
EXPLOIT-DB:16770
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html
VULNWATCH:20020910 Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
http://www.iss.net/security_center/static/10076.php
XF:savant-long-url-bo(10076)
CVE-2002-1121
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
2002-09-14
2016-10-17
CVE-2002-1121
http://www.securityfocus.com/bid/5696
BID:5696
http://marc.info/?l=bugtraq&m=103184267105132&w=2
BUGTRAQ:20020912 Bypassing SMTP Content Protection with a Flick of a Button
http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
BUGTRAQ:20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button
http://marc.info/?l=bugtraq&m=103184501408453&w=2
BUGTRAQ:20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )
http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
BUGTRAQ:20020912 Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"
http://www.kb.cert.org/vuls/id/836088
CERT-VN:VU#836088
http://www.securiteam.com/securitynews/5YP0A0K8CM.html
MISC:http://www.securiteam.com/securitynews/5YP0A0K8CM.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html
VULNWATCH:20020912 Bypassing SMTP Content Protection with a Flick of a Button
http://www.iss.net/security_center/static/10088.php
XF:smtp-content-filtering-bypass(10088)
CVE-2002-1122
Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response.
2004-09-01
2004-08-17
CVE-2002-1122
http://www.securityfocus.com/bid/5738
BID:5738
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165
ISS:20020918 Flaw in Internet Scanner Parsing Mechanism
http://www.osvdb.org/3150
OSVDB:3150
VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
http://www.iss.net/security_center/static/10130.php
XF:is-http-response-bo(10130)
CVE-2002-1123
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
2004-09-01
2004-08-03
CVE-2002-1123
http://www.securityfocus.com/bid/5411
BID:5411
http://online.securityfocus.com/archive/1/286220
BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
http://marc.info/?l=bugtraq&m=102873609025020&w=2
BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script
http://www.ciac.org/ciac/bulletins/n-003.shtml
CIAC:N-003
CISCO:Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
MS:MS02-056
http://www.iss.net/security_center/static/9788.php
XF:mssql-preauth-bo(9788)
CVE-2002-1124
Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables.
2002-09-17
2002-12-03
CVE-2002-1124
http://www.securityfocus.com/bid/5702
BID:5702
http://www.debian.org/security/2002/dsa-166
DEBIAN:DSA-166
http://www.iss.net/security_center/static/10100.php
XF:linux-purity-bo(10100)
CVE-2002-1125
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
2002-09-17
2016-10-17
CVE-2002-1125
http://www.securityfocus.com/bid/5714
BID:5714
http://www.securityfocus.com/bid/5716
BID:5716
http://www.securityfocus.com/bid/5718
BID:5718
http://www.securityfocus.com/bid/5719
BID:5719
http://www.securityfocus.com/bid/5720
BID:5720
http://marc.info/?l=bugtraq&m=103228135413310&w=2
BUGTRAQ:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc
FREEBSD:FreeBSD-SA-02:39
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html
VULNWATCH:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
http://www.iss.net/security_center/static/10109.php
XF:bsd-libkvm-descriptor-leak(10109)
CVE-2002-1126
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
2004-09-01
2007-11-12
CVE-2002-1126
http://www.securityfocus.com/bid/5694
BID:5694
http://marc.info/?l=bugtraq&m=103176760004720&w=2
BUGTRAQ:20020911 Privacy leak in mozilla
http://bugzilla.mozilla.org/show_bug.cgi?id=145579
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
MANDRAKE:MDKSA-2002:075
http://www.redhat.com/support/errata/RHSA-2002-192.html
REDHAT:RHSA-2002:192
http://www.redhat.com/support/errata/RHSA-2003-046.html
REDHAT:RHSA-2003:046
http://www.iss.net/security_center/static/10084.php
XF:mozilla-onunload-url-leak(10084)
CVE-2002-1127
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
2002-09-24
2005-06-09
CVE-2002-1127
http://www.securityfocus.com/bid/5745
BID:5745
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
http://www.iss.net/security_center/static/10146.php
XF:osf1-uucp-source-bo(10146)
CVE-2002-1128
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
2002-09-24
2005-06-09
CVE-2002-1128
http://www.securityfocus.com/bid/5747
BID:5747
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
http://www.iss.net/security_center/static/10147.php
XF:osf1-inc-mh-bo(10147)
CVE-2002-1129
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
2002-09-24
2016-10-17
CVE-2002-1129
http://www.securityfocus.com/bid/5746
BID:5746
http://marc.info/?l=bugtraq&m=103248659816294&w=2
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html
VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
http://www.iss.net/security_center/static/10148.php
XF:osf1-dxterm-xrm-bo(10148)
CVE-2002-1130
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1130
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
2002-09-24
2002-10-15
CVE-2002-1131
http://www.securityfocus.com/bid/5763
BID:5763
http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
http://www.debian.org/security/2002/dsa-191
DEBIAN:DSA-191
http://www.redhat.com/support/errata/RHSA-2002-204.html
REDHAT:RHSA-2002:204
http://www.iss.net/security_center/static/10145.php
XF:squirrelmail-php-xss(10145)
CVE-2002-1132
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
2004-09-01
2004-08-03
CVE-2002-1132
http://www.securityfocus.com/bid/5949
BID:5949
http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
http://www.debian.org/security/2002/dsa-191
DEBIAN:DSA-191
http://www.redhat.com/support/errata/RHSA-2002-204.html
REDHAT:RHSA-2002:204
http://www.iss.net/security_center/static/10345.php
XF:squirrelmail-options-path-disclosure(10345)
CVE-2002-1133
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
2002-09-24
2016-10-17
CVE-2002-1133
http://www.securityfocus.com/bid/5782
BID:5782
http://marc.info/?l=bugtraq&m=103281444824285&w=2
BUGTRAQ:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0127.html
VULNWATCH:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
http://www.iss.net/security_center/static/10168.php
XF:dinos-dotdot-directory-traversal(10168)
CVE-2002-1134
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
2002-09-24
2016-10-17
CVE-2002-1134
http://www.securityfocus.com/bid/5773
BID:5773
http://marc.info/?l=bugtraq&m=103280973718587&w=2
BUGTRAQ:20020923 [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP
http://online.securityfocus.com/advisories/4497
COMPAQ:SSRT2362
http://www.iss.net/security_center/static/10167.php
XF:webes-unauth-file-access(10167)
CVE-2002-1135
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
2004-09-01
2004-08-17
CVE-2002-1135
http://www.securityfocus.com/bid/5779
BID:5779
http://marc.info/?l=bugtraq&m=103279980906880&w=2
BUGTRAQ:20020922 PHP source injection in phpWebSite
http://phpwebsite.appstate.edu/article.php?sid=400
CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400
http://www.osvdb.org/3848
OSVDB:3848
http://www.iss.net/security_center/static/10164.php
XF:phpwebsite-modsecurity-file-include(10164)
CVE-2002-1136
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1136
CVE-2002-1137
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
2004-09-01
2004-08-03
CVE-2002-1137
http://www.securityfocus.com/bid/5877
BID:5877
http://www.ciac.org/ciac/bulletins/n-003.shtml
CIAC:N-003
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
CISCO:20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
http://www.scan-associates.net/papers/foxpro.txt
MISC:http://www.scan-associates.net/papers/foxpro.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
MS:MS02-056
https://exchange.xforce.ibmcloud.com/vulnerabilities/10255
XF:mssql-dbcc-bo-variant(10255)
CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
2004-09-01
2003-02-26
CVE-2002-1138
http://www.ciac.org/ciac/bulletins/n-003.shtml
CIAC:N-003
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
MS:MS02-056
http://www.iss.net/security_center/static/10257.php
XF:mssql-agent-create-files(10257)
CVE-2002-1139
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
2004-09-01
2003-02-26
CVE-2002-1139
http://www.securityfocus.com/bid/5876
BID:5876
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054
MS:MS02-054
http://www.iss.net/security_center/static/10252.php
XF:win-zip-incorrect-path(10252)
CVE-2002-1140
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
2004-09-01
2003-02-26
CVE-2002-1140
http://www.securityfocus.com/bid/5879
BID:5879
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
MS:MS02-057
http://www.iss.net/security_center/static/10258.php
XF:sfu-rpc-parameter-bo(10258)
CVE-2002-1141
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
2004-09-01
2003-02-26
CVE-2002-1141
http://www.securityfocus.com/bid/5880
BID:5880
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
MS:MS02-057
http://www.iss.net/security_center/static/10259.php
XF:sfu-invalid-rpc-dos(10259)
CVE-2002-1142
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
2004-09-01
2004-08-03
CVE-2002-1142
http://www.securityfocus.com/bid/6214
BID:6214
http://www.cert.org/advisories/CA-2002-33.html
CERT:CA-2002-33
http://www.kb.cert.org/vuls/id/542081
CERT-VN:VU#542081
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065
MS:MS02-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730
OVAL:oval:org.mitre.oval:def:2730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294
OVAL:oval:org.mitre.oval:def:294
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573
OVAL:oval:org.mitre.oval:def:3573
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
VULNWATCH:20021120 Foundstone Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10669
XF:mdac-rds-client-bo(10669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10659
XF:mdac-rds-server-bo(10659)
CVE-2002-1143
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
2003-04-03
2018-10-12
CVE-2002-1143
http://www.securityfocus.com/bid/5586
BID:5586
http://www.securityfocus.com/bid/5764
BID:5764
http://marc.info/?l=bugtraq&m=103040003014999&w=2
BUGTRAQ:20020826 Security side-effects of Word fields
http://marc.info/?l=bugtraq&m=103252858816401&w=2
BUGTRAQ:20020919 More vulnerabilities (Re: Security side-effects of Word fields)
http://www.kb.cert.org/vuls/id/899713
CERT-VN:VU#899713
http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
CONFIRM:http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-059
MS:MS02-059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A202
OVAL:oval:org.mitre.oval:def:202
http://www.iss.net/security_center/static/10155.php
XF:word-includepicture-read-files(10155)
http://www.iss.net/security_center/static/10008.php
XF:word-includetext-read-files(10008)
CVE-2002-1144
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1144
CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
2002-10-21
2018-10-12
CVE-2002-1145
http://www.securityfocus.com/bid/5980
BID:5980
http://marc.info/?l=bugtraq&m=103487044122900&w=2
BUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
CISCO:20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
http://www.nextgenss.com/advisories/mssql-webtasks.txt
MISC:http://www.nextgenss.com/advisories/mssql-webtasks.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061
MS:MS02-061
http://marc.info/?l=ntbugtraq&m=103486356413404&w=2
NTBUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
http://www.iss.net/security_center/static/10388.php
XF:mssql-webtask-gain-privileges(10388)
CVE-2002-1146
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
2004-09-01
2004-08-17
CVE-2002-1146
http://www.kb.cert.org/vuls/id/738331
CERT-VN:VU#738331
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
CONECTIVA:CLA-2002:535
FREEBSD:FreeBSD-SA-02:42
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009
MANDRAKE:MDKSA-2004:009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
NETBSD:NetBSD-SA2002-015
http://www.redhat.com/support/errata/RHSA-2002-197.html
REDHAT:RHSA-2002:197
http://www.redhat.com/support/errata/RHSA-2002-258.html
REDHAT:RHSA-2002:258
http://www.redhat.com/support/errata/RHSA-2003-022.html
REDHAT:RHSA-2003:022
http://www.redhat.com/support/errata/RHSA-2003-212.html
REDHAT:RHSA-2003:212
http://www.iss.net/security_center/static/10295.php
XF:dns-resolver-lib-read-bo(10295)
CVE-2002-1147
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
2004-09-01
2003-02-14
CVE-2002-1147
http://www.securityfocus.com/bid/5784
BID:5784
http://marc.info/?l=bugtraq&m=103287951910420&w=2
BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
http://online.securityfocus.com/advisories/4501
HP:HPSBUX0209-219
http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
http://www.iss.net/security_center/static/10172.php
XF:hp-procurve-http-reset-dos(10172)
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
2004-09-01
2020-02-13
CVE-2002-1148
http://www.securityfocus.com/bid/5786
BID:5786
http://marc.info/?l=bugtraq&m=103288242014253&w=2
BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x
http://www.debian.org/security/2002/dsa-170
DEBIAN:DSA-170
http://online.securityfocus.com/advisories/4758
HP:HPSBUX0212-229
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.redhat.com/support/errata/RHSA-2002-217.html
REDHAT:RHSA-2002:217
http://www.redhat.com/support/errata/RHSA-2002-218.html
REDHAT:RHSA-2002:218
http://www.iss.net/security_center/static/10175.php
XF:tomcat-servlet-source-code(10175)
CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
2002-10-01
2016-10-17
CVE-2002-1149
http://www.securityfocus.com/bid/5789
BID:5789
http://marc.info/?l=bugtraq&m=103290602609197&w=2
BUGTRAQ:20020924 Information Disclosure with Invision Board installation (fwd)
http://www.osvdb.org/3356
OSVDB:3356
http://www.iss.net/security_center/static/10178.php
XF:invision-phpinfo-information-disclosure(10178)
CVE-2002-1150
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
2002-10-01
2016-10-17
CVE-2002-1150
http://www.securityfocus.com/bid/5715
BID:5715
http://marc.info/?l=bugtraq&m=103228375116204&w=2
BUGTRAQ:20020913 NetMeeting 3.01 Local RDS Session Hijacking
http://www.iss.net/security_center/static/10119.php
XF:netmeeting-rds-session-hijacking(10119)
CVE-2002-1151
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
2004-09-01
2004-08-17
CVE-2002-1151
http://www.securityfocus.com/bid/5689
BID:5689
http://marc.info/?l=bugtraq&m=103175850925395&w=2
BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
CALDERA:CSSA-2002-047.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525
CONECTIVA:CLA-2002:525
http://www.kde.org/info/security/advisory-20020908-2.txt
CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt
http://www.debian.org/security/2002/dsa-167
DEBIAN:DSA-167
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php
MANDRAKE:MDKSA-2002:064
http://www.osvdb.org/7867
OSVDB:7867
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.redhat.com/support/errata/RHSA-2002-221.html
REDHAT:RHSA-2002:221
http://www.iss.net/security_center/static/10039.php
XF:ie-sameoriginpolicy-bypass(10039)
CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
2004-09-01
2002-12-03
CVE-2002-1152
http://www.securityfocus.com/bid/5691
BID:5691
http://marc.info/?l=bugtraq&m=103175827225044&w=2
BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability
http://www.kde.org/info/security/advisory-20020908-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.iss.net/security_center/static/10083.php
XF:kde-konqueror-cookie-hijacking(10083)
CVE-2002-1153
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
2004-09-01
2004-08-17
CVE-2002-1153
http://www.securityfocus.com/bid/5749
BID:5749
http://marc.info/?l=bugtraq&m=103244572803950&w=2
BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
http://www.osvdb.org/2092
OSVDB:2092
http://www.iss.net/security_center/static/10140.php
XF:websphere-host-header-bo(10140)
CVE-2002-1154
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
2004-09-01
2004-08-17
CVE-2002-1154
http://www.analog.cx/security5.html
CONFIRM:http://www.analog.cx/security5.html
http://www.osvdb.org/3779
OSVDB:3779
http://www.redhat.com/support/errata/RHSA-2002-059.html
REDHAT:RHSA-2002:059
http://www.iss.net/security_center/static/10344.php
XF:analog-anlgform-dos(10344)
CVE-2002-1155
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
2003-06-05
2016-10-17
CVE-2002-1155
http://marc.info/?l=bugtraq&m=105474080512376&w=2
BUGTRAQ:20030603 kon2_exploit!!
http://marc.info/?l=bugtraq&m=105577912106710&w=2
BUGTRAQ:20030616 Next kon2root - Redhat 9
http://www.mandriva.com/security/advisories?name=MDKSA-2003:064
MANDRAKE:MDKSA-2003:064
http://www.redhat.com/support/errata/RHSA-2003-047.html
REDHAT:RHSA-2003:047
http://www.redhat.com/support/errata/RHSA-2003-050.html
REDHAT:RHSA-2003:050
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
2004-09-01
2021-06-06
CVE-2002-1156
http://www.securityfocus.com/bid/6065
BID:6065
http://www.kb.cert.org/vuls/id/910713
CERT-VN:VU#910713
http://www.apache.org/dist/httpd/CHANGES_2.0
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.apacheweek.com/issues/02-10-04
CONFIRM:http://www.apacheweek.com/issues/02-10-04
http://online.securityfocus.com/advisories/4617
HP:HPSBUX0210-224
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10499
XF:apache-webdav-cgi-source(10499)
CVE-2002-1157
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
2004-09-01
2004-08-17
CVE-2002-1157
http://www.securityfocus.com/bid/6029
BID:6029
http://online.securityfocus.com/archive/1/296753
BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
BUGTRAQ:20021026 GLSA: mod_ssl
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
CONECTIVA:CLA-2002:541
http://www.debian.org/security/2002/dsa-181
DEBIAN:DSA-181
http://www.linuxsecurity.com/advisories/other_advisory-2512.html
ENGARDE:ESA-20021029-027
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
MANDRAKE:MDKSA-2002:072
http://www.osvdb.org/2107
OSVDB:2107
http://www.redhat.com/support/errata/RHSA-2002-222.html
REDHAT:RHSA-2002:222
http://www.redhat.com/support/errata/RHSA-2002-243.html
REDHAT:RHSA-2002:243
http://www.redhat.com/support/errata/RHSA-2002-244.html
REDHAT:RHSA-2002:244
http://www.redhat.com/support/errata/RHSA-2002-248.html
REDHAT:RHSA-2002:248
http://www.redhat.com/support/errata/RHSA-2002-251.html
REDHAT:RHSA-2002:251
http://www.redhat.com/support/errata/RHSA-2003-106.html
REDHAT:RHSA-2003:106
http://www.iss.net/security_center/static/10457.php
XF:apache-modssl-host-xss(10457)
CVE-2002-1158
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.
2004-09-01
2007-10-16
CVE-2002-1158
http://www.securityfocus.com/bid/6351
BID:6351
http://marc.info/?l=bugtraq&m=104041812206344&w=2
BUGTRAQ:20021220 GLSA: canna
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
http://www.debian.org/security/2003/dsa-224
DEBIAN:DSA-224
http://www.redhat.com/support/errata/RHSA-2002-246.html
REDHAT:RHSA-2002:246
http://www.redhat.com/support/errata/RHSA-2002-261.html
REDHAT:RHSA-2002:261
http://www.redhat.com/support/errata/RHSA-2003-115.html
REDHAT:RHSA-2003:115
SCO:CSSA-2003-005.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/10831
XF:canna-irwthrough-bo(10831)
CVE-2002-1159
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
2004-09-01
2007-10-16
CVE-2002-1159
http://www.securityfocus.com/bid/6354
BID:6354
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
http://www.debian.org/security/2003/dsa-224
DEBIAN:DSA-224
http://www.redhat.com/support/errata/RHSA-2002-246.html
REDHAT:RHSA-2002:246
http://www.redhat.com/support/errata/RHSA-2002-261.html
REDHAT:RHSA-2002:261
http://www.redhat.com/support/errata/RHSA-2003-115.html
REDHAT:RHSA-2003:115
SCO:CSSA-2003-005.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/10832
XF:canna-improper-request-validation(10832)
CVE-2002-1160
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
2004-09-01
2010-05-20
CVE-2002-1160
http://www.securityfocus.com/bid/6753
BID:6753
http://marc.info/?l=bugtraq&m=104431622818954&w=2
BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
http://www.kb.cert.org/vuls/id/911505
CERT-VN:VU#911505
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
CONECTIVA:CLA-2003:693
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
MANDRAKE:MDKSA-2003:017
http://www.redhat.com/support/errata/RHSA-2003-028.html
REDHAT:RHSA-2003:028
http://www.redhat.com/support/errata/RHSA-2003-035.html
REDHAT:RHSA-2003:035
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
SUNALERT:55760
http://www.iss.net/security_center/static/11254.php
XF:linux-pamxauth-gain-privileges(11254)
CVE-2002-1161
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1380. Reason: This candidate is a reservation duplicate of CVE-2002-1380. Notes: none.
2002-12-18
2004-01-26
CVE-2002-1161
CVE-2002-1165
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
2002-10-03
2016-11-17
CVE-2002-1165
http://www.securityfocus.com/bid/5845
BID:5845
http://marc.info/?l=bugtraq&m=103350914307274&w=2
BUGTRAQ:20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities
CALDERA:CSSA-2002-052.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
CONECTIVA:CLA-2002:532
http://www.sendmail.org/smrsh.adv.txt
CONFIRM:http://www.sendmail.org/smrsh.adv.txt
FREEBSD:FreeBSD-SA-02:41
http://www.mandriva.com/security/advisories?name=MDKSA-2002:083
MANDRIVA:MDKSA-2002:083
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
NETBSD:NetBSD-SA2002-023
http://www.redhat.com/support/errata/RHSA-2003-073.html
REDHAT:RHSA-2003:073
http://secunia.com/advisories/7826
SECUNIA:7826
SGI:20030101-01-P
http://www.iss.net/security_center/static/10232.php
XF:sendmail-forward-bypass-smrsh(10232)
CVE-2002-1166
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
2002-10-01
2016-10-17
CVE-2002-1166
http://www.securityfocus.com/bid/5831
BID:5831
http://marc.info/?l=bugtraq&m=103340145725050&w=2
BUGTRAQ:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
http://www.osvdb.org/9836
OSVDB:9836
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html
VULNWATCH:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
http://www.iss.net/security_center/static/10223.php
XF:wn-server-get-bo(10223)
CVE-2002-1167
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
2002-10-25
2003-03-18
CVE-2002-1167
AIXAPAR:IY24527
http://www.securityfocus.com/bid/6000
BID:6000
VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues
http://www.iss.net/security_center/static/10453.php
XF:ibm-wte-html-xss(10453)
CVE-2002-1168
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
2002-10-25
2003-03-18
CVE-2002-1168
AIXAPAR:IY35139
http://www.securityfocus.com/bid/6001
BID:6001
VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues
http://www.iss.net/security_center/static/10454.php
XF:ibm-wte-header-injection(10454)
CVE-2002-1169
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
2004-09-01
2004-08-19
CVE-2002-1169
http://www-1.ibm.com/support/search.wss?rs=0&q=IY35970&apar=only
AIXAPAR:IY35970
http://www.securityfocus.com/bid/6002
BID:6002
http://www.rapid7.com/advisories/R7-0007.txt
MISC:http://www.rapid7.com/advisories/R7-0007.txt
http://www.osvdb.org/2090
OSVDB:2090
VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service
http://www.iss.net/security_center/static/10452.php
XF:ibm-wte-helpout-dos(10452)
CVE-2002-1170
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
2004-09-01
2002-10-15
CVE-2002-1170
http://www.securityfocus.com/bid/5862
BID:5862
http://marc.info/?l=bugtraq&m=103359362020365&w=2
BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability
BUGTRAQ:20021014 GLSA: net-snmp
http://sourceforge.net/forum/forum.php?forum_id=216532
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532
http://www.idefense.com/advisory/10.02.02.txt
MISC:http://www.idefense.com/advisory/10.02.02.txt
http://www.redhat.com/support/errata/RHSA-2002-228.html
REDHAT:RHSA-2002:228
https://exchange.xforce.ibmcloud.com/vulnerabilities/10250
XF:netsnmp-handlevarrequests-dos(10250)
CVE-2002-1171
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1171
CVE-2002-1172
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1172
CVE-2002-1173
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1173
CVE-2002-1174
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
2002-10-01
2016-10-17
CVE-2002-1174
http://www.securityfocus.com/bid/5825
BID:5825
http://www.securityfocus.com/bid/5827
BID:5827
http://marc.info/?l=bugtraq&m=103340148625187&w=2
BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
CONECTIVA:CLA-2002:531
http://www.debian.org/security/2002/dsa-171
DEBIAN:DSA-171
http://www.linuxsecurity.com/advisories/other_advisory-2402.html
ENGARDE:ESA-20021003-023
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
MANDRAKE:MDKSA-2002:063
http://rhn.redhat.com/errata/RHSA-2002-215.html
REDHAT:RHSA-2002:215
VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
http://www.iss.net/security_center/static/10203.php
XF:fetchmail-multidrop-bo(10203)
CVE-2002-1175
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
2002-10-01
2016-10-17
CVE-2002-1175
http://www.securityfocus.com/bid/5826
BID:5826
http://marc.info/?l=bugtraq&m=103340148625187&w=2
BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
CONECTIVA:CLA-2002:531
http://www.debian.org/security/2002/dsa-171
DEBIAN:DSA-171
http://www.linuxsecurity.com/advisories/other_advisory-2402.html
ENGARDE:ESA-20021003-023
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
MANDRAKE:MDKSA-2002:063
http://rhn.redhat.com/errata/RHSA-2002-215.html
REDHAT:RHSA-2002:215
VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
http://www.iss.net/security_center/static/10203.php
XF:fetchmail-multidrop-bo(10203)
CVE-2002-1176
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
2002-12-20
2016-10-17
CVE-2002-1176
http://marc.info/?l=bugtraq&m=104025874209567&w=2
BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp
CVE-2002-1177
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
2002-12-20
2016-10-17
CVE-2002-1177
http://www.securityfocus.com/bid/6429
BID:6429
http://marc.info/?l=bugtraq&m=104025874209567&w=2
BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp
CVE-2002-1178
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
2004-09-01
2003-02-26
CVE-2002-1178
http://www.securityfocus.com/bid/5852
BID:5852
http://marc.info/?l=bugtraq&m=103358725813039&w=2
BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
http://groups.yahoo.com/group/jetty-announce/message/45
CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45
http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
http://www.iss.net/security_center/static/10246.php
XF:jetty-cgiservlet-directory-traversal(10246)
CVE-2002-1179
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
2004-09-01
2007-11-12
CVE-2002-1179
http://www.securityfocus.com/bid/5944
BID:5944
http://marc.info/?l=bugtraq&m=103435413105661&w=2
BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058
MS:MS02-058
http://marc.info/?l=ntbugtraq&m=103429637822920&w=2
NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
http://marc.info/?l=ntbugtraq&m=103429681123297&w=2
NTBUGTRAQ:20021010 Re: Problems applying MS02-058
http://www.iss.net/security_center/static/10338.php
XF:outlook-smime-bo(10338)
CVE-2002-1180
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
2004-09-01
2006-10-31
CVE-2002-1180
http://www.securityfocus.com/bid/6068
BID:6068
http://www.securityfocus.com/bid/6071
BID:6071
http://www.ciac.org/ciac/bulletins/n-011.shtml
CIAC:N-011
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
MS:MS02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931
OVAL:oval:org.mitre.oval:def:931
http://www.iss.net/security_center/static/10504.php
XF:iis-script-source-access-bypass(10504)
CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
2002-11-02
2018-10-12
CVE-2002-1181
http://www.securityfocus.com/bid/6068
BID:6068
http://www.securityfocus.com/bid/6072
BID:6072
http://marc.info/?l=bugtraq&m=103651224215736&w=2
BUGTRAQ:20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
http://www.ciac.org/ciac/bulletins/n-011.shtml
CIAC:N-011
http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html
MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
MS:MS02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942
OVAL:oval:org.mitre.oval:def:942
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944
OVAL:oval:org.mitre.oval:def:944
http://www.iss.net/security_center/static/10501.php
XF:iis-admin-pages-xss(10501)
CVE-2002-1182
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
2004-09-01
2006-10-31
CVE-2002-1182
http://www.securityfocus.com/bid/4846
BID:4846
http://www.securityfocus.com/bid/6068
BID:6068
http://www.securityfocus.com/bid/6070
BID:6070
http://www.ciac.org/ciac/bulletins/n-011.shtml
CIAC:N-011
http://www.nextgenss.com/advisories/ms-iisdos.txt
MISC:http://www.nextgenss.com/advisories/ms-iisdos.txt
http://www.nextgenss.com/vna/ms-iisdos.txt
MISC:http://www.nextgenss.com/vna/ms-iisdos.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
MS:MS02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1009
OVAL:oval:org.mitre.oval:def:1009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1011
OVAL:oval:org.mitre.oval:def:1011
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html
VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10184
XF:iis-resource-utilization-dos(10184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10503
XF:iis-webdav-memory-allocation-dos(10503)
CVE-2002-1183
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
2004-09-01
2006-10-31
CVE-2002-1183
http://www.securityfocus.com/bid/5410
BID:5410
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
MS:MS02-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059
OVAL:oval:org.mitre.oval:def:1059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
OVAL:oval:org.mitre.oval:def:1455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108
OVAL:oval:org.mitre.oval:def:2108
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
XF:ssl-ca-certificate-spoofing(9776)
CVE-2002-1184
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
2004-09-01
2004-08-03
CVE-2002-1184
http://www.securityfocus.com/bid/5415
BID:5415
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064
MS:MS02-064
https://exchange.xforce.ibmcloud.com/vulnerabilities/9779
XF:win2k-partition-weak-permissions(9779)
CVE-2002-1185
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
2004-09-01
2006-10-31
CVE-2002-1185
http://www.securityfocus.com/bid/6216
BID:6216
http://marc.info/?l=bugtraq&m=103970996205091&w=2
BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
http://www.eeye.com/html/Research/Advisories/AD20021211.html
EEYE:AD20021211
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393
OVAL:oval:org.mitre.oval:def:393
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542
OVAL:oval:org.mitre.oval:def:542
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
http://www.iss.net/security_center/static/10662.php
XF:ie-png-bo(10662)
CVE-2002-1186
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
2004-09-01
2006-10-31
CVE-2002-1186
http://www.securityfocus.com/bid/5610
BID:5610
http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html
BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again
http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html
BUGTRAQ:20020904 Re: MSIEv6 % encoding causes a problem again
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
http://www.osvdb.org/7845
OSVDB:7845
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143
OVAL:oval:org.mitre.oval:def:143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471
OVAL:oval:org.mitre.oval:def:471
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495
OVAL:oval:org.mitre.oval:def:495
http://www.iss.net/security_center/static/10039.php
XF:ie-sameoriginpolicy-bypass(10039)
CVE-2002-1187
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
2004-09-01
2006-10-31
CVE-2002-1187
http://www.securityfocus.com/bid/5672
BID:5672
http://marc.info/?l=bugtraq&m=103158601431054&w=2
BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
http://www.osvdb.org/2998
OSVDB:2998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
OVAL:oval:org.mitre.oval:def:203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225
OVAL:oval:org.mitre.oval:def:225
http://www.iss.net/security_center/static/10066.php
XF:ie-frame-script-execution (10066)
CVE-2002-1188
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
2004-09-01
2006-10-31
CVE-2002-1188
http://www.securityfocus.com/bid/6217
BID:6217
http://marc.info/?l=bugtraq&m=103184415307193&w=2
BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
http://www.ciac.org/ciac/bulletins/n-018.shtml
CIAC:N-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444
OVAL:oval:org.mitre.oval:def:444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690
OVAL:oval:org.mitre.oval:def:690
http://www.iss.net/security_center/static/10665.php
XF:ie-object-read-tif(10665)
CVE-2002-1189
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
2004-09-01
2003-02-26
CVE-2002-1189
http://www.securityfocus.com/bid/5896
BID:5896
http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
http://www.iss.net/security_center/static/10282.php
XF:cisco-unity-insecure-configuration(10282)
CVE-2002-1190
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
2002-10-15
2017-07-10
CVE-2002-1190
http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
https://exchange.xforce.ibmcloud.com/vulnerabilities/44545
XF:cisco-unity-example-default-account(44545)
http://www.iss.net/security_center/static/10282.php
XF:cisco-unity-insecure-configuration(10282)
CVE-2002-1191
The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001.
2002-10-21
2016-10-17
CVE-2002-1191
http://www.securityfocus.com/bid/5974
BID:5974
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=48
IDEFENSE:20021010 Denial of Service in Sabre Desktop Reservation Client for Windows
http://marc.info/?l=bugtraq&m=103478372603106&w=2
IDEFENSE:20021016 Denial of Service in Sabre Desktop Reservation Client for Windows
http://www.idefense.com/advisory/10.16.02.txt
MISC:http://www.idefense.com/advisory/10.16.02.txt
http://www.osvdb.org/6555
OSVDB:6555
http://www.iss.net/security_center/static/10378.php
XF:sabre-sabserv-client-dos(10378)
CVE-2002-1192
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file.
2002-10-15
2017-07-10
CVE-2002-1192
http://www.securityfocus.com/bid/5837
BID:5837
http://marc.info/?l=bugtraq&m=103342413220529&w=2
BUGTRAQ:20020928 local exploitable overflow in rogue/FreeBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc
NETBSD:NetBSD-SA2002-021
http://www.osvdb.org/6098
OSVDB:6098
http://secunia.com/advisories/7181
SECUNIA:7181
http://secunia.com/advisories/7252
SECUNIA:7252
https://exchange.xforce.ibmcloud.com/vulnerabilities/10261
XF:bsd-rogue-bo(10261)
CVE-2002-1193
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
2004-09-01
2003-02-26
CVE-2002-1193
http://www.securityfocus.com/bid/5911
BID:5911
http://www.debian.org/security/2002/dsa-172
DEBIAN:DSA-172
http://www.iss.net/security_center/static/10307.php
XF:tkmail-tmp-file-symlink(10307)
CVE-2002-1194
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
2002-10-15
2003-02-26
CVE-2002-1194
http://www.securityfocus.com/bid/5910
BID:5910
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
NETBSD:NetBSD-SA2002-019
http://www.iss.net/security_center/static/10303.php
XF:netbsd-talkd-bo(10303)
CVE-2002-1195
Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.
2004-09-01
2002-12-18
CVE-2002-1195
http://www.securityfocus.com/bid/5699
BID:5699
http://marc.info/?l=bugtraq&m=103184269605160&w=2
BUGTRAQ:20020912 ht://Check XSS
http://www.debian.org/security/2002/dsa-169
DEBIAN:DSA-169
http://www.iss.net/security_center/static/10089.php
XF:htcheck-server-header-xss(10089)
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
2004-09-01
2007-10-15
CVE-2002-1196
http://www.securityfocus.com/bid/5843
BID:5843
http://marc.info/?l=bugtraq&m=103349804226566&w=2
BUGTRAQ:20021001 [BUGZILLA] Security Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
http://www.debian.org/security/2002/dsa-173
DEBIAN:DSA-173
http://www.iss.net/security_center/static/10233.php
XF:bugzilla-usebuggroups-permissions-leak(10233)
CVE-2002-1197
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
2004-09-01
2003-03-18
CVE-2002-1197
http://www.securityfocus.com/bid/5844
BID:5844
http://marc.info/?l=bugtraq&m=103349804226566&w=2
BUGTRAQ:20021001 [BUGZILLA] Security Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=163024
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024
http://www.iss.net/security_center/static/10234.php
XF:bugzilla-emailappend-command-injection(10234)
CVE-2002-1198
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
2004-09-01
2003-03-18
CVE-2002-1198
http://www.securityfocus.com/bid/5842
BID:5842
http://marc.info/?l=bugtraq&m=103349804226566&w=2
BUGTRAQ:20021001 [BUGZILLA] Security Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=165221
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221
http://www.iss.net/security_center/static/10235.php
XF:bugzilla-email-sql-injection(10235)
CVE-2002-1199
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
2004-09-01
2007-11-12
CVE-2002-1199
http://www.securityfocus.com/bid/5937
BID:5937
http://marc.info/?l=bugtraq&m=103426842025029&w=2
BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
CALDERA:CSSA-2002-SCO.40
http://www.kb.cert.org/vuls/id/538033
CERT-VN:VU#538033
COMPAQ:SSRT2339
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
OVAL:oval:org.mitre.oval:def:2423
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
SUNALERT:47903
http://www.iss.net/security_center/static/10329.php
XF:ypxfrd-file-disclosure(10329)
CVE-2002-1200
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2004-09-01
2002-10-21
CVE-2002-1200
http://www.securityfocus.com/bid/5934
BID:5934
http://marc.info/?l=bugtraq&m=103426595021928&w=2
BUGTRAQ:20021010 syslog-ng buffer overflow
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547
CONECTIVA:CLA-2002:547
http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
http://www.debian.org/security/2002/dsa-175
DEBIAN:DSA-175
ENGARDE:ESA-20021016-025
http://www.linuxsecurity.com/advisories/other_advisory-2513.html
ENGARDE:ESA-20021029-028
http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html
SUSE:SuSE-SA:2002:039
http://www.iss.net/security_center/static/10339.php
XF:syslogng-macro-expansion-bo(10339)
CVE-2002-1201
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
2002-10-15
2016-10-17
CVE-2002-1201
http://www-1.ibm.com/support/docview.wss?rs=0&q=IY31641&uid=isg1IY31641&loc=en_US&cs=utf-8&cc=us&lang=en
AIXAPAR:IY31641
http://www.securityfocus.com/bid/5925
BID:5925
http://marc.info/?l=bugtraq&m=103418410408599&w=2
BUGTRAQ:20021009 Flood ACK packets cause AIX DoS
http://www.kb.cert.org/vuls/id/102345
CERT-VN:VU#102345
http://www.iss.net/security_center/static/10326.php
XF:aix-tcp-flood-dos(10326)
CVE-2002-1202
Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.
2002-10-15
2003-02-11
CVE-2002-1202
http://www.securityfocus.com/bid/5913
BID:5913
http://archives.neohapsis.com/archives/tru64/2002-q4/0002.html
COMPAQ:SSRT2208
http://www.iss.net/security_center/static/10316.php
XF:tru64-routed-file-access(10316)
CVE-2002-1203
IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set.
2002-10-15
2016-10-17
CVE-2002-1203
http://www.securityfocus.com/bid/5924
BID:5924
http://marc.info/?l=bugtraq&m=103417988503398&w=2
BUGTRAQ:20021009 Flood ACK packets cause an IBM SecureWay FireWall DoS
http://www.iss.net/security_center/static/10249.php
XF:secureway-tcp-flood-dos(10249)
CVE-2002-1204
Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
2002-11-21
2005-06-09
CVE-2002-1204
http://www.securityfocus.com/bid/6215
BID:6215
http://www.idefense.com/advisory/11.19.02c.txt
MISC:http://www.idefense.com/advisory/11.19.02c.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File
http://www.iss.net/security_center/static/10655.php
XF:netscape-preferences-file(10655)
CVE-2002-1205
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1205
CVE-2002-1206
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1206
CVE-2002-1207
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1207
CVE-2002-1208
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1208
CVE-2002-1209
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
2002-10-29
2017-07-10
CVE-2002-1209
http://www.securityfocus.com/bid/6045
BID:6045
http://www.idefense.com/advisory/10.24.02.txt
MISC:http://www.idefense.com/advisory/10.24.02.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0044.html
VULNWATCH:20021024 iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/10469
XF:tftp-dot-directory-traversal(10469)
CVE-2002-1210
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.
2002-11-21
2003-03-18
CVE-2002-1210
http://www.idefense.com/advisory/11.19.02b.txt
MISC:http://www.idefense.com/advisory/11.19.02b.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html
VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
CVE-2002-1211
Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.
2004-09-01
2003-03-04
CVE-2002-1211
http://www.securityfocus.com/bid/6087
BID:6087
http://marc.info/?l=bugtraq&m=103616306403031&w=2
BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
http://www.idefense.com/advisory/10.31.02b.txt
MISC:http://www.idefense.com/advisory/10.31.02b.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html
VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
http://www.iss.net/security_center/static/10515.php
XF:prometheus-php-file-include(10515)
CVE-2002-1212
Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
2002-10-21
2007-10-31
CVE-2002-1212
http://www.securityfocus.com/bid/5967
BID:5967
http://www.idefense.com/application/poi/display?id=49&type=vulnerabilities&flashstatus=true
IDEFENSE:20021014 DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
http://www.iss.net/security_center/static/10372.php
XF:webserver-4everyone-filename-bo(10372)
CVE-2002-1213
Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters.
2002-10-21
2005-06-14
CVE-2002-1213
http://www.securityfocus.com/bid/5968
BID:5968
http://www.idefense.com/application/poi/display?id=49&type=vulnerabilities&flashstatus=true
IDEFENSE:20021014 DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
http://www.iss.net/security_center/static/10373.php
XF:webserver-4everyone-encoded-traversal(10373)
CVE-2002-1214
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
2004-09-01
2002-11-02
CVE-2002-1214
http://www.securityfocus.com/bid/5807
BID:5807
http://online.securityfocus.com/archive/1/293146
BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063
MS:MS02-063
http://www.iss.net/security_center/static/10199.php
XF:win-pptp-packet-bo (10199)
CVE-2002-1215
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
2002-10-21
2002-11-10
CVE-2002-1215
http://www.securityfocus.com/bid/5955
BID:5955
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540
CONECTIVA:CLA-2002:540
http://linux-ha.org/security/sec01.txt
CONFIRM:http://linux-ha.org/security/sec01.txt
http://www.debian.org/security/2002/dsa-174
DEBIAN:DSA-174
http://www.novell.com/linux/security/advisories/2002_037_heartbeat.html
SUSE:SuSE-SA:2002:037
http://www.iss.net/security_center/static/10357.php
XF:linuxha-heartbeat-bo(10357)
CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
2002-10-21
2016-10-17
CVE-2002-1216
http://marc.info/?l=bugtraq&m=103419290219680&w=2
BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:219
MANDRIVA:MDKSA-2006:219
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html
OPENPKG:OpenPKG-SA-2006.038
http://www.redhat.com/support/errata/RHSA-2002-096.html
REDHAT:RHSA-2002:096
http://www.iss.net/security_center/static/10224.php
XF:archive-extraction-directory-traversal(10224)
CVE-2002-1217
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
2002-10-21
2018-10-12
CVE-2002-1217
http://www.securityfocus.com/bid/5963
BID:5963
http://marc.info/?l=bugtraq&m=103470310417576&w=2
BUGTRAQ:20021015 Internet Explorer : The D-Day
http://www.ciac.org/ciac/bulletins/n-018.shtml
CIAC:N-018
http://security.greymagic.com/adv/gm011-ie/
MISC:http://security.greymagic.com/adv/gm011-ie/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
http://marc.info/?l=ntbugtraq&m=103470202010570&w=2
NTBUGTRAQ:20021015 Internet Explorer : The D-Day
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
OVAL:oval:org.mitre.oval:def:272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
OVAL:oval:org.mitre.oval:def:333
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
VULNWATCH:20021015 Internet Explorer : The D-Day
http://www.iss.net/security_center/static/10371.php
XF:ie-iframe-document-script-execution(10371)
CVE-2002-1218
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1218
CVE-2002-1219
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
2004-09-01
2004-08-03
CVE-2002-1219
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
APPLE:2002-11-21
http://www.securityfocus.com/bid/6160
BID:6160
http://marc.info/?l=bugtraq&m=103713117612842&w=2
BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
http://online.securityfocus.com/archive/1/300019
BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
http://marc.info/?l=bugtraq&m=103763574715133&w=2
BUGTRAQ:20021118 TSLSA-2002-0076 - bind
CALDERA:CSSA-2003-SCO.2
http://www.cert.org/advisories/CA-2002-31.html
CERT:CA-2002-31
http://www.kb.cert.org/vuls/id/852283
CERT-VN:VU#852283
http://www.ciac.org/ciac/bulletins/n-013.shtml
CIAC:N-013
http://online.securityfocus.com/advisories/4999
COMPAQ:SSRT2408
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
CONECTIVA:CLA-2002:546
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
http://www.isc.org/products/BIND/bind-security.html
CONFIRM:http://www.isc.org/products/BIND/bind-security.html
http://www.debian.org/security/2002/dsa-196
DEBIAN:DSA-196
ENGARDE:ESA-20021114-029
FREEBSD:FreeBSD-SA-02:43
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
MANDRAKE:MDKSA-2002:077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539
OVAL:oval:org.mitre.oval:def:2539
ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
SGI:20021201-01-P
SUSE:SuSE-SA:2002:044
https://exchange.xforce.ibmcloud.com/vulnerabilities/10304
XF:bind-sig-rr-bo(10304)
CVE-2002-1220
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
2004-09-01
2004-08-03
CVE-2002-1220
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
APPLE:2002-11-21
http://www.securityfocus.com/bid/6161
BID:6161
http://marc.info/?l=bugtraq&m=103713117612842&w=2
BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
http://online.securityfocus.com/archive/1/300019
BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
http://marc.info/?l=bugtraq&m=103763574715133&w=2
BUGTRAQ:20021118 TSLSA-2002-0076 - bind
CALDERA:CSSA-2003-SCO.2
http://www.cert.org/advisories/CA-2002-31.html
CERT:CA-2002-31
http://www.kb.cert.org/vuls/id/229595
CERT-VN:VU#229595
http://www.ciac.org/ciac/bulletins/n-013.shtml
CIAC:N-013
http://online.securityfocus.com/advisories/4999
COMPAQ:SSRT2408
http://www.isc.org/products/BIND/bind-security.html
CONFIRM:http://www.isc.org/products/BIND/bind-security.html
http://www.debian.org/security/2002/dsa-196
DEBIAN:DSA-196
ENGARDE:ESA-20021114-029
FREEBSD:FreeBSD-SA-02:43
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
MANDRAKE:MDKSA-2002:077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449
OVAL:oval:org.mitre.oval:def:449
SUSE:SuSE-SA:2002:044
https://exchange.xforce.ibmcloud.com/vulnerabilities/10332
XF:bind-opt-rr-dos(10332)
CVE-2002-1221
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
2004-09-01
2004-08-03
CVE-2002-1221
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
APPLE:2002-11-21
http://www.securityfocus.com/bid/6159
BID:6159
http://marc.info/?l=bugtraq&m=103713117612842&w=2
BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
http://online.securityfocus.com/archive/1/300019
BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
http://marc.info/?l=bugtraq&m=103763574715133&w=2
BUGTRAQ:20021118 TSLSA-2002-0076 - bind
CALDERA:CSSA-2003-SCO.2
http://www.cert.org/advisories/CA-2002-31.html
CERT:CA-2002-31
http://www.kb.cert.org/vuls/id/581682
CERT-VN:VU#581682
http://www.ciac.org/ciac/bulletins/n-013.shtml
CIAC:N-013
http://online.securityfocus.com/advisories/4999
COMPAQ:SSRT2408
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
CONECTIVA:CLA-2002:546
http://www.isc.org/products/BIND/bind-security.html
CONFIRM:http://www.isc.org/products/BIND/bind-security.html
http://www.debian.org/security/2002/dsa-196
DEBIAN:DSA-196
ENGARDE:ESA-20021114-029
FREEBSD:FreeBSD-SA-02:43
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
MANDRAKE:MDKSA-2002:077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094
OVAL:oval:org.mitre.oval:def:2094
SUSE:SuSE-SA:2002:044
https://exchange.xforce.ibmcloud.com/vulnerabilities/10333
XF:bind-null-dereference-dos(10333)
CVE-2002-1222
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
2004-09-01
2003-02-26
CVE-2002-1222
http://www.securityfocus.com/bid/5976
BID:5976
http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml
CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow
http://www.iss.net/security_center/static/10382.php
XF:cisco-catalyst-ciscoview-bo(10382)
CVE-2002-1223
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
2004-09-01
2002-12-11
CVE-2002-1223
http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html
BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution
http://www.ciac.org/ciac/bulletins/n-155.shtml
CIAC:N-155
http://www.kde.org/info/security/advisory-20021008-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071
MANDRAKE:MDKSA-2002:071
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
SUNALERT:101426
http://www.iss.net/security_center/static/11319.php
XF:gsview-dsc-ps-bo(11319)
CVE-2002-1224
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
2004-09-01
2002-12-11
CVE-2002-1224
http://www.securityfocus.com/bid/5951
BID:5951
http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html
BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal
http://online.securityfocus.com/archive/1/294991
BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver.
http://www.kde.org/info/security/advisory-20021008-2.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.iss.net/security_center/static/10347.php
XF:kpf-icon-view-files(10347)
CVE-2002-1225
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
2002-10-21
2016-10-17
CVE-2002-1225
http://www.securityfocus.com/bid/5729
BID:5729
http://marc.info/?l=bugtraq&m=103462479621246&w=2
BUGTRAQ:20021014 GLSA: heimdal
http://www.debian.org/security/2002/dsa-178
DEBIAN:DSA-178
http://marc.info/?l=bugtraq&m=103341355708817&w=2
SUSE:SuSE-SA:2002:034
http://www.iss.net/security_center/static/10116.php
XF:heimdal-kf-kfd-bo(10116)
CVE-2002-1226
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
2002-10-21
2016-10-17
CVE-2002-1226
http://marc.info/?l=bugtraq&m=103462479621246&w=2
BUGTRAQ:20021014 GLSA: heimdal
http://www.debian.org/security/2002/dsa-178
DEBIAN:DSA-178
http://marc.info/?l=bugtraq&m=103341355708817&w=2
SUSE:SuSE-SA:2002:034
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
2004-09-01
2003-02-26
CVE-2002-1227
http://www.securityfocus.com/bid/5994
BID:5994
http://www.debian.org/security/2002/dsa-177
DEBIAN:DSA-177
http://www.iss.net/security_center/static/10405.php
XF:pam-disabled-bypass-authentication(10405)
CVE-2002-1228
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
2002-10-21
2016-10-17
CVE-2002-1228
http://www.securityfocus.com/bid/5986
BID:5986
http://marc.info/?l=bugtraq&m=103487058823193&w=2
BUGTRAQ:20021017 NFS Denial of Service advisory from Sun
http://www.kb.cert.org/vuls/id/855635
CERT-VN:VU#855635
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1
SUNALERT:47815
http://www.iss.net/security_center/static/10394.php
XF:solaris-nfs-lockd-dos(10394)
CVE-2002-1229
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
2002-10-21
2016-10-17
CVE-2002-1229
http://www.securityfocus.com/bid/5965
BID:5965
http://marc.info/?l=bugtraq&m=103470243012971&w=2
BUGTRAQ:20021015 Undocumented account vulnerability in Avaya P550R/P580/P880/P882
http://www.kb.cert.org/vuls/id/482241
CERT-VN:VU#482241
http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=Avaya_P580_P882_Undocumented
CONFIRM:http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=Avaya_P580_P882_Undocumented
http://www.iss.net/security_center/static/10374.php
XF:avaya-cajun-default-passwords(10374)
CVE-2002-1230
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
2004-09-01
2007-11-12
CVE-2002-1230
http://www.securityfocus.com/bid/5927
BID:5927
http://www.ciac.org/ciac/bulletins/n-027.shtml
CIAC:N-027
http://getad.chat.ru/
MISC:http://getad.chat.ru/
http://www.packetstormsecurity.nl/filedesc/GetAd.c.html
MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071
MS:MS02-071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681
OVAL:oval:org.mitre.oval:def:681
http://www.iss.net/security_center/static/10343.php
XF:win-netdde-gain-privileges(10343)
CVE-2002-1231
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
2004-09-01
2003-02-26
CVE-2002-1231
http://www.securityfocus.com/bid/6025
BID:6025
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41
CALDERA:CSSA-2002-SCO.41
http://www.iss.net/security_center/static/10425.php
XF:openunix-unixware-rcp-dos(10425)
CVE-2002-1232
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
2004-09-01
2004-08-17
CVE-2002-1232
http://www.securityfocus.com/bid/6016
BID:6016
http://marc.info/?l=bugtraq&m=103582692228894&w=2
BUGTRAQ:20021028 GLSA: ypserv
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
CALDERA:CSSA-2002-054.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
CONECTIVA:CLA-2002:539
http://www.debian.org/security/2002/dsa-180
DEBIAN:DSA-180
http://online.securityfocus.com/advisories/4605
HP:HPSBTL0210-074
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
MANDRAKE:MDKSA-2002:078
http://www.redhat.com/support/errata/RHSA-2002-223.html
REDHAT:RHSA-2002:223
http://www.redhat.com/support/errata/RHSA-2002-224.html
REDHAT:RHSA-2002:224
http://www.redhat.com/support/errata/RHSA-2003-229.html
REDHAT:RHSA-2003:229
http://www.iss.net/security_center/static/10423.php
XF:ypserv-map-memory-leak(10423)
CVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
2002-10-25
2016-10-17
CVE-2002-1233
http://www.securityfocus.com/bid/5981
BID:5981
http://www.securityfocus.com/bid/5990
BID:5990
http://marc.info/?l=bugtraq&m=103480856102007&w=2
BUGTRAQ:20021016 Apache 1.3.26
http://www.debian.org/security/2002/dsa-187
DEBIAN:DSA-187
http://www.debian.org/security/2002/dsa-188
DEBIAN:DSA-188
http://www.debian.org/security/2002/dsa-195
DEBIAN:DSA-195
http://www.iss.net/security_center/static/10413.php
XF:apache-htdigest-tmpfile-race(10413)
http://www.iss.net/security_center/static/10412.php
XF:apache-htpasswd-tmpfile-race(10412)
CVE-2002-1234
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0180. Reason: This candidate is a an out-of-band assignment duplicate of CVE-2002-0180. Notes: All CVE users should reference CVE-2002-0180 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-10-25
2003-02-26
CVE-2002-1234
CVE-2002-1235
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
2002-10-25
2016-10-17
CVE-2002-1235
http://www.securityfocus.com/bid/6024
BID:6024
http://marc.info/?l=bugtraq&m=103539530729206&w=2
BUGTRAQ:20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4
http://marc.info/?l=bugtraq&m=103564944215101&w=2
BUGTRAQ:20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4
http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html
BUGTRAQ:20021027 KRB5-SORCERER2002-10-27 Security Update
http://marc.info/?l=bugtraq&m=103582805330339&w=2
BUGTRAQ:20021027 Re: Buffer overflow in kadmind4
http://marc.info/?l=bugtraq&m=103582517126392&w=2
BUGTRAQ:20021028 GLSA: krb5
http://www.cert.org/advisories/CA-2002-29.html
CERT:CA-2002-29
http://www.kb.cert.org/vuls/id/875073
CERT-VN:VU#875073
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534
CONECTIVA:CLA-2002:534
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
http://www.pdc.kth.se/heimdal/
CONFIRM:http://www.pdc.kth.se/heimdal/
http://www.debian.org/security/2002/dsa-183
DEBIAN:DSA-183
http://www.debian.org/security/2002/dsa-184
DEBIAN:DSA-184
http://www.debian.org/security/2002/dsa-185
DEBIAN:DSA-185
FREEBSD:FreeBSD-SA-02:40
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php
MANDRAKE:MDKSA-2002:073
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc
NETBSD:NetBSD-SA2002-026
http://www.redhat.com/support/errata/RHSA-2002-242.html
REDHAT:RHSA-2002:242
http://www.iss.net/security_center/static/10430.php
XF:kerberos-kadmind-bo(10430)
CVE-2002-1236
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
2004-09-01
2003-03-04
CVE-2002-1236
http://www.securityfocus.com/bid/6086
BID:6086
http://marc.info/?l=bugtraq&m=103616324103171&w=2
BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
http://www.idefense.com/advisory/10.31.02a.txt
MISC:http://www.idefense.com/advisory/10.31.02a.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html
VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
http://www.iss.net/security_center/static/10514.php
XF:linksys-etherfast-gozila-dos(10514)
CVE-2002-1237
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1237
CVE-2002-1238
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
2002-11-10
2017-07-10
CVE-2002-1238
http://www.securityfocus.com/bid/6145
BID:6145
http://marc.info/?l=bugtraq&m=103679016031857&w=2
BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
http://www.idefense.com/advisory/11.08.02a.txt
MISC:http://www.idefense.com/advisory/11.08.02a.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html
VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/10563
XF:simple-server-file-access(10563)
CVE-2002-1239
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
2004-09-01
2003-03-04
CVE-2002-1239
http://www.securityfocus.com/bid/6146
BID:6146
http://marc.info/?l=bugtraq&m=103679043232178&w=2
BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
http://www.idefense.com/advisory/11.08.02b.txt
MISC:http://www.idefense.com/advisory/11.08.02b.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html
VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
http://www.iss.net/security_center/static/10564.php
XF:qnx-rtos-gain-privileges(10564)
CVE-2002-1240
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1240
CVE-2002-1241
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1241
CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
2004-09-01
2004-08-17
CVE-2002-1242
http://www.securityfocus.com/bid/6088
BID:6088
http://marc.info/?l=bugtraq&m=103616324103171&w=2
BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
http://www.idefense.com/advisory/10.31.02c.txt
MISC:http://www.idefense.com/advisory/10.31.02c.txt
http://www.osvdb.org/6244
OSVDB:6244
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
http://www.iss.net/security_center/static/10516.php
XF:phpnuke-accountmanager-sql-injection(10516)
CVE-2002-1243
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1243
CVE-2002-1244
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.
2004-09-01
2004-08-17
CVE-2002-1244
http://www.securityfocus.com/bid/6099
BID:6099
http://marc.info/?l=bugtraq&m=103642642802889&w=2
BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
http://www.pablovandermeer.nl/ftpserver.zip
CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip
http://www.osvdb.org/4996
OSVDB:4996
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html
VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
http://www.iss.net/security_center/static/10532.php
XF:pablo-ftp-username-dos(10532)
CVE-2002-1245
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
2004-09-01
2003-03-04
CVE-2002-1245
http://www.securityfocus.com/bid/6113
BID:6113
http://marc.info/?l=bugtraq&m=103660334009855&w=2
BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
http://www.debian.org/security/2002/dsa-189
DEBIAN:DSA-189
http://www.idefense.com/advisory/11.06.02.txt
MISC:http://www.idefense.com/advisory/11.06.02.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
http://www.iss.net/security_center/static/10549.php
XF:luxman-maped-read-memory(10549)
CVE-2002-1246
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1246
CVE-2002-1247
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
2002-11-14
2016-10-17
CVE-2002-1247
http://www.securityfocus.com/bid/6157
BID:6157
http://marc.info/?l=bugtraq&m=103704823501757&w=2
BUGTRAQ:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
http://marc.info/?l=bugtraq&m=103712329102632&w=2
BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities
http://marc.info/?l=bugtraq&m=103728981029342&w=2
BUGTRAQ:20021114 GLSA: kdelibs
http://www.ciac.org/ciac/bulletins/n-020.shtml
CIAC:N-020
http://www.debian.org/security/2002/dsa-193
DEBIAN:DSA-193
http://www.mandriva.com/security/advisories?name=MDKSA-2002:080
MANDRAKE:MDKSA-2002:080
http://www.idefense.com/advisory/11.11.02.txt
MISC:http://www.idefense.com/advisory/11.11.02.txt
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0068.html
VULNWATCH:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
http://www.iss.net/security_center/static/10592.php
XF:kde-kdenetwork-reslisa-bo(10592)
CVE-2002-1248
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
2004-09-01
2003-03-04
CVE-2002-1248
http://www.securityfocus.com/bid/6098
BID:6098
http://marc.info/?l=bugtraq&m=103642597302308&w=2
BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
http://www.idefense.com/advisory/11.04.02b.txt
MISC:http://www.idefense.com/advisory/11.04.02b.txt
http://www.iss.net/security_center/static/10534.php
XF:xeneo-php-dos(10534)
CVE-2002-1249
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1249
CVE-2002-1250
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
2004-09-01
2002-11-05
CVE-2002-1250
http://www.securityfocus.com/bid/6094
BID:6094
http://www.idefense.com/advisory/11.01.02.txt
MISC:http://www.idefense.com/advisory/11.01.02.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
http://www.iss.net/security_center/static/10519.php
XF:abuse-net-command-bo(10519)
CVE-2002-1251
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
2004-09-01
2003-03-04
CVE-2002-1251
http://www.securityfocus.com/bid/6089
BID:6089
http://www.debian.org/security/2002/dsa-186
DEBIAN:DSA-186
http://www.iss.net/security_center/static/10527.php
XF:log2mail-log-file-bo(10527)
CVE-2002-1252
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
2004-09-01
2008-02-06
CVE-2002-1252
http://www.securityfocus.com/bid/6647
BID:6647
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
ISS:20030120 PeopleSoft XML External Entities Vulnerability
http://www.iss.net/security_center/static/10520.php
XF:peoplesoft-xxe-read-files(10520)
CVE-2002-1253
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
2004-09-01
2006-11-06
CVE-2002-1253
http://www.idefense.com/advisory/11.01.02.txt
MISC:http://www.idefense.com/advisory/11.01.02.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
http://www.iss.net/security_center/static/11300.php
XF:abuse-lisp-gain-privileges(11300)
CVE-2002-1254
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
2002-11-27
2018-10-12
CVE-2002-1254
http://www.securityfocus.com/bid/6028
BID:6028
http://marc.info/?l=bugtraq&m=103530131201191&w=2
BUGTRAQ:20021022 Vulnerable cached objects in IE (9 advisories in 1)
http://www.ciac.org/ciac/bulletins/n-018.shtml
CIAC:N-018
http://security.greymagic.com/adv/gm012-ie/
MISC:http://security.greymagic.com/adv/gm012-ie/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
MS:MS02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388
OVAL:oval:org.mitre.oval:def:388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408
OVAL:oval:org.mitre.oval:def:408
http://www.iss.net/security_center/static/10435.php
XF:ie-cache-elementfrompoint-dom-access(10435)
http://www.iss.net/security_center/static/10439.php
XF:ie-cache-execcommand-dom-access(10439)
http://www.iss.net/security_center/static/10436.php
XF:ie-cache-getelementbyid-dom-access(10436)
http://www.iss.net/security_center/static/10437.php
XF:ie-cache-getelementsbyname-dom-access(10437)
http://www.iss.net/security_center/static/10438.php
XF:ie-cache-getelementsbytagname-dom-access(10438)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10432
XF:ie-cache-showmodaldialog-dom-access(10432)
CVE-2002-1255
Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
2004-09-01
2004-08-03
CVE-2002-1255
http://www.securityfocus.com/bid/6319
BID:6319
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-067
MS:MS02-067
https://exchange.xforce.ibmcloud.com/vulnerabilities/10763
XF:outlook-email-header-dos(10763)
CVE-2002-1256
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
2004-09-01
2006-10-31
CVE-2002-1256
http://www.securityfocus.com/bid/6367
BID:6367
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070
MS:MS02-070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277
OVAL:oval:org.mitre.oval:def:277
https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
XF:win-smb-policy-modification(10843)
CVE-2002-1257
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
2004-09-01
2004-08-03
CVE-2002-1257
http://www.securityfocus.com/bid/6371
BID:6371
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
CVE-2002-1258
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
2002-12-17
2018-10-12
CVE-2002-1258
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A582
OVAL:oval:org.mitre.oval:def:582
CVE-2002-1259
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-12-18
2005-02-06
CVE-2002-1259
CVE-2002-1260
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
2004-09-01
2007-10-13
CVE-2002-1260
http://www.securityfocus.com/bid/6379
BID:6379
http://www.ciac.org/ciac/bulletins/n-026.shtml
CIAC:N-026
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
https://exchange.xforce.ibmcloud.com/vulnerabilities/10833
XF:msvm-jdbc-gain-access(10833)
CVE-2002-1261
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-12-17
2002-12-18
CVE-2002-1261
CVE-2002-1262
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.
2002-12-11
2018-10-12
CVE-2002-1262
http://marc.info/?l=bugtraq&m=103825484331857&w=2
BUGTRAQ:20021125 RE: MS02-066 - fixes, gaps and incorrect statements
http://marc.info/?l=bugtraq&m=103910416824172&w=2
BUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-068
MS:MS02-068
http://marc.info/?l=ntbugtraq&m=103824668621672&w=2
NTBUGTRAQ:20021125 Re: MS02-066 - fixes, gaps and incorrect statements
http://marc.info/?l=ntbugtraq&m=103909877717345&w=2
NTBUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity
CVE-2002-1263
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1295. Reason: This candidate is a reservation duplicate of CVE-2002-1295. Notes: All CVE users should reference CVE-2002-1295 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-01-03
2005-02-06
CVE-2002-1263
CVE-2002-1264
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
2004-09-01
2004-08-17
CVE-2002-1264
http://www.securityfocus.com/bid/6085
BID:6085
http://marc.info/?l=bugtraq&m=103643298712284&w=2
BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
http://www.osvdb.org/4013
OSVDB:4013
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
http://www.iss.net/security_center/static/10524.php
XF:oracle-isqlplus-userid-bo(10524)
CVE-2002-1265
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
2004-09-01
2007-11-12
CVE-2002-1265
http://www.securityfocus.com/bid/6103
BID:6103
http://www.kb.cert.org/vuls/id/266817
CERT-VN:VU#266817
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1
HP:HPSBUX01020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2248
OVAL:oval:org.mitre.oval:def:2248
ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
SGI:20021103-01-P
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082
SUNALERT:51082
http://www.iss.net/security_center/static/10539.php
XF:sun-rpc-libc-dos(10539)
CVE-2002-1266
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
2004-09-01
2004-08-17
CVE-2002-1266
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://www.osvdb.org/7057
OSVDB:7057
https://exchange.xforce.ibmcloud.com/vulnerabilities/10818
XF:macos-disk-image-privileges(10818)
CVE-2002-1267
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
2004-09-01
2004-08-17
CVE-2002-1267
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://www.osvdb.org/7058
OSVDB:7058
https://exchange.xforce.ibmcloud.com/vulnerabilities/10824
XF:macos-cups-dos(10824)
CVE-2002-1268
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
2004-09-01
2004-08-17
CVE-2002-1268
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://www.osvdb.org/7059
OSVDB:7059
https://exchange.xforce.ibmcloud.com/vulnerabilities/10828
XF:macos-iso9600-gain-privileges(10828)
CVE-2002-1269
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
2002-12-03
2003-03-18
CVE-2002-1269
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
CVE-2002-1270
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
2004-09-01
2004-08-17
CVE-2002-1270
http://www.info.apple.com/usen/security/security_updates.html
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
http://www.osvdb.org/7060
OSVDB:7060
https://exchange.xforce.ibmcloud.com/vulnerabilities/10829
XF:macos-mach-read-files(10829)
CVE-2002-1271
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.
2004-09-01
2004-08-03
CVE-2002-1271
http://www.securityfocus.com/bid/6104
BID:6104
http://marc.info/?l=bugtraq&m=103659723101369&w=2
BUGTRAQ:20021106 GLSA: MailTools
http://marc.info/?l=bugtraq&m=103679569705086&w=2
BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update
http://www.debian.org/security/2003/dsa-386
DEBIAN:DSA-386
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
MANDRAKE:MDKSA-2002:076
http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html
SUSE:SuSE-SA:2002:041
http://www.iss.net/security_center/static/10548.php
XF:mail-mailer-command-execution(10548)
CVE-2002-1272
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
2004-09-01
2004-08-03
CVE-2002-1272
http://www.securityfocus.com/bid/6220
BID:6220
http://www.cert.org/advisories/CA-2002-32.html
CERT:CA-2002-32
http://www.kb.cert.org/vuls/id/181721
CERT-VN:VU#181721
https://exchange.xforce.ibmcloud.com/vulnerabilities/10664
XF:alcatel-omniswitch-backdoor(10664)
CVE-2002-1273
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1273
CVE-2002-1274
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1274
CVE-2002-1275
Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input."
2002-11-10
2002-11-14
CVE-2002-1275
http://www.securityfocus.com/bid/6079
BID:6079
http://www.debian.org/security/2002/dsa-192
DEBIAN:DSA-192
http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html
SUSE:SuSE-SA:2002:040
http://www.iss.net/security_center/static/10526.php
XF:lprng-html2ps-command-execution(10526)
CVE-2002-1276
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
2002-11-14
2007-11-12
CVE-2002-1276
http://www.securityfocus.com/bid/7019
BID:7019
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471
http://www.debian.org/security/2002/dsa-191
DEBIAN:DSA-191
http://www.redhat.com/support/errata/RHSA-2003-042.html
REDHAT:RHSA-2003:042
http://secunia.com/advisories/8220
SECUNIA:8220
http://www.iss.net/security_center/static/10634.php
XF:squirrelmail-striptags-phpself-xss(10634)
CVE-2002-1277
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
2004-09-01
2010-05-20
CVE-2002-1277
http://www.securityfocus.com/bid/6119
BID:6119
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
CONECTIVA:CLA-2002:548
http://www.debian.org/security/2002/dsa-190
DEBIAN:DSA-190
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
MANDRAKE:MDKSA-2002:085
http://www.redhat.com/support/errata/RHSA-2003-009.html
REDHAT:RHSA-2003:009
http://www.redhat.com/support/errata/RHSA-2003-043.html
REDHAT:RHSA-2003:043
http://www.iss.net/security_center/static/10560.php
XF:window-maker-image-bo(10560)
CVE-2002-1278
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
2004-09-01
2004-08-17
CVE-2002-1278
http://www.securityfocus.com/bid/6118
BID:6118
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544
CONECTIVA:CLA-2002:544
http://www.osvdb.org/6066
OSVDB:6066
http://www.iss.net/security_center/static/10554.php
XF:linuxconf-sendmail-mail-relay(10554)
CVE-2002-1279
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
2002-11-14
2003-02-28
CVE-2002-1279
http://www.securityfocus.com/bid/6164
BID:6164
http://lists.masqmail.cx/pipermail/masqmail/2002-November/000040.html
CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000040.html
http://lists.masqmail.cx/pipermail/masqmail/2002-November/000041.html
CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000041.html
http://www.debian.org/security/2002/dsa-194
DEBIAN:DSA-194
http://www.iss.net/security_center/static/10605.php
XF:masqmail-bo(10605)
CVE-2002-1280
Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash).
2005-04-14
2021-06-15
CVE-2002-1280
http://www.isskk.co.jp/support/XPressUpdates/RS/RS65ECSR15RNj.html
MISC:http://www.isskk.co.jp/support/XPressUpdates/RS/RS65ECSR15RNj.html
CVE-2002-1281
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
2002-11-14
2016-10-17
CVE-2002-1281
http://www.securityfocus.com/bid/6182
BID:6182
http://marc.info/?l=bugtraq&m=103712550205730&w=2
BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
http://marc.info/?l=bugtraq&m=103728981029342&w=2
BUGTRAQ:20021114 GLSA: kdelibs
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt
CALDERA:CSSA-2003-012.0
http://www.kde.org/info/security/advisory-20021111-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt
http://www.debian.org/security/2002/dsa-204
DEBIAN:DSA-204
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php
MANDRAKE:MDKSA-2002:079
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://secunia.com/advisories/8298
SECUNIA:8298
http://www.iss.net/security_center/static/10602.php
XF:kde-rlogin-command-execution(10602)
CVE-2002-1282
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
2002-11-14
2016-10-17
CVE-2002-1282
http://www.securityfocus.com/bid/6182
BID:6182
http://marc.info/?l=bugtraq&m=103712550205730&w=2
BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
http://marc.info/?l=bugtraq&m=103728981029342&w=2
BUGTRAQ:20021114 GLSA: kdelibs
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt
CALDERA:CSSA-2003-012.0
http://www.kde.org/info/security/advisory-20021111-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt
http://www.debian.org/security/2002/dsa-204
DEBIAN:DSA-204
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php
MANDRAKE:MDKSA-2002:079
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://secunia.com/advisories/8298
SECUNIA:8298
http://www.iss.net/security_center/static/10603.php
XF:kde-telnet-command-execution(10603)
CVE-2002-1283
Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.
2002-11-14
2017-07-10
CVE-2002-1283
http://www.securityfocus.com/bid/6154
BID:6154
http://marc.info/?l=bugtraq&m=103703760321408&w=2
BUGTRAQ:20021111 NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow
http://support.novell.com/servlet/tidfinder/2963651
CONFIRM:http://support.novell.com/servlet/tidfinder/2963651
https://exchange.xforce.ibmcloud.com/vulnerabilities/44969
XF:novell-imanager-dnattribute-dos(44969)
CVE-2002-1284
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.
2004-09-01
2004-08-03
CVE-2002-1284
http://www.securityfocus.com/bid/6152
BID:6152
http://marc.info/?l=bugtraq&m=103702926611286&w=2
BUGTRAQ:20021110 GLSA: kgpg
http://devel-home.kde.org/~kgpg/bug.html
CONFIRM:http://devel-home.kde.org/~kgpg/bug.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10629
XF:kgpg-wizard-empty-password(10629)
CVE-2002-1285
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
2002-11-14
2003-03-04
CVE-2002-1285
http://www.securityfocus.com/bid/6077
BID:6077
http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html
SUSE:SuSE-SA:2002:040
http://www.iss.net/security_center/static/10525.php
XF:lprng-runlpr-gain-privileges(10525)
CVE-2002-1286
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user.
2002-11-14
2017-07-10
CVE-2002-1286
http://www.securityfocus.com/bid/6142
BID:6142
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.kb.cert.org/vuls/id/657625
CERT-VN:VU#657625
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/10579
XF:msvm-java-applet-redirect(10579)
CVE-2002-1287
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
2002-11-14
2016-10-17
CVE-2002-1287
http://www.securityfocus.com/bid/6134
BID:6134
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10580.php
XF:msvm-class-loader-bo(10580)
CVE-2002-1288
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.
2002-11-14
2016-10-17
CVE-2002-1288
http://www.securityfocus.com/bid/6139
BID:6139
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
CVE-2002-1289
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
2002-11-14
2016-10-17
CVE-2002-1289
http://www.securityfocus.com/bid/6140
BID:6140
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10582.php
XF:msvm-inativeservices-memory-access(10582)
CVE-2002-1290
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.
2002-11-14
2016-10-17
CVE-2002-1290
http://www.securityfocus.com/bid/6132
BID:6132
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10583.php
XF:msvm-inativeservices-clipboard-access(10583)
CVE-2002-1291
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.
2002-11-14
2016-10-17
CVE-2002-1291
http://www.securityfocus.com/bid/6138
BID:6138
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10584.php
XF:msvm-codebase-read-files(10584)
CVE-2002-1292
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
2002-11-14
2018-10-12
CVE-2002-1292
http://www.securityfocus.com/bid/6133
BID:6133
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.kb.cert.org/vuls/id/237777
CERT-VN:VU#237777
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/10585
XF:msvm-ssm-restriction-bypass(10585)
CVE-2002-1293
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
2002-11-14
2016-10-17
CVE-2002-1293
http://www.securityfocus.com/bid/6137
BID:6137
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10586.php
XF:msvm-cabcracker-load-archive(10586)
CVE-2002-1294
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
2002-11-14
2016-10-17
CVE-2002-1294
http://www.securityfocus.com/bid/6135
BID:6135
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10587.php
XF:msvm-html-object-dos(10587)
CVE-2002-1295
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
2002-11-14
2018-10-12
CVE-2002-1295
http://www.securityfocus.com/bid/6136
BID:6136
http://marc.info/?l=bugtraq&m=103682630823080&w=2
BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
http://www.iss.net/security_center/static/10588.php
XF:msvm-html-applet-dos(10588)
CVE-2002-1296
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
2004-09-01
2003-03-18
CVE-2002-1296
http://www.securityfocus.com/bid/6262
BID:6262
http://marc.info/?l=bugtraq&m=103842619803173&w=2
BUGTRAQ:20021127 Solaris priocntl exploit
http://www.kb.cert.org/vuls/id/683673
CERT-VN:VU#683673
http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637
OVAL:oval:org.mitre.oval:def:3637
http://www.iss.net/security_center/static/10717.php
XF:solaris-priocntl-pcclname-modules(10717)
CVE-2002-1297
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1297
CVE-2002-1298
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1298
CVE-2002-1299
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1299
CVE-2002-1300
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1300
CVE-2002-1301
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1301
CVE-2002-1302
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1302
CVE-2002-1303
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1303
CVE-2002-1304
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1304
CVE-2002-1305
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none.
2017-05-11
2017-05-11
CVE-2002-1305
CVE-2002-1306
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
2002-11-21
2016-10-17
CVE-2002-1306
http://marc.info/?l=bugtraq&m=103712329102632&w=2
BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities
http://marc.info/?l=bugtraq&m=103728981029342&w=2
BUGTRAQ:20021114 GLSA: kdelibs
http://www.ciac.org/ciac/bulletins/n-020.shtml
CIAC:N-020
http://www.kde.org/info/security/advisory-20021111-2.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021111-2.txt
http://www.debian.org/security/2002/dsa-214
DEBIAN:DSA-214
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
MANDRAKE:MDKSA-2002:080
http://www.redhat.com/support/errata/RHSA-2002-220.html
REDHAT:RHSA-2002:220
http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html
SUSE:SuSE-SA:2002:042
http://www.iss.net/security_center/static/10598.php
XF:kde-kdenetwork-lan-bo(10598)
http://www.iss.net/security_center/static/10597.php
XF:kde-kdenetwork-lisa-bo(10597)
CVE-2002-1307
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
2004-09-01
2004-08-17
CVE-2002-1307
http://www.securityfocus.com/bid/6204
BID:6204
http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com
CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com
http://www.debian.org/security/2002/dsa-199
DEBIAN:DSA-199
http://www.osvdb.org/7353
OSVDB:7353
https://exchange.xforce.ibmcloud.com/vulnerabilities/10666
XF:mhonarc-mime-header-xss(10666)
CVE-2002-1308
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
2004-09-01
2004-08-03
CVE-2002-1308
http://www.securityfocus.com/bid/6185
BID:6185
http://marc.info/?l=bugtraq&m=103730181813075&w=2
BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
http://bugzilla.mozilla.org/show_bug.cgi?id=157646
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646
http://www.redhat.com/support/errata/RHSA-2003-162.html
REDHAT:RHSA-2003:162
http://www.redhat.com/support/errata/RHSA-2003-163.html
REDHAT:RHSA-2003:163
https://exchange.xforce.ibmcloud.com/vulnerabilities/10636
XF:mozilla-netscape-jar-bo(10636)
CVE-2002-1309
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
2002-11-21
2016-10-17
CVE-2002-1309
http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html
BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
http://marc.info/?l=bugtraq&r=1&b=200211&w=2
BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
http://www.eeye.com/html/Research/Advisories/AD20021112.html
EEYE:AD20021112
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html
VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
CVE-2002-1310
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
2002-11-21
2017-07-10
CVE-2002-1310
http://www.securityfocus.com/bid/6122
BID:6122
http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html
BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
http://marc.info/?l=bugtraq&r=1&b=200211&w=2
BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
http://www.eeye.com/html/Research/Advisories/AD20021112.html
EEYE:AD20021112
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html
VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/10568
XF:jrun-long-url-bo(10568)
CVE-2002-1311
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
2004-09-01
2007-10-15
CVE-2002-1311
http://www.securityfocus.com/bid/6189
BID:6189
http://marc.info/?l=bugtraq&m=103794021013436&w=2
BUGTRAQ:20021119 GLSA: courier
http://www.debian.org/security/2002/dsa-197
DEBIAN:DSA-197
http://www.iss.net/security_center/static/10643.php
XF:courier-mta-insecure-permissions(10643)
CVE-2002-1312
Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password.
2005-04-14
2017-07-10
CVE-2002-1312
http://www.securityfocus.com/bid/6208
BID:6208
http://www.securityfocus.com/bid/6301
BID:6301
http://archives.neohapsis.com/archives/bugtraq/2002-12/0022.html
BUGTRAQ:20021202 CORE-20021005: Vulnerability Report For Linksys Devices
http://www.idefense.com/application/poi/display?id=36&type=vulnerabilities&flashstatus=true
IDEFENSE:20021119 Denial of Service Vulnerability in Linksys Cable/DSL Routers
http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10
MISC:http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10
https://exchange.xforce.ibmcloud.com/vulnerabilities/10654
XF:linksys-etherfast-password-dos(10654)
CVE-2002-1313
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
2004-09-01
2004-08-03
CVE-2002-1313
http://www.securityfocus.com/bid/6193
BID:6193
http://www.debian.org/security/2002/dsa-198
DEBIAN:DSA-198
https://exchange.xforce.ibmcloud.com/vulnerabilities/10649
XF:nullmailer-nonexistent-user-dos(10649)
CVE-2002-1314
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1314
CVE-2002-1315
Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
2002-11-21
2016-10-17
CVE-2002-1315
http://www.securityfocus.com/bid/6202
BID:6202
http://marc.info/?l=bugtraq&m=103772308030269&w=2
BUGTRAQ:20021119 iPlanet WebServer, remote root compromise
http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1
SUNALERT:49475
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html
VULNWATCH:20021118 iPlanet WebServer, remote root compromise
http://www.iss.net/security_center/static/10692.php
XF:iplanet-admin-log-xss(10692)
CVE-2002-1316
importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).
2002-11-21
2016-10-17
CVE-2002-1316
http://www.securityfocus.com/bid/6203
BID:6203
http://marc.info/?l=bugtraq&m=103772308030269&w=2
BUGTRAQ:20021119 iPlanet WebServer, remote root compromise
http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1
SUNALERT:49475
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html
VULNWATCH:20021118 iPlanet WebServer, remote root compromise
http://www.iss.net/security_center/static/10693.php
XF:iplanet-perl-command-execution(10693)
CVE-2002-1317
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
2004-09-01
2006-10-31
CVE-2002-1317
http://www.securityfocus.com/bid/6241
BID:6241
http://marc.info/?l=bugtraq&m=103825150527843&w=2
BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability
http://www.cert.org/advisories/CA-2002-34.html
CERT:CA-2002-34
http://www.kb.cert.org/vuls/id/312313
CERT-VN:VU#312313
http://www.ciac.org/ciac/bulletins/n-024.shtml
CIAC:N-024
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
http://www.securityfocus.com/advisories/4988
HP:HPSBUX0212-228
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
OVAL:oval:org.mitre.oval:def:149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
OVAL:oval:org.mitre.oval:def:152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816
OVAL:oval:org.mitre.oval:def:2816
ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
SGI:20021202-01-I
http://www.iss.net/security_center/static/10375.php
XF:solaris-fsauto-execute-code(10375)
CVE-2002-1318
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
2004-09-01
2004-08-03
CVE-2002-1318
http://www.securityfocus.com/bid/6210
BID:6210
http://marc.info/?l=bugtraq&m=103801986818076&w=2
BUGTRAQ:20021121 GLSA: samba
http://marc.info/?l=bugtraq&m=103859045302448&w=2
BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
http://www.kb.cert.org/vuls/id/958321
CERT-VN:VU#958321
http://www.ciac.org/ciac/bulletins/n-019.shtml
CIAC:N-019
http://www.ciac.org/ciac/bulletins/n-023.shtml
CIAC:N-023
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550
CONECTIVA:CLA-2002:550
http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
http://www.debian.org/security/2002/dsa-200
DEBIAN:DSA-200
http://www.ciac.org/ciac/bulletins/n-023.shtml
HP:HPSBUX0212-230
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php
MANDRAKE:MDKSA-2002:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467
OVAL:oval:org.mitre.oval:def:1467
http://www.redhat.com/support/errata/RHSA-2002-266.html
REDHAT:RHSA-2002:266
ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I
SGI:20021204-01-I
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580
SUNALERT:53580
http://www.novell.com/linux/security/advisories/2002_045_samba.html
SUSE:SuSE-SA:2002:045
TRUSTIX:TSLSA-2002-0080
https://exchange.xforce.ibmcloud.com/vulnerabilities/10683
XF:samba-password-change-bo(10683)
CVE-2002-1319
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
2004-09-01
2007-10-05
CVE-2002-1319
http://www.securityfocus.com/bid/6115
BID:6115
http://marc.info/?l=bugtraq&m=103714004623587&w=2
BUGTRAQ:20021111 i386 Linux kernel DoS
http://marc.info/?l=bugtraq&m=103737292709297&w=2
BUGTRAQ:20021114 Re: i386 Linux kernel DoS
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553
CONECTIVA:CLA-2002:553
http://rhn.redhat.com/errata/RHSA-2002-262.html
REDHAT:RHSA-2002:262
http://www.redhat.com/support/errata/RHSA-2002-263.html
REDHAT:RHSA-2002:263
http://rhn.redhat.com/errata/RHSA-2002-264.html
REDHAT:RHSA-2002:264
https://exchange.xforce.ibmcloud.com/vulnerabilities/10576
XF:linux-kernel-tf-dos(10576)
CVE-2002-1320
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
2004-09-01
2004-08-03
CVE-2002-1320
http://www.securityfocus.com/bid/6120
BID:6120
http://marc.info/?l=bugtraq&m=103668430620531&w=2
BUGTRAQ:20021107 Remote pine Denial of Service
http://marc.info/?l=bugtraq&m=103884988306241&w=2
BUGTRAQ:20021202 GLSA: pine
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
CONECTIVA:CLA-2002:551
http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
ENGARDE:ESA-20021127-032
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
MANDRAKE:MDKSA-2002:084
http://www.redhat.com/support/errata/RHSA-2002-270.html
REDHAT:RHSA-2002:270
http://www.redhat.com/support/errata/RHSA-2002-271.html
REDHAT:RHSA-2002:271
http://www.novell.com/linux/security/advisories/2002_046_pine.html
SUSE:SuSE-SA:2002:046
http://www.iss.net/security_center/static/10555.php
XF:pine-from-header-dos(10555)
CVE-2002-1321
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
2002-11-27
2017-07-10
CVE-2002-1321
http://www.securityfocus.com/bid/6227
BID:6227
http://www.securityfocus.com/bid/6229
BID:6229
http://marc.info/?l=bugtraq&m=103808645120764&w=2
BUGTRAQ:20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
http://service.real.com/help/faq/security/bufferoverrun_player.html
CONFIRM:http://service.real.com/help/faq/security/bufferoverrun_player.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10677
XF:realplayer-rtsp-filename-bo(10677)
CVE-2002-1322
Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap.
2002-11-27
2017-07-10
CVE-2002-1322
http://www.securityfocus.com/bid/6228
BID:6228
http://marc.info/?l=bugtraq&m=103808239618238&w=2
BUGTRAQ:20021122 ClearCase DoS vulnerabilty
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0084.html
VULNWATCH:20021122 ClearCase DoS vulnerabilty
https://exchange.xforce.ibmcloud.com/vulnerabilities/10675
XF:clearcase-tcp-scan-dos(10675)
CVE-2002-1323
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
2004-09-01
2004-08-17
CVE-2002-1323
http://www.securityfocus.com/bid/6111
BID:6111
http://marc.info/?l=bugtraq&m=104005919814869&w=2
BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
http://marc.info/?l=bugtraq&m=104033126305252&w=2
BUGTRAQ:20021219 TSLSA-2002-0087 - perl
http://marc.info/?l=bugtraq&m=104040175522502&w=2
BUGTRAQ:20021220 GLSA: perl
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
CALDERA:CSSA-2004-007.0
http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
http://www.debian.org/security/2002/dsa-208
DEBIAN:DSA-208
http://www.osvdb.org/2183
OSVDB:2183
http://www.osvdb.org/3814
OSVDB:3814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160
OVAL:oval:org.mitre.oval:def:1160
http://www.redhat.com/support/errata/RHSA-2003-256.html
REDHAT:RHSA-2003:256
http://www.redhat.com/support/errata/RHSA-2003-257.html
REDHAT:RHSA-2003:257
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
SCO:SCOSA-2004.1
ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
SGI:20030606-01-A
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln
http://www.iss.net/security_center/static/10574.php
XF:safe-pm-bypass-restrictions(10574)
CVE-2002-1324
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1324
CVE-2002-1325
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
2004-09-01
2003-03-18
CVE-2002-1325
http://www.securityfocus.com/bid/6380
BID:6380
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
MS:MS02-069
CVE-2002-1326
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1326
CVE-2002-1327
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
2004-09-01
2004-08-03
CVE-2002-1327
http://www.securityfocus.com/bid/6427
BID:6427
http://marc.info/?l=bugtraq&m=104025849109384&w=2
BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files
http://www.cert.org/advisories/CA-2002-37.html
CERT:CA-2002-37
http://www.kb.cert.org/vuls/id/591890
CERT-VN:VU#591890
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-072
MS:MS02-072
https://exchange.xforce.ibmcloud.com/vulnerabilities/10892
XF:winxp-windows-shell-bo(10892)
CVE-2002-1328
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1328
CVE-2002-1329
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1329
CVE-2002-1330
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1330
CVE-2002-1331
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1331
CVE-2002-1332
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1332
CVE-2002-1333
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1333
CVE-2002-1334
Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.
2002-12-03
2017-07-10
CVE-2002-1334
http://www.securityfocus.com/bid/6265
BID:6265
http://marc.info/?l=bugtraq&m=103842773205148&w=2
BUGTRAQ:20021127 Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
http://securitytracker.com/id?1005681
SECTRACK:1005681
https://exchange.xforce.ibmcloud.com/vulnerabilities/10718
XF:imagefolio-imagefolio-nphbuild-xss(10718)
CVE-2002-1335
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
2002-12-03
2017-07-10
CVE-2002-1335
http://www.securityfocus.com/bid/6793
BID:6793
http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html
CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html
http://sourceforge.net/project/shownotes.php?release_id=124484
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484
http://www.debian.org/security/2003/dsa-249
DEBIAN:DSA-249
http://www.debian.org/security/2003/dsa-250
DEBIAN:DSA-250
http://www.debian.org/security/2003/dsa-251
DEBIAN:DSA-251
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html
OPENPKG:OpenPKG-SA-2003.009
http://www.osvdb.org/6981
OSVDB:6981
http://www.redhat.com/support/errata/RHSA-2003-044.html
REDHAT:RHSA-2003:044
http://www.redhat.com/support/errata/RHSA-2003-045.html
REDHAT:RHSA-2003:045
http://secunia.com/advisories/8015
SECUNIA:8015
http://secunia.com/advisories/8016
SECUNIA:8016
http://secunia.com/advisories/8031
SECUNIA:8031
http://secunia.com/advisories/8053
SECUNIA:8053
https://exchange.xforce.ibmcloud.com/vulnerabilities/10842
XF:w3m-html-frame-xss(10842)
CVE-2002-1336
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
2004-09-01
2010-05-20
CVE-2002-1336
http://www.securityfocus.com/bid/5296
BID:5296
http://marc.info/?l=bugtraq&m=102753170201524&w=2
BUGTRAQ:20020724 VNC authentication weakness
http://marc.info/?l=bugtraq&m=102769183913594&w=2
BUGTRAQ:20020726 RE: VNC authentication weakness
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
CONECTIVA:CLA-2003:640
http://www.tightvnc.com/WhatsNew.txt
CONFIRM:http://www.tightvnc.com/WhatsNew.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
MANDRAKE:MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
REDHAT:RHSA-2002:287
http://www.redhat.com/support/errata/RHSA-2003-041.html
REDHAT:RHSA-2003:041
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
XF:vnc-weak-authentication(5992)
CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
2004-09-01
2010-05-20
CVE-2002-1337
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
AIXAPAR:IY40500
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
AIXAPAR:IY40501
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
AIXAPAR:IY40502
http://www.securityfocus.com/bid/6991
BID:6991
http://marc.info/?l=bugtraq&m=104678862109841&w=2
BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail
http://marc.info/?l=bugtraq&m=104673778105192&w=2
BUGTRAQ:20030303 sendmail 8.12.8 available
http://marc.info/?l=bugtraq&m=104678862409849&w=2
BUGTRAQ:20030304 GLSA: sendmail (200303-4)
http://marc.info/?l=bugtraq&m=104678739608479&w=2
BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
CALDERA:CSSA-2003-SCO.5
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
CALDERA:CSSA-2003-SCO.6
http://www.cert.org/advisories/CA-2003-07.html
CERT:CA-2003-07
http://www.kb.cert.org/vuls/id/398025
CERT-VN:VU#398025
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
CONECTIVA:CLA-2003:571
http://www.sendmail.org/8.12.8.html
CONFIRM:http://www.sendmail.org/8.12.8.html
http://www.debian.org/security/2003/dsa-257
DEBIAN:DSA-257
FREEBSD:FreeBSD-SA-03:04
http://marc.info/?l=bugtraq&m=104679411316818&w=2
HP:HPSBUX0302-246
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
ISS:20030303 Remote Sendmail Header Processing Vulnerability
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
MANDRAKE:MDKSA-2003:028
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
NETBSD:NetBSD-SA2003-002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
OVAL:oval:org.mitre.oval:def:2222
http://www.redhat.com/support/errata/RHSA-2003-073.html
REDHAT:RHSA-2003:073
http://www.redhat.com/support/errata/RHSA-2003-074.html
REDHAT:RHSA-2003:074
http://www.redhat.com/support/errata/RHSA-2003-227.html
REDHAT:RHSA-2003:227
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
SGI:20030301-01-P
SUSE:SuSE-SA:2003:013
http://www.iss.net/security_center/static/10748.php
XF:sendmail-header-processing-bo(10748)
CVE-2002-1338
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
2002-12-11
2017-07-10
CVE-2002-1338
http://www.securityfocus.com/bid/4454
BID:4454
http://marc.info/?l=bugtraq&m=101830175621193&w=2
BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
http://www.kb.cert.org/vuls/id/156123
CERT-VN:VU#156123
http://security.greymagic.com/adv/gm008-ie/
MISC:http://security.greymagic.com/adv/gm008-ie/
https://exchange.xforce.ibmcloud.com/vulnerabilities/8784
XF:owc-chart-load-exist(8784)
CVE-2002-1339
The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.
2002-12-11
2016-10-17
CVE-2002-1339
http://marc.info/?l=bugtraq&m=101830175621193&w=2
BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
http://security.greymagic.com/adv/gm008-ie/
MISC:http://security.greymagic.com/adv/gm008-ie/
CVE-2002-1340
The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.
2002-12-11
2016-10-17
CVE-2002-1340
http://marc.info/?l=bugtraq&m=101830175621193&w=2
BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
http://security.greymagic.com/adv/gm008-ie/
MISC:http://security.greymagic.com/adv/gm008-ie/
CVE-2002-1341
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
2002-12-11
2017-07-10
CVE-2002-1341
http://www.securityfocus.com/bid/6302
BID:6302
http://marc.info/?l=bugtraq&m=103911130503272&w=2
BUGTRAQ:20021203 Re: SquirrelMail v1.2.9 XSS bugs
http://marc.info/?l=bugtraq&m=103893844126484&w=2
BUGTRAQ:20021203 SquirrelMail v1.2.9 XSS bugs
http://marc.info/?l=bugtraq&m=104004924002662&w=2
BUGTRAQ:20021215 GLSA: squirrelmail
http://www.debian.org/security/2002/dsa-220
DEBIAN:DSA-220
http://f0kp.iplus.ru/bz/008.txt
MISC:http://f0kp.iplus.ru/bz/008.txt
http://www.redhat.com/support/errata/RHSA-2003-042.html
REDHAT:RHSA-2003:042
http://secunia.com/advisories/8220
SECUNIA:8220
https://exchange.xforce.ibmcloud.com/vulnerabilities/10754
XF:squirrelmail-readbody-xss(10754)
CVE-2002-1342
Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.
2002-12-11
2007-10-13
CVE-2002-1342
http://www.securityfocus.com/bid/6313
BID:6313
http://www.debian.org/security/2002/dsa-203
DEBIAN:DSA-203
http://www.iss.net/security_center/static/10768.php
XF:smb2www-command-execution(10768)
CVE-2002-1343
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1343
CVE-2002-1344
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
2002-12-11
2018-10-19
CVE-2002-1344
http://www.securityfocus.com/bid/6352
BID:6352
http://www.securityfocus.com/bid/6360
BID:6360
http://marc.info/?l=bugtraq&m=103962838628940&w=2
BUGTRAQ:20021211 Directory Traversal Vulnerabilities in FTP Clients
http://marc.info/?l=bugtraq&m=104033016703851&w=2
BUGTRAQ:20021219 TSLSA-2002-0089 - wget
http://www.securityfocus.com/archive/1/307045/30/26300/threaded
CALDERA:CSSA-2003.003.0
http://www.kb.cert.org/vuls/id/210148
CERT-VN:VU#210148
http://www.ciac.org/ciac/bulletins/n-022.shtml
CIAC:N-022
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552
CONECTIVA:CLA-2002:552
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552
CONECTIVA:CLSA-2002:552
https://www.debian.org/security/2002/dsa-209
DEBIAN:DSA-209
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php
MANDRAKE:MDKSA-2002:086
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html
OPENPKG:OpenPKG-SA-2003.007
http://www.redhat.com/support/errata/RHSA-2002-229.html
REDHAT:RHSA-2002:229
http://www.redhat.com/support/errata/RHSA-2002-256.html
REDHAT:RHSA-2002:256
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt
SCO:CSSA-2003-003.0
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html
VULNWATCH:20021210 Directory Traversal Vulnerabilities in FTP Clients
http://www.iss.net/security_center/static/10820.php
XF:wget-ftp-filename-traversal(10820)
CVE-2002-1345
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
2002-12-17
2016-10-17
CVE-2002-1345
http://www.securityfocus.com/bid/6360
BID:6360
http://marc.info/?l=bugtraq&m=103962838628940&w=2
BUGTRAQ:20021211 Directory Traversal Vulnerabilities in FTP Clients
http://www.kb.cert.org/vuls/id/210409
CERT-VN:VU#210409
ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A
SGI:20021205-01-A
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html
VULNWATCH:20021210 Directory Traversal Vulnerabilities in FTP Clients
http://www.iss.net/security_center/static/10821.php
XF:ftp-client-filename-traversal(10821)
CVE-2002-1346
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-1346
CVE-2002-1347
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
2002-12-11
2017-07-10
CVE-2002-1347
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
APPLE:APPLE-SA-2005-03-21
http://www.securityfocus.com/bid/6347
BID:6347
http://www.securityfocus.com/bid/6348
BID:6348
http://www.securityfocus.com/bid/6349
BID:6349
http://marc.info/?l=bugtraq&m=103946297703402&w=2
BUGTRAQ:20021209 Cyrus SASL library buffer overflows
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
CONECTIVA:000557
http://www.debian.org/security/2002/dsa-215
DEBIAN:DSA-215
http://www.securityfocus.com/advisories/4826
GENTOO:200212-10
http://www.redhat.com/support/errata/RHSA-2002-283.html
REDHAT:RHSA-2002:283
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html
SUSE:SuSE-SA:2002:048
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
XF:cyrus-sasl-logwriter-bo(10812)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
XF:cyrus-sasl-saslauthd-bo(10811)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
XF:cyrus-sasl-username-bo(10810)
CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
2004-09-01
2007-11-28
CVE-2002-1348
http://www.securityfocus.com/bid/6794
BID:6794
http://marc.info/?l=bugtraq&m=104552193927323&w=2
BUGTRAQ:20030217 GLSA: w3m
http://sourceforge.net/project/shownotes.php?release_id=126233
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233
http://www.debian.org/security/2003/dsa-249
DEBIAN:DSA-249
http://www.debian.org/security/2003/dsa-250
DEBIAN:DSA-250
http://www.debian.org/security/2003/dsa-251
DEBIAN:DSA-251
http://www.redhat.com/support/errata/RHSA-2003-044.html
REDHAT:RHSA-2003:044
http://www.redhat.com/support/errata/RHSA-2003-045.html
REDHAT:RHSA-2003:045
http://www.iss.net/security_center/static/11266.php
XF:w3m-img-alt-xss(11266)
CVE-2002-1349
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
2004-09-01
2004-08-03
CVE-2002-1349
http://www.securityfocus.com/bid/6350
BID:6350
http://marc.info/?l=bugtraq&m=103953822705917&w=2
BUGTRAQ:20021210 Unchecked buffer in PC-cillin
http://www.kb.cert.org/vuls/id/157961
CERT-VN:VU#157961
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982
CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982
http://www.texonet.com/advisories/TEXONET-20021210.txt
MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10814
XF:pccillin-pop3trap-bo(10814)
CVE-2002-1350
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
2004-09-01
2007-11-12
CVE-2002-1350
http://www.securityfocus.com/bid/6213
BID:6213
http://marc.info/?l=bugtraq&m=104032975103398&w=2
BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-050.0.txt
CALDERA:CSSA-2002-050.0
http://www.debian.org/security/2002/dsa-206
DEBIAN:DSA-206
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
MANDRAKE:MDKSA-2003:027
http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c?
http://www.redhat.com/support/errata/RHSA-2003-032.html
REDHAT:RHSA-2003:032
http://www.redhat.com/support/errata/RHSA-2003-033.html
REDHAT:RHSA-2003:033
http://www.redhat.com/support/errata/RHSA-2003-214.html
REDHAT:RHSA-2003:214
TRUSTIX:TSL-2002-0084
https://exchange.xforce.ibmcloud.com/vulnerabilities/10695
XF:tcpdump-sizeof-memory-corruption(10695)
CVE-2002-1351
Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request.
2005-04-14
2017-07-10
CVE-2002-1351
http://www.securityfocus.com/bid/6477
BID:6477
http://www.idefense.com/application/poi/display?id=33&type=vulnerabilities&flashstatus=false
IDEFENSE:20021216 Melange Chat System Remote Buffer Overflow
http://securitytracker.com/id?1005831
SECTRACK:1005831
https://exchange.xforce.ibmcloud.com/vulnerabilities/10939
XF:melange-msgtext-chatinterpretdata-bo(10939)
CVE-2002-1352
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.
2003-09-12
2005-06-02
CVE-2002-1352
http://www.idefense.com/advisory/12.16.02c.txt
MISC:http://www.idefense.com/advisory/12.16.02c.txt
http://securitytracker.com/id?1005829
SECTRACK:1005829
CVE-2002-1353
LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst.
2005-04-14
2017-07-10
CVE-2002-1353
http://www.idefense.com/application/poi/display?id=31&type=vulnerabilities&flashstatus=false
IDEFENSE:20021216 LocalWEB 2000 Insecure Password Storage
http://securitytracker.com/id?1005830
SECTRACK:1005830
http://secunia.com/advisories/7740/
SECUNIA:7740
https://exchange.xforce.ibmcloud.com/vulnerabilities/10948
XF:localweb2k-userslst-plaintext-passwords(10948)
CVE-2002-1354
Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command.
2005-04-15
2017-07-10
CVE-2002-1354
http://securitytracker.com/id?1005832
SECTRACK:1005832
http://secunia.com/advisories/7737/
SECUNIA:7737
https://exchange.xforce.ibmcloud.com/vulnerabilities/6165
XF:typsoft-ftp-directory-traversal(6165)
CVE-2002-1355
Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.
2002-12-17
2003-01-10
CVE-2002-1355
http://www.ethereal.com/appnotes/enpa-sa-00007.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00007.html
http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69
CONFIRM:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69
http://www.redhat.com/support/errata/RHSA-2002-290.html
REDHAT:RHSA-2002:290
CVE-2002-1356
Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.
2002-12-17
2003-01-10
CVE-2002-1356
http://www.ethereal.com/appnotes/enpa-sa-00007.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00007.html
http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13
CONFIRM:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13
http://www.redhat.com/support/errata/RHSA-2002-290.html
REDHAT:RHSA-2002:290
CVE-2002-1357
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
2002-12-17
2017-10-09
CVE-2002-1357
http://www.securityfocus.com/bid/6405
BID:6405
http://www.cert.org/advisories/CA-2002-36.html
CERT:CA-2002-36
http://www.kb.cert.org/vuls/id/389665
CERT-VN:VU#389665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849
OVAL:oval:org.mitre.oval:def:5849
http://securitytracker.com/id?1005812
SECTRACK:1005812
http://securitytracker.com/id?1005813
SECTRACK:1005813
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
https://exchange.xforce.ibmcloud.com/vulnerabilities/10868
XF:ssh-transport-length-bo(10868)
CVE-2002-1358
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
2002-12-17
2017-10-09
CVE-2002-1358
http://www.cert.org/advisories/CA-2002-36.html
CERT:CA-2002-36
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721
OVAL:oval:org.mitre.oval:def:5721
http://securitytracker.com/id?1005812
SECTRACK:1005812
http://securitytracker.com/id?1005813
SECTRACK:1005813
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
CVE-2002-1359
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
2002-12-17
2017-10-09
CVE-2002-1359
http://www.securityfocus.com/bid/6407
BID:6407
http://www.cert.org/advisories/CA-2002-36.html
CERT:CA-2002-36
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848
OVAL:oval:org.mitre.oval:def:5848
http://securitytracker.com/id?1005812
SECTRACK:1005812
http://securitytracker.com/id?1005813
SECTRACK:1005813
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
https://exchange.xforce.ibmcloud.com/vulnerabilities/10870
XF:ssh-transport-multiple-bo(10870)
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
2002-12-17
2017-10-09
CVE-2002-1360
http://www.cert.org/advisories/CA-2002-36.html
CERT:CA-2002-36
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797
OVAL:oval:org.mitre.oval:def:5797
http://securitytracker.com/id?1005812
SECTRACK:1005812
http://securitytracker.com/id?1005813
SECTRACK:1005813
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
CVE-2002-1361
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
2004-09-01
2007-10-16
CVE-2002-1361
http://www.securityfocus.com/bid/6326
BID:6326
http://marc.info/?l=bugtraq&m=103912513522807&w=2
BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit
http://www.cert.org/advisories/CA-2002-35.html
CERT:CA-2002-35
http://www.kb.cert.org/vuls/id/810921
CERT-VN:VU#810921
http://www.ciac.org/ciac/bulletins/n-025.shtml
CIAC:N-025
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
SUNALERT:49377
https://exchange.xforce.ibmcloud.com/vulnerabilities/10776
XF:cobalt-shp-overflow-privileges(10776)
CVE-2002-1362
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.
2004-09-01
2004-08-09
CVE-2002-1362
http://www.securityfocus.com/bid/6392
BID:6392
http://www.debian.org/security/2002/dsa-211
DEBIAN:DSA-211
http://www.redhat.com/support/errata/RHSA-2003-118.html
REDHAT:RHSA-2003:118
https://exchange.xforce.ibmcloud.com/vulnerabilities/10872
XF:micq-0xfe-dos(10872)
CVE-2002-1363
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
2004-09-01
2011-07-16
CVE-2002-1363
http://www.securityfocus.com/bid/6431
BID:6431
http://www.debian.org/security/2002/dsa-213
DEBIAN:DSA-213
https://bugzilla.fedora.us/show_bug.cgi?id=1943
FEDORA:FLSA:1943
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:008
MANDRAKE:MDKSA-2003:008
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
MANDRAKE:MDKSA-2004:063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3657
OVAL:oval:org.mitre.oval:def:3657
http://www.redhat.com/support/errata/RHSA-2003-006.html
REDHAT:RHSA-2003:006
http://www.redhat.com/support/errata/RHSA-2003-007.html
REDHAT:RHSA-2003:007
http://www.redhat.com/support/errata/RHSA-2003-119.html
REDHAT:RHSA-2003:119
http://www.redhat.com/support/errata/RHSA-2003-157.html
REDHAT:RHSA-2003:157
http://www.redhat.com/support/errata/RHSA-2004-249.html
REDHAT:RHSA-2004:249
http://www.redhat.com/support/errata/RHSA-2004-402.html
REDHAT:RHSA-2004:402
http://www.novell.com/linux/security/advisories/2003_004_libpng.html
SUSE:SUSE-SA:2003:0004
https://exchange.xforce.ibmcloud.com/vulnerabilities/10925
XF:libpng-file-offset-bo(10925)
CVE-2002-1364
Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.
2004-09-01
2004-08-17
CVE-2002-1364
http://www.securityfocus.com/bid/6166
BID:6166
http://marc.info/?l=bugtraq&m=103858895600963&w=2
BUGTRAQ:20021129 Exploit for traceroute-nanog overflow
http://www.debian.org/security/2003/dsa-254
DEBIAN:DSA-254
http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html
SUSE:SuSE-SA:2002:043
https://exchange.xforce.ibmcloud.com/vulnerabilities/10778
XF:traceroute-nanog-getorigin-bo(10778)
CVE-2002-1365
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
2004-09-01
2007-11-12
CVE-2002-1365
http://www.securityfocus.com/bid/6390
BID:6390
http://marc.info/?l=bugtraq&m=103979751818638&w=2
BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability
http://marc.info/?l=bugtraq&m=104004858802000&w=2
BUGTRAQ:20021215 GLSA: fetchmail
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt
CALDERA:CSSA-2003-001.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554
CONECTIVA:CLA-2002:554
http://www.debian.org/security/2002/dsa-216
DEBIAN:DSA-216
ENGARDE:ESA-20030127-002
IMMUNIX:IMNX-2003-7+-023-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011
MANDRAKE:MDKSA-2003:011
http://security.e-matters.de/advisories/052002.html
MISC:http://security.e-matters.de/advisories/052002.html
http://www.redhat.com/support/errata/RHSA-2002-293.html
REDHAT:RHSA-2002:293
http://www.redhat.com/support/errata/RHSA-2002-294.html
REDHAT:RHSA-2002:294
http://www.redhat.com/support/errata/RHSA-2003-155.html
REDHAT:RHSA-2003:155
SUSE:SuSE-SA:2003:001
https://exchange.xforce.ibmcloud.com/vulnerabilities/10839
XF:fetchmail-address-header-bo(10839)
CVE-2002-1366
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
2004-09-01
2007-12-19
CVE-2002-1366
http://www.securityfocus.com/bid/6435
BID:6435
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10907
XF:cups-certs-race-condition(10907)
CVE-2002-1367
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
2004-09-01
2007-12-19
CVE-2002-1367
http://www.securityfocus.com/bid/6436
BID:6436
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
CONECTIVA:CLSA-2003:702
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10908
XF:cups-udp-add-printers(10908)
CVE-2002-1368
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
2002-12-20
2017-07-10
CVE-2002-1368
http://www.securityfocus.com/bid/6437
BID:6437
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt
CALDERA:CSSA-2003-004.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
CONECTIVA:CLSA-2003:702
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandriva.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://secunia.com/advisories/7756/
SECUNIA:7756
http://secunia.com/advisories/7794
SECUNIA:7794
http://secunia.com/advisories/7803
SECUNIA:7803
http://secunia.com/advisories/7843
SECUNIA:7843
http://secunia.com/advisories/7858
SECUNIA:7858
http://secunia.com/advisories/7907
SECUNIA:7907
http://secunia.com/advisories/7913/
SECUNIA:7913
http://secunia.com/advisories/8080/
SECUNIA:8080
http://secunia.com/advisories/9325/
SECUNIA:9325
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10909
XF:cups-neg-memcpy-bo(10909)
CVE-2002-1369
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
2004-09-01
2007-12-19
CVE-2002-1369
http://www.securityfocus.com/bid/6438
BID:6438
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
CONECTIVA:CLSA-2003:702
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10910
XF:cups-strncat-options-bo(10910)
CVE-2002-1370
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1367. Reason: This CAN was originally assigned for the theft of root certificates in CUPS, but it was later deemed to be a legitimate result of exploiting a different vulnerability, CVE-2002-1367, so it is not a distinct vulnerability. Notes: All CVE users should reference CVE-2002-1367 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-04-15
CVE-2002-1370
CVE-2002-1371
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
2004-09-01
2007-12-19
CVE-2002-1371
http://www.securityfocus.com/bid/6439
BID:6439
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
CONECTIVA:CLSA-2003:702
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10911
XF:cups-zero-width-images(10911)
CVE-2002-1372
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
2004-09-01
2007-12-19
CVE-2002-1372
http://www.securityfocus.com/bid/6440
BID:6440
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
CONECTIVA:CLSA-2003:702
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10912
XF:cups-file-descriptor-dos(10912)
CVE-2002-1373
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
2004-09-01
2007-10-16
CVE-2002-1373
http://www.securityfocus.com/bid/6368
BID:6368
http://marc.info/?l=bugtraq&m=103971644013961&w=2
BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
CONECTIVA:CLSA-2002:555
http://www.debian.org/security/2002/dsa-212
DEBIAN:DSA-212
ENGARDE:ESA-20030127-001
http://marc.info/?l=bugtraq&m=104004857201968&w=2
GENTOO:200212-2
http://www.securityfocus.com/advisories/5269
IMMUNIX:IMNX-2003-7+-008-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
MANDRAKE:MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
MISC:http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
REDHAT:RHSA-2002:288
http://www.redhat.com/support/errata/RHSA-2002-289.html
REDHAT:RHSA-2002:289
http://www.redhat.com/support/errata/RHSA-2003-166.html
REDHAT:RHSA-2003:166
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
SUSE:SUSE-SA:2003:003
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
TRUSTIX:2002-0086
https://exchange.xforce.ibmcloud.com/vulnerabilities/10846
XF:mysql-comtabledump-dos(10846)
CVE-2002-1374
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
2004-09-01
2007-10-16
CVE-2002-1374
http://www.securityfocus.com/bid/6373
BID:6373
http://marc.info/?l=bugtraq&m=103971644013961&w=2
BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://marc.info/?l=bugtraq&m=104005886114500&w=2
BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
CONECTIVA:CLSA-2002:555
http://www.debian.org/security/2002/dsa-212
DEBIAN:DSA-212
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
ENGARDE:ESA-20021213-033
http://marc.info/?l=bugtraq&m=104004857201968&w=2
GENTOO:GLSA-200212-2
http://www.securityfocus.com/advisories/5269
IMMUNIX:IMNX-2003-7+-008-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
MANDRAKE:MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
MISC:http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
REDHAT:RHSA-2002:288
http://www.redhat.com/support/errata/RHSA-2002-289.html
REDHAT:RHSA-2002:289
http://www.redhat.com/support/errata/RHSA-2003-166.html
REDHAT:RHSA-2003:166
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
SUSE:SUSE-SA:2003:003
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
TRUSTIX:2002-0086
https://exchange.xforce.ibmcloud.com/vulnerabilities/10847
XF:mysql-comchangeuser-password-bypass(10847)
CVE-2002-1375
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
2004-09-01
2007-10-16
CVE-2002-1375
http://www.securityfocus.com/bid/6375
BID:6375
http://marc.info/?l=bugtraq&m=103971644013961&w=2
BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://marc.info/?l=bugtraq&m=104005886114500&w=2
BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
CONECTIVA:CLSA-2002:555
http://www.debian.org/security/2002/dsa-212
DEBIAN:DSA-212
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
ENGARDE:ESA-20021213-033
http://marc.info/?l=bugtraq&m=104004857201968&w=2
GENTOO:GLSA-200212-2
http://www.securityfocus.com/advisories/5269
IMMUNIX:IMNX-2003-7+-008-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
MANDRAKE:MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
MISC:http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
REDHAT:RHSA-2002:288
http://www.redhat.com/support/errata/RHSA-2002-289.html
REDHAT:RHSA-2002:289
http://www.redhat.com/support/errata/RHSA-2003-166.html
REDHAT:RHSA-2003:166
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
SUSE:SUSE-SA:2003:003
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
TRUSTIX:2002-0086
https://exchange.xforce.ibmcloud.com/vulnerabilities/10848
XF:mysql-comchangeuser-password-bo(10848)
CVE-2002-1376
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2002-12-17
2017-07-10
CVE-2002-1376
http://www.securityfocus.com/bid/6370
BID:6370
http://www.securityfocus.com/bid/6374
BID:6374
http://marc.info/?l=bugtraq&m=103971644013961&w=2
BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://marc.info/?l=bugtraq&m=104004857201968&w=2
BUGTRAQ:20021215 GLSA: mysql
http://marc.info/?l=bugtraq&m=104005886114500&w=2
BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
http://marc.info/?l=bugtraq&m=104033188706000&w=2
BUGTRAQ:20021219 TSLSA-2002-0086 - mysql
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
CONECTIVA:CLSA-2002:555
http://www.debian.org/security/2002/dsa-212
DEBIAN:DSA-212
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
ENGARDE:ESA-20021213-033
http://www.mandriva.com/security/advisories?name=MDKSA-2002:087
MANDRAKE:MDKSA-2002:087
http://security.e-matters.de/advisories/042002.html
MISC:http://security.e-matters.de/advisories/042002.html
http://www.redhat.com/support/errata/RHSA-2002-288.html
REDHAT:RHSA-2002:288
https://exchange.xforce.ibmcloud.com/vulnerabilities/10850
XF:mysql-libmysqlclient-readonerow-bo(10850)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10849
XF:mysql-libmysqlclient-readrows-bo(10849)
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
2004-09-01
2007-11-28
CVE-2002-1377
http://www.securityfocus.com/bid/6384
BID:6384
http://marc.info/?l=bugtraq&m=108077992208690&w=2
BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
CONECTIVA:CLA-2004:812
http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
FULLDISC:20021213 Some vim problems, yet still vim much better than windows
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
MANDRAKE:MDKSA-2003:012
http://www.guninski.com/vim1.html
MISC:http://www.guninski.com/vim1.html
http://www.redhat.com/support/errata/RHSA-2002-297.html
REDHAT:RHSA-2002:297
http://www.redhat.com/support/errata/RHSA-2002-302.html
REDHAT:RHSA-2002:302
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
SUNALERT:55700
https://exchange.xforce.ibmcloud.com/vulnerabilities/10835
XF:vim-modeline-command-execution(10835)
CVE-2002-1378
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
2002-12-17
2017-07-10
CVE-2002-1378
http://www.securityfocus.com/bid/6328
BID:6328
http://www.ciac.org/ciac/bulletins/n-043.shtml
CIAC:N-043
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556
CONECTIVA:CLA-2002:556
http://www.debian.org/security/2003/dsa-227
DEBIAN:DSA-227
http://www.securityfocus.com/advisories/4827
GENTOO:200212-12
http://www.mandriva.com/security/advisories?name=MDKSA-2003:006
MANDRAKE:MDKSA-2003:006
http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html
MISC:http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html
http://www.redhat.com/support/errata/RHSA-2003-040.html
REDHAT:RHSA-2003:040
http://www.novell.com/linux/security/advisories/2002_047_openldap2.html
SUSE:SuSE-SA:2002:047
http://www.turbolinux.com/security/TLSA-2003-5.txt
TURBO:TLSA-2003-5
https://exchange.xforce.ibmcloud.com/vulnerabilities/10800
XF:openldap-multiple-bo(10800)
CVE-2002-1379
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
2002-12-17
2003-01-15
CVE-2002-1379
http://www.debian.org/security/2003/dsa-227
DEBIAN:DSA-227
http://www.mandriva.com/security/advisories?name=MDKSA-2003:006
MANDRAKE:MDKSA-2003:006
REDHAT:RHSA-2003:040
http://www.novell.com/linux/security/advisories/2002_047_openldap2.html
SUSE:SuSE-SA:2002:047
CVE-2002-1380
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
2004-09-01
2004-08-09
CVE-2002-1380
http://www.securityfocus.com/bid/6420
BID:6420
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
ENGARDE:ESA-20030318-009
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
MANDRAKE:MDKSA-2003:039
http://www.redhat.com/support/errata/RHSA-2003-088.html
REDHAT:RHSA-2003:088
http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt
TRUSTIX:2002-0083
VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10884
XF:linux-protread-mmap-dos(10884)
CVE-2002-1381
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
2004-09-01
2004-08-09
CVE-2002-1381
http://www.securityfocus.com/bid/6314
BID:6314
http://marc.info/?l=bugtraq&m=103903403527788&w=2
BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x)
http://groups.yahoo.com/group/exim-users/message/42358
CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358
http://marc.info/?l=bugtraq&m=104006219018664&w=2
GENTOO:GLSA-200212-5
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
MLIST:[Exim] 20021204 Minor security problem in both Exim 3 and 4
https://exchange.xforce.ibmcloud.com/vulnerabilities/10761
XF:exim-daemonc-format-string(10761)
CVE-2002-1382
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.
2004-09-01
2004-08-09
CVE-2002-1382
http://www.securityfocus.com/bid/6383
BID:6383
http://marc.info/?l=bugtraq&m=104014220727109&w=2
BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
http://marc.info/?l=vulnwatch&m=104013370116670
VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
https://exchange.xforce.ibmcloud.com/vulnerabilities/10861
XF:flash-swf-bo(10861)
CVE-2002-1383
Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
2002-12-20
2016-10-17
CVE-2002-1383
http://marc.info/?l=bugtraq&m=104032149026670&w=2
BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt
CALDERA:CSSA-2003-004.0
http://www.idefense.com/advisory/12.19.02.txt
MISC:http://www.idefense.com/advisory/12.19.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://secunia.com/advisories/7756/
SECUNIA:7756
http://secunia.com/advisories/7794
SECUNIA:7794
http://secunia.com/advisories/7803
SECUNIA:7803
http://secunia.com/advisories/7843
SECUNIA:7843
http://secunia.com/advisories/7858
SECUNIA:7858
http://secunia.com/advisories/7907
SECUNIA:7907
http://secunia.com/advisories/7913/
SECUNIA:7913
http://secunia.com/advisories/8080/
SECUNIA:8080
http://secunia.com/advisories/9325/
SECUNIA:9325
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SuSE-SA:2003:002
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
CVE-2002-1384
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
2004-09-01
2007-12-19
CVE-2002-1384
http://www.securityfocus.com/bid/6475
BID:6475
http://www.debian.org/security/2003/dsa-222
DEBIAN:DSA-222
http://www.debian.org/security/2003/dsa-226
DEBIAN:DSA-226
http://www.debian.org/security/2003/dsa-232
DEBIAN:DSA-232
http://marc.info/?l=bugtraq&m=104152282309980&w=2
GENTOO:GLSA-200301-1
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
MANDRAKE:MDKSA-2003:001
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
MANDRAKE:MDKSA-2003:002
http://www.idefense.com/advisory/12.23.02.txt
MISC:http://www.idefense.com/advisory/12.23.02.txt
http://www.redhat.com/support/errata/RHSA-2002-295.html
REDHAT:RHSA-2002:295
http://www.redhat.com/support/errata/RHSA-2002-307.html
REDHAT:RHSA-2002:307
http://www.redhat.com/support/errata/RHSA-2003-037.html
REDHAT:RHSA-2003:037
http://www.redhat.com/support/errata/RHSA-2003-216.html
REDHAT:RHSA-2003:216
http://www.novell.com/linux/security/advisories/2003_002_cups.html
SUSE:SUSE-SA:2003:002
VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
https://exchange.xforce.ibmcloud.com/vulnerabilities/10937
XF:pdftops-integer-overflow(10937)
CVE-2002-1385
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
2004-09-01
2017-07-18
CVE-2002-1385
http://www.securityfocus.com/bid/6425
BID:6425
http://marc.info/?l=bugtraq&m=104031696120743&w=2
BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise
http://marc.info/?l=bugtraq&m=104032263328026&w=2
BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise
http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435
CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435
https://exchange.xforce.ibmcloud.com/vulnerabilities/10904
XF:open-webmail-command-execution(10904)
CVE-2002-1386
Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument.
2002-12-31
2016-10-17
CVE-2002-1386
http://www.securityfocus.com/bid/6274
BID:6274
http://marc.info/?l=bugtraq&m=103849968732634&w=2
BUGTRAQ:20021128 TracerouteNG - never ending story
http://www.debian.org/security/2003/dsa-254
DEBIAN:DSA-254
http://www.iss.net/security_center/static/10608.php
XF:traceroute-nanog-bo(10608)
CVE-2002-1387
The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument.
2002-12-31
2016-10-17
CVE-2002-1387
http://marc.info/?l=bugtraq&m=103849968732634&w=2
BUGTRAQ:20021128 TracerouteNG - never ending story
CVE-2002-1388
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
2004-09-01
2008-02-06
CVE-2002-1388
http://www.securityfocus.com/bid/6479
BID:6479
http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
http://www.debian.org/security/2002/dsa-221
DEBIAN:DSA-221
https://exchange.xforce.ibmcloud.com/vulnerabilities/10950
XF:mhonarc-m2htexthtml-filter-xss(10950)
CVE-2002-1389
Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.
2004-09-01
2004-08-09
CVE-2002-1389
http://www.securityfocus.com/bid/6485
BID:6485
http://www.debian.org/security/2002/dsa-217
DEBIAN:DSA-217
https://exchange.xforce.ibmcloud.com/vulnerabilities/10936
XF:typespeed-command-line-bo(10936)
CVE-2002-1390
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.
2004-09-01
2008-02-27
CVE-2002-1390
http://www.securityfocus.com/bid/6549
BID:6549
http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html
CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html
http://www.debian.org/security/2003/dsa-223
DEBIAN:DSA-223
https://exchange.xforce.ibmcloud.com/vulnerabilities/11021
XF:geneweb-absolute-information-disclosure(11021)
CVE-2002-1391
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
2004-09-01
2007-11-12
CVE-2002-1391
http://www.securityfocus.com/bid/7303
BID:7303
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
CALDERA:CSSA-2003-021.0
http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
http://marc.info/?l=bugtraq&m=105154413326136&w=2
GENTOO:GLSA-200304-09
http://www.redhat.com/support/errata/RHSA-2003-008.html
REDHAT:RHSA-2003:008
http://www.redhat.com/support/errata/RHSA-2003-036.html
REDHAT:RHSA-2003:036
https://exchange.xforce.ibmcloud.com/vulnerabilities/11072
XF:mgetty-cndprogram-callername-bo(11072)
CVE-2002-1392
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
2004-09-01
2007-11-12
CVE-2002-1392
http://www.securityfocus.com/bid/7302
BID:7302
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
CALDERA:CSSA-2003-021.0
http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
http://marc.info/?l=bugtraq&m=105154413326136&w=2
GENTOO:GLSA-200304-09
http://www.redhat.com/support/errata/RHSA-2003-008.html
REDHAT:RHSA-2003:008
http://www.redhat.com/support/errata/RHSA-2003-036.html
REDHAT:RHSA-2003:036
https://exchange.xforce.ibmcloud.com/vulnerabilities/11070
XF:mgetty-faxspool-worldwritable-directory(11070)
CVE-2002-1393
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
2003-01-08
2016-10-17
CVE-2002-1393
http://www.securityfocus.com/bid/6462
BID:6462
http://marc.info/?l=bugtraq&m=104049734911544&w=2
BUGTRAQ:20021221 KDE Security Advisory: Multiple vulnerabilities in KDE
http://marc.info/?l=bugtraq&m=104066520330397&w=2
BUGTRAQ:20021222 GLSA: kde-3.0.x
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569
CONECTIVA:CLA-2003:569
http://www.kde.org/info/security/advisory-20021220-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20021220-1.txt
http://www.debian.org/security/2003/dsa-234
DEBIAN:DSA-234
http://www.debian.org/security/2003/dsa-235
DEBIAN:DSA-235
http://www.debian.org/security/2003/dsa-236
DEBIAN:DSA-236
http://www.debian.org/security/2003/dsa-237
DEBIAN:DSA-237
http://www.debian.org/security/2003/dsa-238
DEBIAN:DSA-238
http://www.debian.org/security/2003/dsa-239
DEBIAN:DSA-239
http://www.debian.org/security/2003/dsa-240
DEBIAN:DSA-240
http://www.debian.org/security/2003/dsa-241
DEBIAN:DSA-241
http://www.debian.org/security/2003/dsa-242
DEBIAN:DSA-242
http://www.debian.org/security/2003/dsa-243
DEBIAN:DSA-243
http://www.mandriva.com/security/advisories?name=MDKSA-2003:004
MANDRAKE:MDKSA-2003:004
http://www.redhat.com/support/errata/RHSA-2003-002.html
REDHAT:RHSA-2003:002
http://www.redhat.com/support/errata/RHSA-2003-003.html
REDHAT:RHSA-2003:003
http://secunia.com/advisories/8067
SECUNIA:8067
http://secunia.com/advisories/8103
SECUNIA:8103
CVE-2002-1394
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
2004-09-01
2020-02-13
CVE-2002-1394
http://www.securityfocus.com/bid/6562
BID:6562
http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
CONFIRM:http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
http://www.debian.org/security/2003/dsa-225
DEBIAN:DSA-225
http://marc.info/?l=bugtraq&m=103470282514938&w=2
GENTOO:GLSA-200210-001
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.redhat.com/support/errata/RHSA-2003-075.html
REDHAT:RHSA-2003:075
http://www.redhat.com/support/errata/RHSA-2003-082.html
REDHAT:RHSA-2003:082
https://exchange.xforce.ibmcloud.com/vulnerabilities/10376
XF:tomcat-invoker-source-code(10376)
CVE-2002-1395
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
2003-01-08
2007-11-12
CVE-2002-1395
http://www.securityfocus.com/bid/6307
BID:6307
http://www.debian.org/security/2002/dsa-202
DEBIAN:DSA-202
http://www.redhat.com/support/errata/RHSA-2003-039.html
REDHAT:RHSA-2003:039
http://secunia.com/advisories/8166
SECUNIA:8166
http://secunia.com/advisories/8242
SECUNIA:8242
http://www.iss.net/security_center/static/10767.php
XF:im-immknmz-symlink(10767)
http://www.iss.net/security_center/static/10766.php
XF:im-impwagent-insecure-directory(10766)
CVE-2002-1396
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
2004-09-01
2008-02-06
CVE-2002-1396
http://www.securityfocus.com/bid/6488
BID:6488
http://marc.info/?l=bugtraq&m=104102689503192&w=2
BUGTRAQ:20021227 Buffer overflow in PHP "wordwrap" function
http://bugs.php.net/bug.php?id=20927
CONFIRM:http://bugs.php.net/bug.php?id=20927
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html
ENGARDE:ESA-20030219-003
http://www.securityfocus.com/advisories/4862
GENTOO:200301-8
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019
MANDRAKE:MDKSA-2003:019
http://www.redhat.com/support/errata/RHSA-2003-017.html
REDHAT:RHSA-2003:017
SCO:CSSA-2003-SCO.28
http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html
SUSE:SuSE-SA:2003:0009
https://exchange.xforce.ibmcloud.com/vulnerabilities/10944
XF:php-wordwrap-bo(10944)
CVE-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
2003-01-08
2017-07-10
CVE-2002-1397
http://www.securityfocus.com/bid/5497
BID:5497
http://marc.info/?l=bugtraq&m=102977465204357&w=2
BUGTRAQ:20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
CONECTIVA:CLA-2002:524
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52
MISC:http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
https://exchange.xforce.ibmcloud.com/vulnerabilities/9891
XF:postgresql-cashwords-bo(9891)
CVE-2002-1398
Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."
2003-01-08
2016-10-17
CVE-2002-1398
http://marc.info/?l=bugtraq&m=102978152712430&w=2
BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
http://marc.info/?l=bugtraq&m=102996089613404&w=2
BUGTRAQ:20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
http://marc.info/?l=bugtraq&m=103021186622725&w=2
BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
http://marc.info/?l=bugtraq&m=103036987114437&w=2
BUGTRAQ:20020826 GLSA: PostgreSQL
http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
http://marc.info/?l=postgresql-announce&m=103062536330644
CONFIRM:http://marc.info/?l=postgresql-announce&m=103062536330644
http://www.debian.org/security/2002/dsa-165
DEBIAN:DSA-165
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
http://www.novell.com/linux/security/advisories/2002_038_postgresql.html
SUSE:SuSE-SA:2002:038
CVE-2002-1399
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
2003-01-08
2016-10-17
CVE-2002-1399
http://marc.info/?l=bugtraq&m=102978152712430&w=2
BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php
MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php
http://archives.postgresql.org/pgsql-hackers/2002-08/msg00713.php
MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00713.php
CVE-2002-1400
Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.
2003-01-08
2016-10-17
CVE-2002-1400
http://marc.info/?l=bugtraq&m=102987306029821&w=2
BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
http://marc.info/?l=bugtraq&m=103021186622725&w=2
BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
http://marc.info/?l=bugtraq&m=103036987114437&w=2
BUGTRAQ:20020826 GLSA: PostgreSQL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
CONECTIVA:CLA-2002:524
http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
http://marc.info/?l=postgresql-announce&m=103062536330644
CONFIRM:http://marc.info/?l=postgresql-announce&m=103062536330644
http://www.mandriva.com/security/advisories?name=MDKSA-2002:062
MANDRAKE:MDKSA-2002:062
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
http://www.novell.com/linux/security/advisories/2002_038_postgresql.html
SUSE:SuSE-SA:2002:038
CVE-2002-1401
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
2003-01-08
2007-11-12
CVE-2002-1401
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
CONECTIVA:CLA-2002:524
http://www.debian.org/security/2002/dsa-165
DEBIAN:DSA-165
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php
MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php
MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
CVE-2002-1402
Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.
2003-01-08
2016-10-17
CVE-2002-1402
http://marc.info/?l=bugtraq&m=103021186622725&w=2
BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
http://marc.info/?l=bugtraq&m=103036987114437&w=2
BUGTRAQ:20020826 GLSA: PostgreSQL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
CONECTIVA:CLA-2002:524
http://www.debian.org/security/2002/dsa-165
DEBIAN:DSA-165
http://www.mandriva.com/security/advisories?name=MDKSA-2002:062
MANDRAKE:MDKSA-2002:062
http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
MLIST:[pgsql-announce] 20020824 PostgreSQL 7.2.2: Security Release
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
http://secunia.com/advisories/8034
SECUNIA:8034
SUSE:SuSE-SA:2002:038
CVE-2002-1403
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
2004-09-01
2007-12-19
CVE-2002-1403
http://www.securityfocus.com/bid/6200
BID:6200
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549
CONECTIVA:CLA-2002:549
http://www.debian.org/security/2002/dsa-219
DEBIAN:DSA-219
http://marc.info/?l=bugtraq&m=104189546709447&w=2
GENTOO:GLSA-200301-3
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
MANDRAKE:MDKSA-2003:003
https://exchange.xforce.ibmcloud.com/vulnerabilities/10663
XF:dhcpcd-info-execute-commands(10663)
CVE-2002-1404
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1348. Reason: This candidate is a reservation duplicate of CVE-2002-1348. Notes: All CVE users should reference CVE-2002-1348 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-02-05
2003-02-11
CVE-2002-1404
CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
2004-09-01
2010-05-20
CVE-2002-1405
http://www.securityfocus.com/bid/5499
BID:5499
http://marc.info/?l=bugtraq&m=102978118411977&w=2
BUGTRAQ:20020819 Lynx CRLF Injection
http://marc.info/?l=bugtraq&m=103003793418021&w=2
BUGTRAQ:20020822 Lynx CRLF Injection, part two
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
CALDERA:CSSA-2002-049.0
http://www.debian.org/security/2002/dsa-210
DEBIAN:DSA-210
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
MANDRAKE:MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
REDHAT:RHSA-2003:029
http://www.redhat.com/support/errata/RHSA-2003-030.html
REDHAT:RHSA-2003:030
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
TRUSTIX:2002-0085
http://www.iss.net/security_center/static/9887.php
XF:lynx-crlf-injection(9887)
CVE-2002-1406
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
2003-03-18
2003-03-26
CVE-2002-1406
http://www.securityfocus.com/bid/5454
BID:5454
http://archives.neohapsis.com/archives/hp/2002-q3/0049.html
HP:HPSBUX0208-210
http://www.iss.net/security_center/static/9847.php
XF:hp-vvos-passwd(9847)
CVE-2002-1407
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
2004-09-01
2004-08-09
CVE-2002-1407
http://www.securityfocus.com/bid/5410
BID:5410
http://marc.info/?l=bugtraq&m=102866120821995&w=2
BUGTRAQ:20020805 IE SSL Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html
BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
XF:ssl-ca-certificate-spoofing(9776)
CVE-2002-1408
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
2003-03-18
2003-03-26
CVE-2002-1408
http://www.securityfocus.com/bid/5428
BID:5428
http://online.securityfocus.com/advisories/4360
HP:HPSBUX0208-208
http://www.iss.net/security_center/static/9814.php
XF:hp-emanate-default-snmp(9814)
CVE-2002-1409
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
2003-03-18
2017-10-09
CVE-2002-1409
http://www.securityfocus.com/bid/5425
BID:5425
http://archives.neohapsis.com/archives/hp/2002-q3/0041.html
HP:HPSBUX0208-206
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5584
OVAL:oval:org.mitre.oval:def:5584
http://www.iss.net/security_center/static/9818.php
XF:hp-ptrace-dos(9818)
CVE-2002-1410
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
2003-03-18
2003-03-21
CVE-2002-1410
http://www.securityfocus.com/bid/5341
BID:5341
http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html
BUGTRAQ:20020727 Easy Guestbook Vulnerabilities
http://www.iss.net/security_center/static/9697.php
XF:easy-guestbook-gain-access(9697)
CVE-2002-1411
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter.
2003-03-18
2003-03-21
CVE-2002-1411
http://www.securityfocus.com/bid/5081
BID:5081
http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html
BUGTRAQ:20020622 DPGS allows any file to be overwritten
http://www.iss.net/security_center/static/9414.php
XF:dpgs-dotdot-directory-traversal(9414)
CVE-2002-1412
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
2004-09-01
2004-08-09
CVE-2002-1412
http://www.securityfocus.com/bid/5375
BID:5375
http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html
BUGTRAQ:20020801 code injection in gallery
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0
CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0
http://www.debian.org/security/2002/dsa-138
DEBIAN:DSA-138
https://exchange.xforce.ibmcloud.com/vulnerabilities/9737
XF:gallery-basedir-execute-commands(9737)
CVE-2002-1413
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
2004-09-01
2003-03-21
CVE-2002-1413
http://www.securityfocus.com/bid/5541
BID:5541
http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html
BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2
http://www.kb.cert.org/vuls/id/746251
CERT-VN:VU#746251
http://support.novell.com/servlet/tidfinder/2963349
CONFIRM:http://support.novell.com/servlet/tidfinder/2963349
http://www.iss.net/security_center/static/9928.php
XF:netware-rconj-no-password(9928)
CVE-2002-1414
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
2004-09-01
2003-03-21
CVE-2002-1414
http://www.securityfocus.com/bid/5404
BID:5404
http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html
BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow
http://www.inter7.com/qmailadmin/ChangeLog
CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog
http://marc.info/?l=vuln-dev&m=102859603029424&w=2
VULN-DEV:20020806 qmailadmin SUID buffer overflow
http://www.iss.net/security_center/static/9786.php
XF:qmailadmin-templatedir-bo(9786)
CVE-2002-1415
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests.
2003-03-18
2003-03-21
CVE-2002-1415
http://www.securityfocus.com/bid/5518
BID:5518
http://online.securityfocus.com/archive/1/288222
BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible?
http://www.iss.net/security_center/static/9924.php
XF:webeasymail-smtp-service-dos(9924)
CVE-2002-1416
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.
2003-03-18
2003-03-21
CVE-2002-1416
http://www.securityfocus.com/bid/5519
BID:5519
http://online.securityfocus.com/archive/1/288222
BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible?
http://www.iss.net/security_center/static/9925.php
XF:webeasymail-pop3-bruteforce(9925)
CVE-2002-1417
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
2004-09-01
2003-03-21
CVE-2002-1417
http://www.securityfocus.com/bid/5523
BID:5523
http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
http://support.novell.com/servlet/tidfinder/2963297
CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
http://www.iss.net/security_center/static/9910.php
XF:novell-netbasic-directory-traversal(9910)
CVE-2002-1418
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.
2004-09-01
2003-03-21
CVE-2002-1418
http://www.securityfocus.com/bid/5524
BID:5524
http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
http://support.novell.com/servlet/tidfinder/2963297
CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
http://www.iss.net/security_center/static/9911.php
XF:novell-netbasic-interpreter-bo(9911)
CVE-2002-1419
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
2004-09-01
2003-03-26
CVE-2002-1419
http://www.securityfocus.com/bid/5467
BID:5467
ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I
SGI:20020805-01-I
http://www.iss.net/security_center/static/9868.php
XF:irix-origin-bypass-filtering(9868)
CVE-2002-1420
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
2004-09-01
2004-08-17
CVE-2002-1420
http://www.securityfocus.com/bid/5442
BID:5442
http://marc.info/?l=bugtraq&m=102918817012863&w=2
BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)
http://www.kb.cert.org/vuls/id/259787
CERT-VN:VU#259787
http://www.osvdb.org/7554
OSVDB:7554
http://www.iss.net/security_center/static/9809.php
XF:openbsd-select-bo(9809)
CVE-2002-1421
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
2003-03-18
2003-03-21
CVE-2002-1421
http://www.securityfocus.com/bid/5500
BID:5500
http://online.securityfocus.com/archive/1/288042
BUGTRAQ:20020818 FUDforum file access and SQL Injection
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
VULNWATCH:20020818 FUDforum file access and SQL Injection
http://www.iss.net/security_center/static/9912.php
XF:fudforum-sql-injection(9912)
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
2003-03-18
2003-03-21
CVE-2002-1422
http://www.securityfocus.com/bid/5502
BID:5502
http://online.securityfocus.com/archive/1/288042
BUGTRAQ:20020818 FUDforum file access and SQL Injection
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
VULNWATCH:20020818 FUDforum file access and SQL Injection
http://www.iss.net/security_center/static/9901.php
XF:fudforum-admnbrowse-modify-files(9901)
CVE-2002-1423
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
2003-03-18
2003-03-21
CVE-2002-1423
http://www.securityfocus.com/bid/5501
BID:5501
http://online.securityfocus.com/archive/1/288042
BUGTRAQ:20020818 FUDforum file access and SQL Injection
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
VULNWATCH:20020818 FUDforum file access and SQL Injection
http://www.iss.net/security_center/static/9896.php
XF:fudforum-tmpview-download-files(9896)
CVE-2002-1424
Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2004-09-01
2003-03-26
CVE-2002-1424
http://www.securityfocus.com/bid/5385
BID:5385
http://www.debian.org/security/2002/dsa-141
DEBIAN:DSA-141
http://www.iss.net/security_center/static/9747.php
XF:munpack-mime-bo(9747)
CVE-2002-1425
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
2004-09-01
2003-03-26
CVE-2002-1425
http://www.securityfocus.com/bid/5386
BID:5386
http://www.debian.org/security/2002/dsa-141
DEBIAN:DSA-141
http://www.iss.net/security_center/static/9748.php
XF:munpack-dotdot-directory-traversal(9748)
CVE-2002-1426
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
2003-03-18
2003-03-21
CVE-2002-1426
http://www.securityfocus.com/bid/5336
BID:5336
http://archives.neohapsis.com/archives/bugtraq/2002-07/0338.html
BUGTRAQ:20020727 Phenoelit Advisory 0815 ++ /+ HP ProCurve
http://www.phenoelit.de/stuff/HP_ProCurve.txt
MISC:http://www.phenoelit.de/stuff/HP_ProCurve.txt
http://www.iss.net/security_center/static/9708.php
XF:hp-procurve-snmp-write-dos(9708)
CVE-2002-1427
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
2003-03-18
2003-03-21
CVE-2002-1427
http://www.securityfocus.com/bid/5340
BID:5340
http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html
BUGTRAQ:20020727 Easy Homepage Creator Vulnerability
http://www.iss.net/security_center/static/9696.php
XF:easy-homepage-gain-access(9696)
CVE-2002-1428
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
2003-03-18
2003-03-21
CVE-2002-1428
http://www.securityfocus.com/bid/5347
BID:5347
http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html
BUGTRAQ:20020728 php dotProject by pass authentication
http://www.iss.net/security_center/static/9720.php
XF:dotproject-admin-access(9720)
CVE-2002-1429
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.
2003-03-18
2003-03-21
CVE-2002-1429
http://www.securityfocus.com/bid/5354
BID:5354
http://archives.neohapsis.com/archives/bugtraq/2002-07/0389.html
BUGTRAQ:20020729 Code injection Vulnerability in endity.com
http://endity.com/board/index.php?act=ST&f=3&t=68&s=363128162825b2d7fcf60c9cd2a292fe
MISC:http://endity.com/board/index.php?act=ST&f=3&t=68&s=363128162825b2d7fcf60c9cd2a292fe
http://www.iss.net/security_center/static/9739.php
XF:shoutbox-site-html-injection(9739)
CVE-2002-1430
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.
2004-09-01
2003-03-21
CVE-2002-1430
http://www.securityfocus.com/bid/5360
BID:5360
http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html
BUGTRAQ:20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2
http://www.ralusp.net/downloads/sympoll/changelog.txt
CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt
http://www.iss.net/security_center/static/9723.php
XF:sympoll-php-view-files(9723)
CVE-2002-1431
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server.
2003-03-18
2003-03-21
CVE-2002-1431
http://www.securityfocus.com/bid/4982
BID:4982
http://online.securityfocus.com/archive/1/276256
BUGTRAQ:20020609 Problem with IP reporting - Belkin Cable/DSL router
http://www.iss.net/security_center/static/9324.php
XF:belkin-incorrect-ip(9324)
CVE-2002-1432
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
2003-03-18
2003-03-21
CVE-2002-1432
http://www.securityfocus.com/bid/5438
BID:5438
http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.html
BUGTRAQ:20020807 MidiCart Shopping Cart Software database vulnerability
http://www.iss.net/security_center/static/9816.php
XF:shopping-cart-database-access(9816)
CVE-2002-1433
Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.
2003-03-18
2003-03-21
CVE-2002-1433
http://www.securityfocus.com/bid/5505
BID:5505
http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities
http://www.iss.net/security_center/static/9904.php
XF:kerio-mailserver-syn-dos(9904)
CVE-2002-1434
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
2003-03-18
2003-03-21
CVE-2002-1434
http://www.securityfocus.com/bid/5507
BID:5507
http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities
http://www.iss.net/security_center/static/9905.php
XF:kerio-webserver-webmail-xss(9905)
CVE-2002-1435
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
2004-09-01
2006-11-05
CVE-2002-1435
http://www.securityfocus.com/bid/5552
BID:5552
http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html
BUGTRAQ:20020822 Arbitrary code execution problem in Achievo
http://www.achievo.org/lists/2002/Aug/msg00092.html
CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html
http://www.iss.net/security_center/static/9947.php
XF:achievo-php-execute-code(9947)
CVE-2002-1436
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
2004-09-01
2003-03-21
CVE-2002-1436
http://www.securityfocus.com/bid/5520
BID:5520
http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
http://support.novell.com/servlet/tidfinder/2963307
CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
http://www.iss.net/security_center/static/9916.php
XF:netware-perl-code-execution(9916)
CVE-2002-1437
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
2004-09-01
2003-03-21
CVE-2002-1437
http://www.securityfocus.com/bid/5522
BID:5522
http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
http://support.novell.com/servlet/tidfinder/2963307
CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
http://www.iss.net/security_center/static/9915.php
XF:netware-perl-directory-traversal(9915)
CVE-2002-1438
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
2004-09-01
2003-03-21
CVE-2002-1438
http://www.securityfocus.com/bid/5521
BID:5521
http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
http://support.novell.com/servlet/tidfinder/2963307
CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
http://www.iss.net/security_center/static/9917.php
XF:netware-perl-information-disclosure(9917)
CVE-2002-1439
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
2003-03-18
2003-03-26
CVE-2002-1439
http://www.securityfocus.com/bid/5459
BID:5459
http://archives.neohapsis.com/archives/hp/2002-q3/0050.html
HP:HPSBUX0208-211
http://www.iss.net/security_center/static/9846.php
XF:hp-vvos-tga-corruption(9846)
CVE-2002-1440
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
2003-03-18
2003-03-21
CVE-2002-1440
http://www.securityfocus.com/bid/5472
BID:5472
http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html
BUGTRAQ:20020814 Trivial root compromise in Gateway GS-400 NAS Servers
http://www.iss.net/security_center/static/9864.php
XF:gateway-gs400-default-password(9864)
CVE-2002-1441
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
2003-03-18
2003-03-21
CVE-2002-1441
http://www.securityfocus.com/bid/4860
BID:4860
http://www.securityfocus.com/bid/5494
BID:5494
http://www.securityfocus.com/bid/5495
BID:5495
http://www.securityfocus.com/bid/5496
BID:5496
http://online.securityfocus.com/archive/1/288013
BUGTRAQ:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
http://www.nextgenss.com/advisories/steel-arrow-bo.txt
MISC:http://www.nextgenss.com/advisories/steel-arrow-bo.txt
http://www.nextgenss.com/vna/tom-saro.txt
MISC:http://www.nextgenss.com/vna/tom-saro.txt
http://www.steelarrow.com/
MISC:http://www.steelarrow.com/
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
VULNWATCH:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
http://www.iss.net/security_center/static/9890.php
XF:steelarrow-chunked-aro-bo(9890)
http://www.iss.net/security_center/static/9889.php
XF:steelarrow-long-aro-bo(9889)
http://www.iss.net/security_center/static/9888.php
XF:steelarrow-userident-bo(9888)
CVE-2002-1442
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
2003-03-18
2003-03-21
CVE-2002-1442
http://www.securityfocus.com/bid/5424
BID:5424
http://online.securityfocus.com/archive/1/286527
BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
http://sec.greymagic.com/adv/gm001-mc/
MISC:http://sec.greymagic.com/adv/gm001-mc/
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
CVE-2002-1443
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
2004-09-01
2004-08-09
CVE-2002-1443
http://www.securityfocus.com/bid/5426
BID:5426
http://online.securityfocus.com/archive/1/286527
BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
http://toolbar.google.com/whatsnew.php3
CONFIRM:http://toolbar.google.com/whatsnew.php3
http://sec.greymagic.com/adv/gm001-mc/
MISC:http://sec.greymagic.com/adv/gm001-mc/
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10054
XF:google-toolbar-keypress-monitoring(10054)
CVE-2002-1444
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
2003-03-18
2003-03-21
CVE-2002-1444
http://www.securityfocus.com/bid/5477
BID:5477
http://online.securityfocus.com/archive/1/287498
BUGTRAQ:20020815 IE [with Google Toolbar installed] crash
http://www.sztolnia.pl/hack/googIE/googIE.html
MISC:http://www.sztolnia.pl/hack/googIE/googIE.html
http://www.iss.net/security_center/static/9883.php
XF:ie-google-toolbar-dos(9883)
CVE-2002-1445
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
2003-03-18
2003-03-21
CVE-2002-1445
http://www.securityfocus.com/bid/5447
BID:5447
http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html
BUGTRAQ:20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability
http://www.iss.net/security_center/static/9834.php
XF:cern-proxy-xss(9834)
CVE-2002-1446
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
2004-09-01
2003-03-21
CVE-2002-1446
http://www.securityfocus.com/bid/5498
BID:5498
http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html
BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
http://www.ncipher.com/support/advisories/advisory5_c_verify.html
CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html
http://www.iss.net/security_center/static/9895.php
XF:ncipher-cverify-improper-verification(9895)
CVE-2002-1447
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
2004-09-01
2003-03-21
CVE-2002-1447
http://www.securityfocus.com/bid/5056
BID:5056
http://online.securityfocus.com/archive/1/277653
BUGTRAQ:20020619 [AP] Cisco vpnclient buffer overflow
http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml
CISCO:20020619 Buffer Overflow in UNIX VPN Client
http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt
MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt
http://www.iss.net/security_center/static/9376.php
XF:ciscovpn-profile-name-bo(9376)
CVE-2002-1448
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
2004-09-01
2003-03-21
CVE-2002-1448
http://www.securityfocus.com/bid/5396
BID:5396
http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html
BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware
http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml
CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml
http://www.iss.net/security_center/static/9769.php
XF:avaya-cajun-default-snmp(9769)
CVE-2002-1449
eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt.
2003-03-18
2003-03-21
CVE-2002-1449
http://www.securityfocus.com/bid/5369
BID:5369
http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html
BUGTRAQ:20020730 Bug in Eupload
http://www.iss.net/security_center/static/9733.php
XF:eupload-passwordtxt-overwrite-files(9733)
CVE-2002-1450
IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow.
2003-03-18
2003-03-21
CVE-2002-1450
http://archives.neohapsis.com/archives/bugtraq/2002-07/0442.html
BUGTRAQ:20020731 TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC
http://www.iss.net/security_center/static/9736.php
XF:ibm-universe-invalid-query-dos(9736)
CVE-2002-1451
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
2003-03-18
2003-03-21
CVE-2002-1451
http://www.securityfocus.com/bid/5566
BID:5566
http://www.securityfocus.com/bid/5567
BID:5567
http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html
BUGTRAQ:20020824 Blazix 1.2 jsp view and free protected folder access
http://www.iss.net/security_center/static/9952.php
XF:blazix-unauth-file-access(9952)
CVE-2002-1452
Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.
2003-03-18
2016-10-17
CVE-2002-1452
http://www.securityfocus.com/bid/5469
BID:5469
http://marc.info/?l=bugtraq&m=102935720109934&w=2
BUGTRAQ:20020814 new bugs in MyWebServer
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
VULNWATCH:20020814 new bugs in MyWebServer
http://www.iss.net/security_center/static/9859.php
XF:mywebserver-search-bo(9859)
CVE-2002-1453
Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.
2003-03-18
2016-10-17
CVE-2002-1453
http://www.securityfocus.com/bid/5470
BID:5470
http://marc.info/?l=bugtraq&m=102935720109934&w=2
BUGTRAQ:20020814 new bugs in MyWebServer
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
VULNWATCH:20020814 new bugs in MyWebServer
http://www.iss.net/security_center/static/9861.php
XF:mywebserver-long-http-xss(9861)
CVE-2002-1454
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
2003-03-18
2016-10-17
CVE-2002-1454
http://www.securityfocus.com/bid/5471
BID:5471
http://marc.info/?l=bugtraq&m=102935720109934&w=2
BUGTRAQ:20020814 new bugs in MyWebServer
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
VULNWATCH:20020814 new bugs in MyWebServer
http://www.iss.net/security_center/static/9862.php
XF:mywebserver-invalid-path-disclosure(9862)
CVE-2002-1455
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
2003-03-18
2003-03-21
CVE-2002-1455
http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html
BUGTRAQ:20020825 More OmniHTTPd Problems
http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html
BUGTRAQ:20020825 OmniHTTPd test.php Cross-Site Scripting Issue
http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html
BUGTRAQ:20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue
CVE-2002-1456
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
2003-03-18
2017-07-10
CVE-2002-1456
http://www.securityfocus.com/bid/5576
BID:5576
http://marc.info/?l=bugtraq&m=103046375002380&w=2
BUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
http://www.mirc.co.uk/whatsnew.txt
MISC:http://www.mirc.co.uk/whatsnew.txt
http://marc.info/?l=ntbugtraq&m=103046138631893&w=2
NTBUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0092.html
VULNWATCH:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/9970
XF:mirc-asctime-bo(9970)
CVE-2002-1457
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
2003-03-18
2003-03-21
CVE-2002-1457
http://www.securityfocus.com/bid/5468
BID:5468
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0074.html
VULNWATCH:20020813 L-Forum Vulnerability - SQL Injection
http://www.iss.net/security_center/static/9837.php
XF:lforum-search-sql-injection(9837)
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
2003-03-18
2003-03-21
CVE-2002-1458
http://www.securityfocus.com/bid/5462
BID:5462
http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
BUGTRAQ:20020813 L-Forum XSS and upload spoofing
http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
MISC:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
http://www.iss.net/security_center/static/9838.php
XF:lforum-html-message-xss(9838)
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.
2003-03-18
2003-03-21
CVE-2002-1459
http://www.securityfocus.com/bid/5462
BID:5462
http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
BUGTRAQ:20020813 L-Forum XSS and upload spoofing
http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
http://www.iss.net/security_center/static/9838.php
XF:lforum-html-message-xss(9838)
CVE-2002-1460
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.
2003-03-18
2003-03-21
CVE-2002-1460
http://www.securityfocus.com/bid/5463
BID:5463
http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
BUGTRAQ:20020813 L-Forum XSS and upload spoofing
http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
http://www.iss.net/security_center/static/9839.php
XF:lforum-upload-read-files(9839)
CVE-2002-1461
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
2003-03-18
2003-03-21
CVE-2002-1461
http://www.securityfocus.com/bid/5474
BID:5474
http://archives.neohapsis.com/archives/bugtraq/2002-08/0130.html
BUGTRAQ:20020815 Web Shop Manager Security Vulnerability
http://www.securiteam.com/securitynews/5KP0G0080E.html
MISC:http://www.securiteam.com/securitynews/5KP0G0080E.html
http://www.iss.net/security_center/static/9817.php
XF:webshop-manager-execute-commands(9817)
CVE-2002-1462
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
2003-03-18
2003-03-21
CVE-2002-1462
http://www.securityfocus.com/bid/5482
BID:5482
http://archives.neohapsis.com/archives/bugtraq/2002-08/0141.html
BUGTRAQ:20020815 Input validation attack in php-affiliate-v1.0
http://www.iss.net/security_center/static/9858.php
XF:phpaffiliate-details-account-access(9858)
CVE-2002-1463
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
2004-09-01
2004-08-17
CVE-2002-1463
http://www.securityfocus.com/bid/5387
BID:5387
http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html
BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability
http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html
CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html
http://www.osvdb.org/855
OSVDB:855
https://exchange.xforce.ibmcloud.com/vulnerabilities/12836
XF:symantec-tcp-seq-predict(12836)
CVE-2002-1464
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
2003-03-18
2003-03-21
CVE-2002-1464
http://www.securityfocus.com/bid/5455
BID:5455
http://online.securityfocus.com/archive/1/287228
BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
http://www.iss.net/security_center/static/9835.php
XF:b2-gpc-xss(9835)
CVE-2002-1465
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
2003-03-18
2003-03-21
CVE-2002-1465
http://www.securityfocus.com/bid/5456
BID:5456
http://online.securityfocus.com/archive/1/287228
BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
http://www.iss.net/security_center/static/9836.php
XF:b2-tableposts-sql-injection(9836)
CVE-2002-1466
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
2003-03-18
2003-03-21
CVE-2002-1466
http://online.securityfocus.com/archive/1/287228
BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
CVE-2002-1467
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
2003-03-18
2003-03-21
CVE-2002-1467
http://www.securityfocus.com/bid/5429
BID:5429
http://online.securityfocus.com/archive/1/286625
BUGTRAQ:20020808 Macromedia Flash plugin can read local files
http://www.macromedia.com/v1/handlers/index.cfm?ID=23294
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23294
http://www.iss.net/security_center/static/9797.php
XF:flash-same-domain-disclosure(9797)
CVE-2002-1468
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
2004-09-01
2004-08-09
CVE-2002-1468
http://archives.neohapsis.com/archives/aix/2002-q3/0007.html
AIXAPAR:IY31997
http://www.securityfocus.com/bid/5885
BID:5885
CVE-2002-1469
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
2004-09-01
2003-03-21
CVE-2002-1469
http://www.securityfocus.com/bid/5526
BID:5526
http://online.securityfocus.com/archive/1/288245
BUGTRAQ:20020820 vulnerabilities in scponly
http://www.sublimation.org/scponly/
CONFIRM:http://www.sublimation.org/scponly/
http://www.iss.net/security_center/static/9913.php
XF:scponly-ssh-env-upload(9913)
CVE-2002-1470
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
2003-03-18
2003-03-21
CVE-2002-1470
http://www.securityfocus.com/bid/5414
BID:5414
http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html
BUGTRAQ:20020806 Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /
http://www.iss.net/security_center/static/9775.php
XF:shoutcast-scservlog-world-readable(9775)
CVE-2002-1471
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
2004-09-01
2003-03-21
CVE-2002-1471
http://www.securityfocus.com/bid/5875
BID:5875
http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html
BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution
http://www.iss.net/security_center/static/10292.php
XF:evolution-camel-certificate-mitm(10292)
CVE-2002-1472
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
2004-09-01
2006-09-19
CVE-2002-1472
http://www.securityfocus.com/bid/5735
BID:5735
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
CONECTIVA:CLA-2002:529
http://www.osvdb.org/11922
OSVDB:11922
http://www.redhat.com/support/errata/RHSA-2003-066.html
REDHAT:RHSA-2003:066
http://www.redhat.com/support/errata/RHSA-2003-067.html
REDHAT:RHSA-2003:067
http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html
SUSE:SuSE-SA:2002:032
http://www.iss.net/security_center/static/10137.php
XF:xfree86-x11-program-execution(10137)
CVE-2002-1473
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
2003-03-18
2003-03-26
CVE-2002-1473
http://archives.neohapsis.com/archives/hp/2002-q3/0064.html
HP:HPSBUX0208-213
http://www.iss.net/security_center/static/9992.php
XF:hp-lp-dos(9992)
CVE-2002-1474
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
2003-03-18
2003-03-26
CVE-2002-1474
http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html
COMPAQ:SSRT-547
CVE-2002-1475
Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.
2003-03-18
2003-03-26
CVE-2002-1475
http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html
COMPAQ:SSRT-547
CVE-2002-1476
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
2004-09-01
2004-08-17
CVE-2002-1476
http://www.securityfocus.com/bid/5724
BID:5724
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc
NETBSD:NetBSD-SA2002-012
http://www.osvdb.org/7565
OSVDB:7565
http://www.iss.net/security_center/static/10159.php
XF:netbsd-libc-setlocale-bo(10159)
CVE-2002-1477
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
2004-09-01
2003-03-26
CVE-2002-1477
http://www.securityfocus.com/bid/5627
BID:5627
http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
BUGTRAQ:20020903 Cacti security issues
http://www.debian.org/security/2002/dsa-164
DEBIAN:DSA-164
http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
http://www.iss.net/security_center/static/10048.php
XF:cacti-graph-label-commands(10048)
CVE-2002-1478
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
2004-09-01
2004-08-10
CVE-2002-1478
http://www.securityfocus.com/bid/5630
BID:5630
http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
BUGTRAQ:20020903 Cacti security issues
http://www.debian.org/security/2002/dsa-164
DEBIAN:DSA-164
http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
http://www.iss.net/security_center/static/10050.php
XF:cacti-console-mode-commands(10050)
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
2004-09-01
2017-07-18
CVE-2002-1479
http://www.securityfocus.com/bid/5628
BID:5628
http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
BUGTRAQ:20020903 Cacti security issues
http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
http://www.iss.net/security_center/static/10049.php
XF:cacti-config-world-readable(10049)
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
2003-03-18
2003-03-21
CVE-2002-1480
http://www.securityfocus.com/bid/5676
BID:5676
http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
BUGTRAQ:20020909 phpGB: cross site scripting bug
http://www.iss.net/security_center/static/10060.php
XF:phpgb-entry-deletion-xss(10060)
CVE-2002-1481
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
2003-03-18
2003-03-21
CVE-2002-1481
http://www.securityfocus.com/bid/5679
BID:5679
http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands
http://www.iss.net/security_center/static/10065.php
XF:phpgb-savesettings-unauth-access(10065)
CVE-2002-1482
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
2003-03-18
2003-03-21
CVE-2002-1482
http://www.securityfocus.com/bid/5673
BID:5673
http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands
http://www.iss.net/security_center/static/10068.php
XF:phpgb-login-sql-injection(10068)
CVE-2002-1483
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
2003-03-18
2003-03-21
CVE-2002-1483
http://www.securityfocus.com/bid/5723
BID:5723
http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.html
BUGTRAQ:20020917 Advisory: File disclosure in DB4Web
http://www.db4web.de/download/homepage/hotfix/readme_en.txt
CONFIRM:http://www.db4web.de/download/homepage/hotfix/readme_en.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.html
VULNWATCH:20020919 Advisory: File disclosure in DB4Web
http://www.iss.net/security_center/static/10123.php
XF:db4web-db4webc-directory-traversal(10123)
CVE-2002-1484
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
2003-03-18
2003-03-21
CVE-2002-1484
http://www.securityfocus.com/bid/5725
BID:5725
http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html
BUGTRAQ:20020917 Advisory: TCP-Connection risk in DB4Web
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html
VULNWATCH:20020919 Advisory: TCP-Connection risk in DB4Web
http://www.iss.net/security_center/static/10136.php
XF:db4web-tcp-portscan(10136)
CVE-2002-1485
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
2003-03-18
2005-06-01
CVE-2002-1485
http://www.securityfocus.com/bid/5783
BID:5783
http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html
BUGTRAQ:20020923 Trillian Remote DoS Attack - AIM
CVE-2002-1486
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
2003-03-18
2003-03-21
CVE-2002-1486
http://www.securityfocus.com/bid/5765
BID:5765
http://www.securityfocus.com/bid/5769
BID:5769
http://www.securityfocus.com/bid/5777
BID:5777
http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html
BUGTRAQ:20020920 Yet Another. Trillian 'JOIN' Overflow.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html
BUGTRAQ:20020921 And Again. Trillian 'raw 221' Overflow.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
BUGTRAQ:20020922 *sigh* Trillian multiple DoS
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html
NTBUGTRAQ:20020914 Trillian .74 and below, ident flaw.
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html
NTBUGTRAQ:20020919 Trillian .73 & .74 "PRIVMSG" Overflow.
http://www.iss.net/security_center/static/10150.php
XF:trillian-irc-join-bo(10150)
http://www.iss.net/security_center/static/10163.php
XF:trillian-irc-server-bo(10163)
http://www.iss.net/security_center/static/10151.php
XF:trillian-raw221-bo(10151)
CVE-2002-1487
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
2003-03-18
2003-03-21
CVE-2002-1487
http://www.securityfocus.com/bid/5775
BID:5775
http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
BUGTRAQ:20020922 *sigh* Trillian multiple DoS
http://www.iss.net/security_center/static/10161.php
XF:trillian-irc-raw-dos(10161)
CVE-2002-1488
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
2003-03-18
2003-03-21
CVE-2002-1488
http://www.securityfocus.com/bid/5776
BID:5776
http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
BUGTRAQ:20020922 *sigh* Trillian multiple DoS
http://www.iss.net/security_center/static/10162.php
XF:trillian-part-message-dos(10162)
CVE-2002-1489
Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.
2003-03-18
2003-03-21
CVE-2002-1489
http://www.securityfocus.com/bid/5710
BID:5710
http://archives.neohapsis.com/archives/bugtraq/2002-09/0166.html
BUGTRAQ:20020914 Planet Web Software Buffer Overflow
http://archives.neohapsis.com/archives/bugtraq/2002-10/0236.html
BUGTRAQ:20021017 New buffer overflow in plaetDNS
http://www.iss.net/security_center/static/10124.php
XF:planetweb-long-url-bo(10124)
http://www.iss.net/security_center/static/10391.php
XF:planetweb-long-url-bo(10391)
CVE-2002-1490
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
2004-09-01
2004-08-17
CVE-2002-1490
http://www.securityfocus.com/bid/5722
BID:5722
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc
NETBSD:NetBSD-SA2002-007
http://www.osvdb.org/7566
OSVDB:7566
http://www.iss.net/security_center/static/10115.php
XF:netbsd-tiocsctty-ioctl-bo(10115)
CVE-2002-1491
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
2004-09-01
2004-08-17
CVE-2002-1491
http://www.securityfocus.com/bid/5736
BID:5736
http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
http://www.osvdb.org/7041
OSVDB:7041
http://www.iss.net/security_center/static/10129.php
XF:cisco-vpn5000-defaultconnection-password(10129)
CVE-2002-1492
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
2003-03-18
2003-03-21
CVE-2002-1492
http://www.securityfocus.com/bid/5734
BID:5734
http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
http://www.iss.net/security_center/static/10131.php
XF:cisco-vpn5000-binary-bo(10131)
CVE-2002-1493
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
2004-09-01
2004-08-10
CVE-2002-1493
http://www.securityfocus.com/bid/5728
BID:5728
http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html
VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728
https://exchange.xforce.ibmcloud.com/vulnerabilities/12235
XF:guestgear-img-xss(12235)
CVE-2002-1494
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.
2004-09-01
2004-08-10
CVE-2002-1494
http://www.securityfocus.com/bid/5618
BID:5618
http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html
BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS
http://www.iss.net/security_center/static/10029.php
XF:aestiva-htmlos-cgi-xss(10029)
CVE-2002-1495
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
2003-03-18
2003-03-21
CVE-2002-1495
http://www.securityfocus.com/bid/5771
BID:5771
http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html
BUGTRAQ:20020922 JAWmail XSS
http://www.iss.net/security_center/static/10152.php
XF:jawmail-mail-message-xss(10152)
CVE-2002-1496
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
2004-09-01
2003-03-21
CVE-2002-1496
http://www.securityfocus.com/bid/5774
BID:5774
http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0
http://freshmeat.net/releases/97910/
CONFIRM:http://freshmeat.net/releases/97910/
http://www.iss.net/security_center/static/10160.php
XF:null-httpd-contentlength-bo(10160)
CVE-2002-1497
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
2004-09-01
2007-10-30
CVE-2002-1497
http://www.securityfocus.com/bid/5603
BID:5603
BUGTRAQ:20020902 XSS in Null HTTPd
http://freshmeat.net/releases/97910/
CONFIRM:http://freshmeat.net/releases/97910/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10004
XF:null-httpd-xss(10004)
CVE-2002-1498
Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.
2003-03-18
2003-03-21
CVE-2002-1498
http://www.securityfocus.com/bid/5590
BID:5590
http://archives.neohapsis.com/archives/bugtraq/2002-08/0307.html
BUGTRAQ:20020828 SWServer 2.2 directory traversal bug
http://www.iss.net/security_center/static/9981.php
XF:swserver-encoded-directory-traversal(9981)
CVE-2002-1499
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
2003-03-18
2003-03-21
CVE-2002-1499
http://www.securityfocus.com/bid/5600
BID:5600
http://online.securityfocus.com/archive/1/290021
BUGTRAQ:20020831 FactoSystem CMS Contains Multiple Vulnerabilities
http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
VULNWATCH:20020830 FactoSystem CMS Contains Multiple Vulnerabilities
http://www.iss.net/security_center/static/10000.php
XF:factosystem-asp-sql-injection(10000)
CVE-2002-1500
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
2003-03-18
2003-03-26
CVE-2002-1500
http://www.securityfocus.com/bid/5727
BID:5727
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
NETBSD:NetBSD-SA2002-014
http://www.iss.net/security_center/static/10114.php
XF:netbsd-fdset-bo(10114)
CVE-2002-1501
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
2004-09-01
2003-03-21
CVE-2002-1501
http://www.securityfocus.com/bid/5703
BID:5703
http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html
BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system
http://www.enterasys.com/support/techtips/tk0659-9.html
MISC:http://www.enterasys.com/support/techtips/tk0659-9.html
http://www.iss.net/security_center/static/10096.php
XF:smartswitch-portscan-dos(10096)
CVE-2002-1502
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
2004-09-01
2003-03-21
CVE-2002-1502
http://www.securityfocus.com/bid/5700
BID:5700
http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html
BUGTRAQ:20020912 xbreaky symlink vulnerability
http://xbreaky.sourceforge.net/
CONFIRM:http://xbreaky.sourceforge.net/
http://www.iss.net/security_center/static/10078.php
XF:xbreaky-breakyhighscores-symlink(10078)
CVE-2002-1503
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
2003-03-18
2003-03-21
CVE-2002-1503
http://www.securityfocus.com/bid/5626
BID:5626
http://archives.neohapsis.com/archives/bugtraq/2002-09/0029.html
BUGTRAQ:20020904 AFD 1.2.14 multiple local root compromises
http://www.dwd.de/AFD/txt/CHANGES
CONFIRM:http://www.dwd.de/AFD/txt/CHANGES
http://www.iss.net/security_center/static/10036.php
XF:afd-multiple-binaries-bo(10036)
CVE-2002-1504
Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL.
2003-03-18
2003-03-21
CVE-2002-1504
http://archives.neohapsis.com/archives/bugtraq/2002-09/0045.html
BUGTRAQ:20020905 advisory
http://www.iss.net/security_center/static/10051.php
XF:webserver-4everyone-directory-traversal(10051)
CVE-2002-1505
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
2004-09-01
2003-03-21
CVE-2002-1505
http://www.securityfocus.com/bid/5675
BID:5675
http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html
BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below
http://www.iss.net/security_center/static/10069.php
XF:wbb-board-sql-injection(10069)
CVE-2002-1506
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
2003-03-18
2003-03-21
CVE-2002-1506
http://www.securityfocus.com/bid/5585
BID:5585
http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html
BUGTRAQ:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4
MISC:http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html
VULNWATCH:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
http://www.iss.net/security_center/static/9980.php
XF:linuxconf-linuxconflang-env-bo(9980)
CVE-2002-1507
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
2003-03-18
2003-03-21
CVE-2002-1507
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0116.html
VULNWATCH:20020917 Fw: [ut2003bugs] remote denial of service in ut2003 demo
http://www.iss.net/security_center/static/10128.php
XF:ut-console-dos(10128)
CVE-2002-1508
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
2003-02-11
2003-03-18
CVE-2002-1508
http://www.debian.org/security/2003/dsa-227
DEBIAN:DSA-227
http://www.mandriva.com/security/advisories?name=MDKSA-2003:006
MANDRAKE:MDKSA-2003:006
http://www.redhat.com/support/errata/RHSA-2003-040.html
REDHAT:RHSA-2003:040
http://www.novell.com/linux/security/advisories/2002_047_openldap2.html
SUSE:SuSE-SA:2002:047
http://www.iss.net/security_center/static/11288.php
XF:openldap-acl-slapd-bo(11288)
CVE-2002-1509
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
2004-09-01
2007-11-12
CVE-2002-1509
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
MANDRAKE:MDKSA-2003:026
http://www.redhat.com/support/errata/RHSA-2003-057.html
REDHAT:RHSA-2003:057
http://www.redhat.com/support/errata/RHSA-2003-058.html
REDHAT:RHSA-2003:058
CVE-2002-1510
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
2004-09-01
2010-05-20
CVE-2002-1510
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
CONECTIVA:CLA-2002:533
http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
http://www.redhat.com/support/errata/RHSA-2003-064.html
REDHAT:RHSA-2003:064
http://www.redhat.com/support/errata/RHSA-2003-065.html
REDHAT:RHSA-2003:065
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602
SUNALERT:55602
http://www.iss.net/security_center/static/11389.php
XF:xfree86-xdm-unauth-access(11389)
CVE-2002-1511
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
2004-09-01
2010-05-20
CVE-2002-1511
http://www.securityfocus.com/bid/6905
BID:6905
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
CONECTIVA:CLSA-2003:640
http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
http://security.gentoo.org/glsa/glsa-200302-15.xml
GENTOO:200302-15
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
MANDRAKE:MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2003-041.html
REDHAT:RHSA-2003:041
http://www.redhat.com/support/errata/RHSA-2003-068.html
REDHAT:RHSA-2003:068
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161
SUNALERT:56161
http://www.iss.net/security_center/static/11384.php
XF:vnc-rand-weak-cookie(11384)
CVE-2002-1512
xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file.
2003-03-18
2003-03-21
CVE-2002-1512
http://www.securityfocus.com/bid/5708
BID:5708
http://archives.neohapsis.com/archives/bugtraq/2002-09/0154.html
BUGTRAQ:20020912 Race condition in BRU Workstation 17.0
http://www.iss.net/security_center/static/10101.php
XF:bru-xbru-race-condition(10101)
CVE-2002-1513
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
2004-09-01
2003-03-26
CVE-2002-1513
http://www.securityfocus.com/bid/5790
BID:5790
http://online.securityfocus.com/archive/1/293070
BUGTRAQ:20020927 OpenVMS POP server local vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)
http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
COMPAQ:SSRT2371
http://www.iss.net/security_center/static/10236.php
XF:openvms-pop-gain-privileges(10236)
CVE-2002-1514
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
2004-09-01
2003-03-21
CVE-2002-1514
http://www.securityfocus.com/bid/5805
BID:5805
http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html
BUGTRAQ:20020925 Borland Interbase local root exploit
http://www.iss.net/security_center/static/10196.php
XF:interbase-gdslockmgr-bo(10196)
CVE-2002-1515
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter.
2003-03-18
2003-03-21
CVE-2002-1515
http://www.securityfocus.com/bid/5973
BID:5973
http://online.securityfocus.com/archive/1/295358
BUGTRAQ:20021012 CoolForum v 0.5 beta shows content of PHP files
http://www.coolforum.net/index.php?p=dlcoolforum
CONFIRM:http://www.coolforum.net/index.php?p=dlcoolforum
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0001.html
VULNWATCH:20021001 [VulnWatch] CoolForum v 0.5 beta shows content of PHP files
http://www.iss.net/security_center/static/10237.php
XF:coolforum-avatar-view-php(10237)
CVE-2002-1516
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack.
2004-09-01
2003-03-26
CVE-2002-1516
http://www.securityfocus.com/bid/5889
BID:5889
http://www.ciac.org/ciac/bulletins/n-004.shtml
CIAC:N-004
ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
SGI:20020903-01-P
http://www.iss.net/security_center/static/10272.php
XF:irix-rpcbind-w-symlink(10272)
CVE-2002-1517
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file.
2004-09-01
2006-05-08
CVE-2002-1517
http://www.securityfocus.com/bid/5897
BID:5897
http://www.ciac.org/ciac/bulletins/n-004.shtml
CIAC:N-004
http://www.osvdb.org/8579
OSVDB:8579
ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
SGI:20020903-01-P
ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P
SGI:20020903-02-P
ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
SGI:20021103-01-P
ftp://patches.sgi.com/support/free/security/advisories/20021103-02-P
SGI:20021103-02-P
http://www.iss.net/security_center/static/10275.php
XF:irix-fsr-efs-symlink(10275)
CVE-2002-1518
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.
2004-09-01
2003-03-26
CVE-2002-1518
http://www.securityfocus.com/bid/5893
BID:5893
http://www.ciac.org/ciac/bulletins/n-004.shtml
CIAC:N-004
http://www.osvdb.org/8580
OSVDB:8580
ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
SGI:20020903-01-P
http://www.iss.net/security_center/static/10276.php
XF:irix-mv-directory-insecure(10276)
CVE-2002-1519
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
2004-09-01
2004-08-17
CVE-2002-1519
http://www.securityfocus.com/bid/5814
BID:5814
http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
BUGTRAQ:20020926 Watchguard firewall appliances security issues
http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
http://www.osvdb.org/4924
OSVDB:4924
http://www.iss.net/security_center/static/10217.php
XF:firebox-vclass-cli-format-string(10217)
CVE-2002-1520
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
2004-09-01
2004-08-19
CVE-2002-1520
http://www.securityfocus.com/bid/5815
BID:5815
http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
BUGTRAQ:20020926 Watchguard firewall appliances security issues
http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
http://www.osvdb.org/4831
OSVDB:4831
http://www.iss.net/security_center/static/10218.php
XF:firebox-vclass-cli-admin-privileges(10218)
CVE-2002-1521
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
2004-09-01
2003-03-21
CVE-2002-1521
http://www.securityfocus.com/bid/5803
BID:5803
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability
http://www.iss.net/security_center/static/10198.php
XF:webserver-4d-plaintext-passwords(10198)
CVE-2002-1522
Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.
2003-03-18
2003-03-21
CVE-2002-1522
http://www.securityfocus.com/bid/5899
BID:5899
http://archives.neohapsis.com/archives/bugtraq/2002-10/0075.html
BUGTRAQ:20021005 Vulnerabilitie in PowerFTP server
http://archives.neohapsis.com/archives/bugtraq/2002-10/0194.html
BUGTRAQ:20021012 Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source)
http://www.iss.net/security_center/static/10286.php
XF:powerftp-long-username-dos(10286)
CVE-2002-1523
Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences.
2003-03-18
2003-03-21
CVE-2002-1523
http://archives.neohapsis.com/archives/bugtraq/2002-10/0181.html
BUGTRAQ:20021013 Directory traversal in Daniel Arenz' Mini Server
http://www.da-home.de/miniserver/update.html
CONFIRM:http://www.da-home.de/miniserver/update.html
http://www.iss.net/security_center/static/10366.php
XF:mini-server-directory-traversal(10366)
CVE-2002-1524
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
2004-09-01
2003-03-21
CVE-2002-1524
http://www.securityfocus.com/bid/5832
BID:5832
http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html
BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
http://www.iss.net/security_center/static/10228.php
XF:winamp-xml-parser-bo(10228)
CVE-2002-1525
Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.
2003-03-18
2003-03-21
CVE-2002-1525
http://www.securityfocus.com/bid/5828
BID:5828
http://online.securityfocus.com/archive/1/293545
BUGTRAQ:20020929 [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
http://www.iss.net/security_center/static/10225.php
XF:sunone-starterkit-search-traversal(10225)
CVE-2002-1526
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.
2003-03-18
2007-10-15
CVE-2002-1526
http://www.securityfocus.com/bid/5824
BID:5824
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html
VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure
http://www.iss.net/security_center/static/10205.php
XF:emu-webmail-address-xss(10205)
CVE-2002-1527
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
2003-03-18
2007-10-15
CVE-2002-1527
http://www.securityfocus.com/bid/5823
BID:5823
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html
VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure
http://www.iss.net/security_center/static/10205.php
XF:emu-webmail-address-xss(10205)
http://www.iss.net/security_center/static/10204.php
XF:emu-webmail-path-disclosure(10204)
CVE-2002-1528
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.
2004-09-01
2003-03-21
CVE-2002-1528
http://www.securityfocus.com/bid/5941
BID:5941
http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html
BUGTRAQ:20021010 MondoSearch show the source of all files
http://www.iss.net/security_center/static/10350.php
XF:mondosearch-url-souce-disclosure(10350)
CVE-2002-1529
Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.
2004-09-01
2007-10-15
CVE-2002-1529
http://www.securityfocus.com/bid/5928
BID:5928
http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
http://www.iss.net/security_center/static/10319.php
XF:superscout-emailfilter-error-xss(10319)
CVE-2002-1530
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.
2004-09-01
2007-10-15
CVE-2002-1530
http://www.securityfocus.com/bid/5929
BID:5929
http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
http://www.iss.net/security_center/static/10320.php
XF:superscout-emailfilter-plaintext-passwords(10320)
CVE-2002-1531
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter.
2004-09-01
2007-10-15
CVE-2002-1531
http://www.securityfocus.com/bid/5930
BID:5930
http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
http://www.iss.net/security_center/static/10321.php
XF:superscout-emailfilter-content-dos(10321)
CVE-2002-1532
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it.
2004-09-01
2007-10-15
CVE-2002-1532
http://www.securityfocus.com/bid/5931
BID:5931
http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
http://www.iss.net/security_center/static/10322.php
XF:superscout-emailfilter-get-dos(10322)
CVE-2002-1533
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
2003-03-18
2003-03-21
CVE-2002-1533
http://www.securityfocus.com/bid/5821
BID:5821
http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html
BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln
http://www.iss.net/security_center/static/10219.php
XF:jetty-http-xss(10219)
CVE-2002-1534
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.
2004-09-01
2003-03-21
CVE-2002-1534
http://www.securityfocus.com/bid/5904
BID:5904
http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html
BUGTRAQ:20021006 Flash player can read local files
http://www.iss.net/security_center/static/10297.php
XF:flash-xml-read-files(10297)
CVE-2002-1535
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
2003-03-18
2007-10-15
CVE-2002-1535
http://www.securityfocus.com/bid/5959
BID:5959
http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html
BUGTRAQ:20021014 Symantec Enterprise Firewall Secure Webserver info leak
http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11a.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11a.html
http://www.iss.net/security_center/static/10363.php
XF:simple-webserver-topology-disclosure(10363)
CVE-2002-1536
Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl.
2003-03-18
2003-03-21
CVE-2002-1536
http://www.securityfocus.com/bid/6007
BID:6007
http://online.securityfocus.com/archive/1/296163
BUGTRAQ:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0028.html
VULNWATCH:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution
http://www.iss.net/security_center/static/10397.php
XF:molly-host-execute-commands(10397)
CVE-2002-1537
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
2004-09-01
2007-03-02
CVE-2002-1537
http://www.securityfocus.com/bid/6056
BID:6056
http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html
BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0
http://www.osvdb.org/4284
OSVDB:4284
http://www.iss.net/security_center/static/10489.php
XF:phpbb-adminugauth-admin-privileges(10489)
CVE-2002-1538
Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable.
2004-09-01
2006-11-05
CVE-2002-1538
http://www.securityfocus.com/bid/6048
BID:6048
http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html
BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma
http://www.iss.net/security_center/static/10473.php
XF:acusend-unauthorized-file-access(10473)
CVE-2002-1539
Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.
2003-03-18
2003-03-21
CVE-2002-1539
http://www.securityfocus.com/bid/6053
BID:6053
http://archives.neohapsis.com/archives/bugtraq/2002-10/0382.html
BUGTRAQ:20021027 MDaemon SMTP/POP/IMAP server DoS
http://www.iss.net/security_center/static/10488.php
XF:mdaemon-dele-uidl-dos(10488)
CVE-2002-1540
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
2004-09-01
2004-08-17
CVE-2002-1540
http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation
http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
BUGTRAQ:20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0
http://www.osvdb.org/6258
OSVDB:6258
http://www.iss.net/security_center/static/10475.php
XF:nav-winhlp32-gain-privileges(10475)
CVE-2002-1541
BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).
2004-09-01
2003-03-21
CVE-2002-1541
http://www.securityfocus.com/bid/6044
BID:6044
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html
VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
http://www.iss.net/security_center/static/10466.php
XF:badblue-protected-file-access(10466)
CVE-2002-1542
SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.
2003-03-18
2007-10-28
CVE-2002-1542
http://www.securityfocus.com/bid/6043
BID:6043
http://archives.neohapsis.com/archives/bugtraq/2002-10/0344.html
BUGTRAQ:20021024 TFTP Server DoS
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0040.html
VULNWATCH:20021024 TFTP Server DoS
http://www.iss.net/security_center/static/10462.php
XF:tftp-udp-datagram-bo(10462)
CVE-2002-1543
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.
2004-09-01
2004-08-17
CVE-2002-1543
http://www.securityfocus.com/bid/6036
BID:6036
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc
NETBSD:NetBSD-SA2002-025
http://www.osvdb.org/7570
OSVDB:7570
http://www.iss.net/security_center/static/10458.php
XF:trek-keyboard-input-bo(10458)
CVE-2002-1544
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get.
2003-03-18
2003-03-21
CVE-2002-1544
http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html
BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server'
CVE-2002-1545
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response.
2003-03-18
2003-03-21
CVE-2002-1545
http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html
BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server'
CVE-2002-1546
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
2003-03-18
2003-03-21
CVE-2002-1546
http://www.securityfocus.com/bid/6041
BID:6041
http://www.securityoffice.net/articles/webweaver/
MISC:http://www.securityoffice.net/articles/webweaver/
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0043.html
VULNWATCH:20021024 [SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability
http://www.iss.net/security_center/static/10467.php
XF:brs-webweaver-file-access(10467)
CVE-2002-1547
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
2004-09-01
2004-08-17
CVE-2002-1547
http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html
BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html
BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
http://www.kb.cert.org/vuls/id/930161
CERT-VN:VU#930161
http://www.netscreen.com/support/alerts/11_06_02.html
CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html
http://www.osvdb.org/4376
OSVDB:4376
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html
VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html
VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
http://www.iss.net/security_center/static/10528.php
XF:netscreen-ssh-dos(10528)
CVE-2002-1548
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
2004-09-01
2004-08-10
CVE-2002-1548
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
AIXAPAR:IY31934
CVE-2002-1549
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
2004-09-01
2013-12-11
CVE-2002-1549
http://www.securityfocus.com/bid/6162
BID:6162
http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html
BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd
http://www.iss.net/security_center/static/10607.php
XF:light-httpd-bo(10607)
CVE-2002-1550
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2004-09-01
2004-08-26
CVE-2002-1550
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
AIXAPAR:IY34617
http://www.securityfocus.com/bid/8802
BID:8802
CVE-2002-1551
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
2003-03-18
2003-03-21
CVE-2002-1551
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
AIXAPAR:IY34670
CVE-2002-1552
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
2004-09-01
2004-08-10
CVE-2002-1552
http://www.securityfocus.com/bid/6163
BID:6163
http://marc.info/?l=bugtraq&m=103712498905027&w=2
BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
http://marc.info/?l=bugtraq&m=103712790808781&w=2
BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
https://exchange.xforce.ibmcloud.com/vulnerabilities/10604
XF:novell-edirectory-expired-accounts(10604)
CVE-2002-1553
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
2003-03-18
2003-03-21
CVE-2002-1553
http://www.securityfocus.com/bid/6076
BID:6076
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10505.php
XF:cisco-ons-ftp-no-account(10505)
CVE-2002-1554
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
2003-03-18
2003-03-21
CVE-2002-1554
http://www.securityfocus.com/bid/6078
BID:6078
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10506.php
XF:cisco-ons-plaintext-accounts(10506)
CVE-2002-1555
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
2003-03-18
2003-03-21
CVE-2002-1555
http://www.securityfocus.com/bid/6081
BID:6081
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10507.php
XF:cisco-ons-snmp-public(10507)
CVE-2002-1556
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
2003-03-18
2003-03-21
CVE-2002-1556
http://www.securityfocus.com/bid/6084
BID:6084
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10508.php
XF:cisco-ons-corba-dos(10508)
CVE-2002-1557
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
2003-03-18
2003-03-21
CVE-2002-1557
http://www.securityfocus.com/bid/6082
BID:6082
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10509.php
XF:cisco-ons-http-dos(10509)
CVE-2002-1558
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
2003-03-18
2003-03-21
CVE-2002-1558
http://www.securityfocus.com/bid/6083
BID:6083
http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
http://www.iss.net/security_center/static/10510.php
XF:cisco-ons-default-vsworks-account(10510)
CVE-2002-1559
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
2003-03-18
2003-03-21
CVE-2002-1559
http://www.securityfocus.com/bid/6091
BID:6091
http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html
BUGTRAQ:20021101 Re: ion-p.exe allows Remote File Retrieving
http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html
BUGTRAQ:20021101 ion-p.exe allows Remote File Retrieving
http://www.iss.net/security_center/static/10518.php
XF:ion-ionp-view-files(10518)
CVE-2002-1560
index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.
2004-09-01
2003-03-21
CVE-2002-1560
http://www.securityfocus.com/bid/6033
BID:6033
http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html
BUGTRAQ:20021022 gBook
http://www.iss.net/security_center/static/10455.php
XF:gbook-mysql-admin-access(10455)
CVE-2002-1561
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
2003-03-26
2018-10-12
CVE-2002-1561
http://www.securityfocus.com/bid/6005
BID:6005
http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0
BUGTRAQ:20021018 [Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) onWindows 2000 SP3
http://www.kb.cert.org/vuls/id/261537
CERT-VN:VU#261537
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-010
MS:MS03-010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A59
OVAL:oval:org.mitre.oval:def:59
CVE-2002-1562
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
2003-04-26
2016-12-06
CVE-2002-1562
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777
CONECTIVA:CLA-2003:777
http://marc.info/?l=thttpd&m=103609565110472&w=2
CONFIRM:http://marc.info/?l=thttpd&m=103609565110472&w=2
http://news.php.net/article.php?group=php.cvs&article=15698
CONFIRM:http://news.php.net/article.php?group=php.cvs&article=15698
https://www.debian.org/security/2003/dsa-396
DEBIAN:DSA-396
SUSE:SuSE-SA:2003:044
CVE-2002-1563
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
2003-04-26
2016-10-17
CVE-2002-1563
http://www.securityfocus.com/bid/6592
BID:6592
http://marc.info/?l=bugtraq&m=104247606910598
BUGTRAQ:20030112 SIGCHLD problem in Stunnel
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736
CONECTIVA:CLA-2003:736
http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html
ENGARDE:ESA-20030806-020
http://marc.info/?l=stunnel-users&m=103600188215117&w=2
MISC:http://marc.info/?l=stunnel-users&m=103600188215117&w=2
http://www.redhat.com/support/errata/RHSA-2003-221.html
REDHAT:RHSA-2003:221
http://www.redhat.com/support/errata/RHSA-2003-223.html
REDHAT:RHSA-2003:223
http://marc.info/?l=bugtraq&m=106029168514511&w=2
TRUSTIX:2003-0030
CVE-2002-1564
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability.
2003-05-30
2018-10-12
CVE-2002-1564
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
MS:MS02-023
CVE-2002-1565
Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
2003-06-05
2017-07-10
CVE-2002-1565
http://marc.info/?l=bugtraq&m=105474357016184&w=2
BUGTRAQ:20030604 Immunix Secured OS 7+ wget update
CALDERA:CSSA-2003-003.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000716
CONECTIVA:CLA-2003:716
http://www.debian.org/security/2002/dsa-209
DEBIAN:DSA-209
http://www.redhat.com/support/errata/RHSA-2003-372.html
REDHAT:RHSA-2003:372
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt
SCO:CSSA-2003-003.0
SCO:CSSA-2003-025.0
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/10851
XF:wget-url-filename-bo(10851)
CVE-2002-1566
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
2003-08-15
2017-07-10
CVE-2002-1566
http://www.securityfocus.com/bid/5680
BID:5680
http://marc.info/?l=vuln-dev&m=103158692532256&w=2
VULN-DEV:20020909 netris-0.5.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10081
XF:netris-remote-bo(10081)
CVE-2002-1567
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
2003-09-19
2020-02-13
CVE-2002-1567
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html
VULN-DEV:20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
CVE-2002-1568
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
2003-10-08
2016-10-17
CVE-2002-1568
http://marc.info/?l=bugtraq&m=106511018214983
BUGTRAQ:20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)
http://cvs.openssl.org/chngview?cn=7659
CONFIRM:http://cvs.openssl.org/chngview?cn=7659
http://www.ebitech.sk/patrik/SA/SA-20031002.txt
MISC:http://www.ebitech.sk/patrik/SA/SA-20031002.txt
CVE-2002-1569
gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.
2003-10-25
2017-07-10
CVE-2002-1569
http://www.securityfocus.com/bid/5840
BID:5840
http://marc.info/?l=bugtraq&m=103348446009076&w=2
BUGTRAQ:20021001 ASA-0000: GV Execution of Arbitrary Shell Commands
http://archives.neohapsis.com/archives/bugtraq/2002-10/0033.html
BUGTRAQ:20021003 GLSA: gv
http://www.epita.fr/~bevand_m/asa/asa-0000
MISC:http://www.epita.fr/~bevand_m/asa/asa-0000
https://exchange.xforce.ibmcloud.com/vulnerabilities/10231
XF:gv-system-execute-commands(10231)
CVE-2002-1570
Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array.
2003-10-30
2017-07-10
CVE-2002-1570
http://www.securityfocus.com/bid/3780
BID:3780
http://www.securityfocus.com/archive/1/248141
BUGTRAQ:20020103 Heap overflow in snmpnetstat
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696
CONECTIVA:CLA-2003:696
SCO:CSSA-2003-029.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/7776
XF:netsnmp-snmpnetstat-heap-overflow(7776)
CVE-2002-1571
The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
2006-01-23
2021-06-15
CVE-2002-1571
http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6
http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html
MLIST:[linux-kernel] 20020417 Re: SSE related security hole
http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html
MLIST:[linux-kernel] 20020417 SSE related security hole
http://search.luky.org/linux-kernel.2002/msg24003.html
MLIST:[linux-kernel] 20020418 Re: SSE related security hole
http://search.luky.org/linux-kernel.2002/msg24992.html
MLIST:[linux-kernel] 20020422 Re: SSE related security hole
CVE-2002-1572
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
2006-01-27
2021-06-15
CVE-2002-1572
http://linux.bkbits.net:8080/linux-2.4/cset@3d6badc0mxsPaOTT_GuPVxCp1_ormw
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3d6badc0mxsPaOTT_GuPVxCp1_ormw
http://www.redhat.com/support/errata/RHSA-2002-205.html
REDHAT:RHSA-2002:205
http://www.redhat.com/support/errata/RHSA-2002-206.html
REDHAT:RHSA-2002:206
CVE-2002-1573
Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."
2006-01-27
2021-06-15
CVE-2002-1573
http://linux.bkbits.net:8080/linux-2.4/cset@3d6aadcbBIDX67Zl6zZnVKRcsilCVQ
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3d6aadcbBIDX67Zl6zZnVKRcsilCVQ
http://www.redhat.com/support/errata/RHSA-2002-205.html
REDHAT:RHSA-2002:205
http://www.redhat.com/support/errata/RHSA-2002-206.html
REDHAT:RHSA-2002:206
CVE-2002-1574
Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.
2004-09-01
2004-08-17
CVE-2002-1574
http://www.securityfocus.com/bid/5985
BID:5985
http://www.ciac.org/ciac/bulletins/n-096.shtml
CIAC:N-096
http://www.redhat.com/support/errata/RHSA-2002-205.html
REDHAT:RHSA-2002:205
http://www.redhat.com/support/errata/RHSA-2002-206.html
REDHAT:RHSA-2002:206
http://www.redhat.com/support/errata/RHSA-2004-044.html
REDHAT:RHSA-2004:044
http://www.redhat.com/support/errata/RHSA-2004-106.html
REDHAT:RHSA-2004:106
https://exchange.xforce.ibmcloud.com/vulnerabilities/10417
XF:linux-ixj-root-privileges(10417)
CVE-2002-1575
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
2004-02-11
2017-07-10
CVE-2002-1575
http://www.securityfocus.com/bid/5013
BID:5013
http://marc.info/?l=bugtraq&m=102406554627053&w=2
BUGTRAQ:20020614 Another cgiemail bug
http://marc.info/?l=bugtraq&m=106520691705768&w=2
BUGTRAQ:20031003 patch for vulnerability in cgiemail
http://www.debian.org/security/2004/dsa-437
DEBIAN:DSA-437
https://exchange.xforce.ibmcloud.com/vulnerabilities/9361
XF:cgiemail-open-mail-relay(9361)
CVE-2002-1576
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
2004-03-16
2017-07-10
CVE-2002-1576
http://www.securityfocus.com/bid/6316
BID:6316
http://marc.info/?l=bugtraq&m=103903565829796&w=2
BUGTRAQ:20021204 SAP database local root via symlink
http://www.sapdb.org/sap_db_alert.htm
CONFIRM:http://www.sapdb.org/sap_db_alert.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/10762
XF:sap-db-lserversrv-symlink(10762)
CVE-2002-1577
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.
2004-03-16
2017-07-10
CVE-2002-1577
http://marc.info/?l=bugtraq&m=103038238228119&w=2
BUGTRAQ:20020825 SAP R/3 default password vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/9964
XF:sap-r3-default-account(9964)
CVE-2002-1578
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
2004-03-16
2017-07-10
CVE-2002-1578
http://www.securityfocus.com/bid/4613
BID:4613
http://archives.neohapsis.com/archives/bugtraq/2002-04/0387.html
BUGTRAQ:20020427 SAP R/3 on Oracle: vulnerable Default Installation
https://exchange.xforce.ibmcloud.com/vulnerabilities/8972
XF:sap-db-data-access(8972)
CVE-2002-1579
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.
2004-03-16
2017-07-10
CVE-2002-1579
http://www.securityfocus.com/bid/3972
BID:3972
http://archives.neohapsis.com/archives/bugtraq/2002-01/0334.html
BUGTRAQ:20020128 Sapgui 4.6D for Windows
https://exchange.xforce.ibmcloud.com/vulnerabilities/8007
XF:sapgui-invalid-connect-dos(8007)
CVE-2002-1580
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
2004-05-20
2017-07-10
CVE-2002-1580
http://www.securityfocus.com/bid/6298
BID:6298
http://www.securityfocus.com/archive/1/301864
BUGTRAQ:20021202 pre-login buffer overflow in Cyrus IMAP server
http://www.kb.cert.org/vuls/id/740169
CERT-VN:VU#740169
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
CONECTIVA:000557
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557
CONECTIVA:CLA-2002:557
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
CONFIRM:http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
http://www.debian.org/security/2002/dsa-215
DEBIAN:DSA-215
https://exchange.xforce.ibmcloud.com/vulnerabilities/10744
XF:cyrus-imap-preauth-bo(10744)
CVE-2002-1581
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
2004-07-06
2004-08-02
CVE-2002-1581
http://www.securityfocus.com/bid/6055
BID:6055
http://www.securityfocus.com/archive/1/297428
BUGTRAQ:20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com
http://mailreader.com/download/ChangeLog
CONFIRM:http://mailreader.com/download/ChangeLog
http://www.debian.org/security/2004/dsa-534
DEBIAN:DSA-534
http://mailreader.com/download/ChangeLog
MISC:http://mailreader.com/download/ChangeLog
http://www.iss.net/security_center/static/10490.php
XF:mailreader-dotdot-directory-traversal(10490)
CVE-2002-1582
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
2004-07-06
2021-06-15
CVE-2002-1582
http://www.securityfocus.com/bid/6058
BID:6058
http://www.securityfocus.com/archive/1/297428
BUGTRAQ:20021028 SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com
http://www.mailreader.com/download/ChangeLog
CONFIRM:http://www.mailreader.com/download/ChangeLog
http://www.iss.net/security_center/static/10491.php
XF:mailreader-compose-command-execution(10491)
CVE-2002-1583
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
2004-08-20
CVE-2002-1583
http://www.securityfocus.com/bid/4817
BID:4817
http://www.securitytracker.com/alerts/2002/May/1004352.html
IBM:MSS-OAR-E01-2002:318.1
http://www.iss.net/security_center/static/9078.php
XF:ibm-db2-db2ckpw-bo(9078)
CVE-2002-1584
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
2005-02-08
2017-07-10
CVE-2002-1584
http://www.securityfocus.com/bid/6484
BID:6484
http://www.kb.cert.org/vuls/id/518057
CERT-VN:VU#518057
http://www.securitytracker.com/id?1005934
SECTRACK:1005934
http://secunia.com/advisories/7899/
SECUNIA:7899
ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
SGI:20030402-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
SUNALERT:46944
https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
XF:solaris-authdes-gain-privileges(10935)
CVE-2002-1585
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
2005-02-08
2017-07-10
CVE-2002-1585
http://www.securityfocus.com/bid/6147
BID:6147
http://sunsolve.sun.com/search/document.do?assetkey=1-26-48601-1
SUNALERT:48601
https://exchange.xforce.ibmcloud.com/vulnerabilities/10600
XF:solaris-tcp-interface-dos(10600)
CVE-2002-1586
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
2005-02-08
2017-07-10
CVE-2002-1586
http://www.securityfocus.com/bid/6309
BID:6309
http://securitytracker.com/id?1005742
SECTRACK:1005742
http://sunsolve.sun.com/search/document.do?assetkey=1-26-48267-1
SUNALERT:48267
https://exchange.xforce.ibmcloud.com/vulnerabilities/10769
XF:solaris-null-pointer-dos(10769)
CVE-2002-1587
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
2005-02-08
2017-07-10
CVE-2002-1587
http://www.securityfocus.com/bid/6318
BID:6318
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46867-1
SUNALERT:46867
https://exchange.xforce.ibmcloud.com/vulnerabilities/11146
XF:solaris-libthread-dos(11146)
CVE-2002-1588
Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.
2005-02-08
2017-07-10
CVE-2002-1588
http://www.securityfocus.com/bid/6279
BID:6279
http://sunsolve.sun.com/search/document.do?assetkey=1-26-48216-1
SUNALERT:48216
https://exchange.xforce.ibmcloud.com/vulnerabilities/10732
XF:openwindows-mailtool-dos(10732)
CVE-2002-1589
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
2005-02-08
2017-07-10
CVE-2002-1589
http://www.securityfocus.com/bid/6080
BID:6080
http://sunsolve.sun.com/search/document.do?assetkey=1-26-48067-1
SUNALERT:48067
https://exchange.xforce.ibmcloud.com/vulnerabilities/10496
XF:solaris-kmem-flags-dos(10496)
CVE-2002-1590
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
2005-02-08
2017-07-10
CVE-2002-1590
http://www.securityfocus.com/bid/6061
BID:6061
http://www.ciac.org/ciac/bulletins/n-010.shtml
CIAC:N-010
http://sunsolve.sun.com/search/document.do?assetkey=1-26-48320-1
SUNALERT:48320
https://exchange.xforce.ibmcloud.com/vulnerabilities/10495
XF:solaris-wbem-files-insecure(10495)
CVE-2002-1591
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions.
2005-03-13
2021-06-15
CVE-2002-1591
http://www.kb.cert.org/vuls/id/744139
CERT-VN:VU#744139
http://www.informationweek.com/story/IWK20010927S0021
MISC:http://www.informationweek.com/story/IWK20010927S0021
http://www.instantmessagingplanet.com/security/article.php/10818_1014151
MISC:http://www.instantmessagingplanet.com/security/article.php/10818_1014151
CVE-2002-1592
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
2005-03-13
2021-06-06
CVE-2002-1592
http://www.securityfocus.com/bid/5256
BID:5256
http://www.kb.cert.org/vuls/id/165803
CERT-VN:VU#165803
http://www.apache.org/dist/httpd/CHANGES_2.0
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.iss.net/security_center/static/9623.php
XF:apache-aplogrerror-path-disclosure(9623)
CVE-2002-1593
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
2005-03-13
2021-06-06
CVE-2002-1593
http://www.securityfocus.com/bid/5816
BID:5816
http://www.kb.cert.org/vuls/id/406121
CERT-VN:VU#406121
http://www.apache.org/dist/httpd/CHANGES_2.0
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://securitytracker.com/id?1005285
SECTRACK:1005285
https://exchange.xforce.ibmcloud.com/vulnerabilities/10208
XF:apache-mod-dav-dos(10208)
CVE-2002-1594
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
2005-03-13
2017-07-10
CVE-2002-1594
http://www.kb.cert.org/vuls/id/121891
CERT-VN:VU#121891
http://www.kb.cert.org/vuls/id/877811
CERT-VN:VU#877811
http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm
MISC:http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm
http://marc.info/?l=vuln-dev&m=100999352406822&w=2
VULN-DEV:20020102 Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities
http://marc.info/?l=vulnwatch&m=100998205010794&w=2
VULNWATCH:20020102 blackshell3: multiple pwck/grpck vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7857
XF:grpck-command-line-bo(7857)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7859
XF:pwck-command-line-bo(7859)
CVE-2002-1595
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.
2005-03-13
2017-07-10
CVE-2002-1595
http://www.securityfocus.com/bid/3832
BID:3832
http://www.kb.cert.org/vuls/id/833459
CERT-VN:VU#833459
http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml
CISCO:20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers
https://exchange.xforce.ibmcloud.com/vulnerabilities/7828
XF:cisco-sn-view-configuration(7828)
CVE-2002-1596
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers.
2005-03-13
2017-07-10
CVE-2002-1596
http://www.securityfocus.com/bid/3834
BID:3834
http://www.kb.cert.org/vuls/id/968187
CERT-VN:VU#968187
http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml
CISCO:20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers
https://exchange.xforce.ibmcloud.com/vulnerabilities/7829
XF:cisco-sn-http-dos(7829)
CVE-2002-1597
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface.
2005-03-13
2017-07-10
CVE-2002-1597
http://www.securityfocus.com/bid/3833
BID:3833
http://www.kb.cert.org/vuls/id/855195
CERT-VN:VU#855195
http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml
CISCO:20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers
https://exchange.xforce.ibmcloud.com/vulnerabilities/7830
XF:cisco-sn-fragment-dos(7830)
CVE-2002-1598
Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.
2005-03-13
2017-07-10
CVE-2002-1598
http://www.securityfocus.com/bid/4440
BID:4440
http://www.securityfocus.com/bid/4441
BID:4441
http://www.securityfocus.com/archive/1/266052
BUGTRAQ:20020405 Re: CA security contact
http://www.kb.cert.org/vuls/id/544995
CERT-VN:VU#544995
http://www.kb.cert.org/vuls/id/772915
CERT-VN:VU#772915
ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README
CONFIRM:ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README
https://exchange.xforce.ibmcloud.com/vulnerabilities/8776
XF:ca-mlink-bo(8776)
CVE-2002-1599
DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.
2005-03-13
2017-07-10
CVE-2002-1599
http://www.securityfocus.com/bid/5291
BID:5291
http://www.kb.cert.org/vuls/id/940203
CERT-VN:VU#940203
http://dansguardian.org/?page=history
CONFIRM:http://dansguardian.org/?page=history
http://dansguardian.org/?page=knownbugs
CONFIRM:http://dansguardian.org/?page=knownbugs
https://exchange.xforce.ibmcloud.com/vulnerabilities/9681
XF:dansguardian-url-bypass-filtering(9681)
CVE-2002-1600
Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter.
2005-03-13
2005-05-25
CVE-2002-1600
http://www.securityfocus.com/bid/3855
BID:3855
http://www.kb.cert.org/vuls/id/181907
CERT-VN:VU#181907
http://securitytracker.com/id?1003255
SECTRACK:1003255
http://www.iss.net/security_center/static/7967.php
XF:myclassifieds-gain-privileges(7967)
CVE-2002-1601
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.
2005-03-20
2017-07-10
CVE-2002-1601
http://www.securityfocus.com/bid/4106
BID:4106
http://www.kb.cert.org/vuls/id/116875
CERT-VN:VU#116875
http://www.kb.cert.org/vuls/id/AAMN-56LQ2J
CONFIRM:http://www.kb.cert.org/vuls/id/AAMN-56LQ2J
https://exchange.xforce.ibmcloud.com/vulnerabilities/8210
XF:adobe-photodeluxe-execute-java(8210)
CVE-2002-1602
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
2005-03-25
2017-07-10
CVE-2002-1602
http://www.securityfocus.com/bid/4578
BID:4578
http://www.securityfocus.com/archive/1/268998
BUGTRAQ:20020420 ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp
http://www.kb.cert.org/vuls/id/524227
CERT-VN:VU#524227
https://exchange.xforce.ibmcloud.com/vulnerabilities/8929
XF:screen-braille-module-bo(8929)
CVE-2002-1603
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
2005-03-25
2017-07-10
CVE-2002-1603
http://www.securityfocus.com/bid/9239
BID:9239
http://www.kb.cert.org/vuls/id/124059
CERT-VN:VU#124059
http://www.kb.cert.org/vuls/id/975041
CERT-VN:VU#975041
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
CONFIRM:http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
CONFIRM:http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
http://aluigi.altervista.org/adv/goahead-adv3.txt
MISC:http://aluigi.altervista.org/adv/goahead-adv3.txt
http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
MISC:http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
http://www.procheckup.com/security_info/vuln_pr0213.html
MISC:http://www.procheckup.com/security_info/vuln_pr0213.html
http://www.osvdb.org/13295
OSVDB:13295
http://securitytracker.com/id?1005820
SECTRACK:1005820
http://secunia.com/advisories/7741
SECUNIA:7741
https://exchange.xforce.ibmcloud.com/vulnerabilities/10885
XF:goahead-script-source-disclosure(10885)
CVE-2002-1604
Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
2005-03-25
2017-07-10
CVE-2002-1604
http://www.securityfocus.com/bid/5647
BID:5647
http://www.securityfocus.com/archive/1/290115
BUGTRAQ:20020902 Happy Labor Day from Snosoft
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.kb.cert.org/vuls/id/158499
CERT-VN:VU#158499
http://www.kb.cert.org/vuls/id/416427
CERT-VN:VU#416427
http://www.kb.cert.org/vuls/id/437899
CERT-VN:VU#437899
http://www.kb.cert.org/vuls/id/448987
CERT-VN:VU#448987
http://www.kb.cert.org/vuls/id/531355
CERT-VN:VU#531355
http://www.kb.cert.org/vuls/id/567963
CERT-VN:VU#567963
http://www.kb.cert.org/vuls/id/584243
CERT-VN:VU#584243
http://www.kb.cert.org/vuls/id/592515
CERT-VN:VU#592515
http://www.kb.cert.org/vuls/id/846307
CERT-VN:VU#846307
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1605
Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.
2005-03-25
2017-07-10
CVE-2002-1605
http://www.securityfocus.com/archive/1/290115
BUGTRAQ:20020902 Happy Labor Day from Snosoft
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.kb.cert.org/vuls/id/569987
CERT-VN:VU#569987
http://www.kb.cert.org/vuls/id/584243
CERT-VN:VU#584243
http://www.kb.cert.org/vuls/id/693803
CERT-VN:VU#693803
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_xkb.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_xkb.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1606
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm.
2005-03-25
2017-07-10
CVE-2002-1606
http://www.kb.cert.org/vuls/id/293305
CERT-VN:VU#293305
http://www.kb.cert.org/vuls/id/557481
CERT-VN:VU#557481
http://www.kb.cert.org/vuls/id/651377
CERT-VN:VU#651377
http://www.kb.cert.org/vuls/id/955065
CERT-VN:VU#955065
http://www.kb.cert.org/vuls/id/965097
CERT-VN:VU#965097
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2260
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1607
Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
2005-03-25
2017-07-10
CVE-2002-1607
http://www.kb.cert.org/vuls/id/706817
CERT-VN:VU#706817
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2277
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1608
Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
2005-03-25
2017-07-10
CVE-2002-1608
http://www.kb.cert.org/vuls/id/629289
CERT-VN:VU#629289
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2261
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1609
Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
2005-03-25
2017-07-10
CVE-2002-1609
http://www.kb.cert.org/vuls/id/602009
CERT-VN:VU#602009
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT0796U
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1610
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
2005-03-25
2017-07-10
CVE-2002-1610
http://www.securityfocus.com/bid/5599
BID:5599
http://www.kb.cert.org/vuls/id/612833
CERT-VN:VU#612833
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00430.html
HP:SSRT2229
https://exchange.xforce.ibmcloud.com/vulnerabilities/10014
XF:tru64-ping-dos(10014)
CVE-2002-1611
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
2005-03-25
2017-07-10
CVE-2002-1611
http://www.kb.cert.org/vuls/id/115731
CERT-VN:VU#115731
http://ftp.support.compaq.com.au/pub/patches/Digital_UNIX/v5.1a/patch_kit/Tru64_UNIX_V5.1A/doc/txt/OSFPAT00131500520.txt
CONFIRM:http://ftp.support.compaq.com.au/pub/patches/Digital_UNIX/v5.1a/patch_kit/Tru64_UNIX_V5.1A/doc/txt/OSFPAT00131500520.txt
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2191
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1612
Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
2005-03-25
2017-07-10
CVE-2002-1612
http://www.kb.cert.org/vuls/id/408771
CERT-VN:VU#408771
http://ftp.support.compaq.com.au/pub/patches/Digital_UNIX/v5.1a/patch_kit/Tru64_UNIX_V5.1A/doc/txt/OSFPAT00131500520.txt
CONFIRM:http://ftp.support.compaq.com.au/pub/patches/Digital_UNIX/v5.1a/patch_kit/Tru64_UNIX_V5.1A/doc/txt/OSFPAT00131500520.txt
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2193
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1613
Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
2005-03-25
2017-07-10
CVE-2002-1613
http://www.kb.cert.org/vuls/id/173977
CERT-VN:VU#173977
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2256
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1614
Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.
2005-03-25
2017-07-10
CVE-2002-1614
http://www.securityfocus.com/archive/1/290115
BUGTRAQ:20020902 Happy Labor Day from Snosoft
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.kb.cert.org/vuls/id/435611
CERT-VN:VU#435611
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2189
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1615
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.
2005-03-25
2017-07-10
CVE-2002-1615
http://www.kb.cert.org/vuls/id/506441
CERT-VN:VU#506441
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
HP:SSRT2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
XF:tru64-multiple-binaries-bo(10016)
CVE-2002-1616
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
2005-03-25
2017-07-10
CVE-2002-1616
http://www.securityfocus.com/bid/5379
BID:5379
http://www.securityfocus.com/bid/5380
BID:5380
http://www.securityfocus.com/bid/5381
BID:5381
http://www.securityfocus.com/bid/5382
BID:5382
http://www.securityfocus.com/archive/1/290115
BUGTRAQ:20020902 Happy Labor Day from Snosoft
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.kb.cert.org/vuls/id/137555
CERT-VN:VU#137555
http://www.kb.cert.org/vuls/id/177067
CERT-VN:VU#177067
http://www.kb.cert.org/vuls/id/193347
CERT-VN:VU#193347
http://www.kb.cert.org/vuls/id/671627
CERT-VN:VU#671627
http://www.kb.cert.org/vuls/id/864083
CERT-VN:VU#864083
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
HP:SSRT2190
http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
HP:SSRT2192
http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
HP:SSRT2257
http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
HP:SSRT2259
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10614
XF:tru64-chfn-bo(10614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11620
XF:tru64-dxchpwd-bo(11620)
CVE-2002-1617
Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environment variable to dtterm.
2005-03-25
2021-06-15
CVE-2002-1617
http://www.securityfocus.com/archive/1/290115
BUGTRAQ:20020902 Happy Labor Day from Snosoft
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.kb.cert.org/vuls/id/202939
CERT-VN:VU#202939
http://www.kb.cert.org/vuls/id/600699
CERT-VN:VU#600699
http://www.kb.cert.org/vuls/id/836275
CERT-VN:VU#836275
http://www.kb.cert.org/vuls/id/931579
CERT-VN:VU#931579
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt
MISC:http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt
CVE-2002-1618
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
2005-03-25
2017-10-09
CVE-2002-1618
http://www.securityfocus.com/bid/5979
BID:5979
http://www.kb.cert.org/vuls/id/248337
CERT-VN:VU#248337
http://www.securityfocus.com/advisories/4569
HP:HPSBUX0210-223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5700
OVAL:oval:org.mitre.oval:def:5700
https://exchange.xforce.ibmcloud.com/vulnerabilities/10399
XF:hp-onlinejfs-improper-security(10399)
CVE-2002-1619
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
2005-03-26
2017-07-10
CVE-2002-1619
http://www-1.ibm.com/support/search.wss?rs=0&q=IY27310&apar=only
AIXAPAR:IY27310
http://www.kb.cert.org/vuls/id/152955
CERT-VN:VU#152955
https://exchange.xforce.ibmcloud.com/vulnerabilities/10127
XF:aix-fc-client-bo(10127)
CVE-2002-1620
Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection.
2005-03-26
2017-07-10
CVE-2002-1620
http://www-1.ibm.com/support/search.wss?rs=0&q=IY20699&apar=only
AIXAPAR:IY20699
http://www-1.ibm.com/support/search.wss?rs=0&q=IY28063&apar=only
AIXAPAR:IY28063
http://www-1.ibm.com/support/search.wss?rs=0&q=IY28065&apar=only
AIXAPAR:IY28065
http://www.kb.cert.org/vuls/id/640827
CERT-VN:VU#640827
https://exchange.xforce.ibmcloud.com/vulnerabilities/10671
XF:aix-pssp-information-disclosure(10671)
CVE-2002-1621
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
2005-03-26
2021-06-15
CVE-2002-1621
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26503&apar=only
AIXAPAR:IY26503
http://www-1.ibm.com/support/search.wss?rs=0&q=IY28698&apar=only
AIXAPAR:IY28698
http://www.kb.cert.org/vuls/id/209363
CERT-VN:VU#209363
http://www.kb.cert.org/vuls/id/SVIM-59FJVF
CONFIRM:http://www.kb.cert.org/vuls/id/SVIM-59FJVF
CVE-2002-1622
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
2005-03-26
2017-07-10
CVE-2002-1622
http://www-1.ibm.com/support/search.wss?rs=0&q=IY28706&apar=only
AIXAPAR:IY28706
http://www.kb.cert.org/vuls/id/273779
CERT-VN:VU#273779
https://exchange.xforce.ibmcloud.com/vulnerabilities/10112
XF:aix-rpc-datatype-bo(10112)
CVE-2002-1623
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
2005-03-26
2017-07-10
CVE-2002-1623
http://www.securityfocus.com/bid/5607
BID:5607
http://www.securityfocus.com/archive/1/290202
BUGTRAQ:20020903 SecuRemote usernames can be guessed or sniffed using IKE exchange
http://marc.info/?l=bugtraq&m=103124812629621&w=2
BUGTRAQ:20020905 RE: SecuRemote usernames can be guessed or sniffed using IKE exchange
http://marc.info/?l=bugtraq&m=103176164729351&w=2
BUGTRAQ:20020911 RE: SecuRemote usernames can be guessed or sniffed using IKE
http://www.kb.cert.org/vuls/id/886601
CERT-VN:VU#886601
http://www.checkpoint.com/techsupport/alerts/ike.html
CONFIRM:http://www.checkpoint.com/techsupport/alerts/ike.html
http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html
FULLDISC:20020903 Check Point statement on use of IKE Aggressive Mode
http://www.nta-monitor.com/news/checkpoint.htm
MISC:http://www.nta-monitor.com/news/checkpoint.htm
http://www.securiteam.com/securitynews/5TP040U8AW.html
MISC:http://www.securiteam.com/securitynews/5TP040U8AW.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10034
XF:fw1-ike-username-enumeration(10034)
CVE-2002-1624
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
2005-03-26
2017-07-10
CVE-2002-1624
http://www.securityfocus.com/bid/6646
BID:6646
http://www.kb.cert.org/vuls/id/772563
CERT-VN:VU#772563
http://securitytracker.com/id?1004052
SECTRACK:1004052
https://exchange.xforce.ibmcloud.com/vulnerabilities/11058
XF:lotus-domino-authentication-bo(11058)
CVE-2002-1625
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
2005-03-26
2017-07-10
CVE-2002-1625
http://www.securityfocus.com/bid/4567
BID:4567
http://www.kb.cert.org/vuls/id/128491
CERT-VN:VU#128491
http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False
https://exchange.xforce.ibmcloud.com/vulnerabilities/8925
XF:flash-activex-plugin-dos(8925)
CVE-2002-1626
Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL.
2005-03-26
2017-07-10
CVE-2002-1626
http://www.securityfocus.com/bid/3856
BID:3856
http://www.kb.cert.org/vuls/id/806091
CERT-VN:VU#806091
http://securitytracker.com/id?1003256
SECTRACK:1003256
https://exchange.xforce.ibmcloud.com/vulnerabilities/7966
XF:mycalendar-gain-privileges(7966)
CVE-2002-1627
Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter.
2005-03-26
2017-07-10
CVE-2002-1627
http://www.securityfocus.com/bid/3857
BID:3857
http://www.kb.cert.org/vuls/id/318835
CERT-VN:VU#318835
http://securitytracker.com/id?1003254
SECTRACK:1003254
https://exchange.xforce.ibmcloud.com/vulnerabilities/7970
XF:quizme-gain-privileges(7970)
CVE-2002-1628
Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter.
2005-03-26
2017-07-10
CVE-2002-1628
http://www.securityfocus.com/bid/3854
BID:3854
http://www.kb.cert.org/vuls/id/250107
CERT-VN:VU#250107
https://exchange.xforce.ibmcloud.com/vulnerabilities/7971
XF:vote-cgi-gain-privileges(7971)
CVE-2002-1629
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
2005-03-26
2017-07-10
CVE-2002-1629
http://www.securityfocus.com/bid/7203
BID:7203
http://archives.neohapsis.com/archives/bugtraq/2002-12/0105.html
BUGTRAQ:20021210 MTPSR1-120 Firewall Proxy configuration software
http://www.kb.cert.org/vuls/id/495705
CERT-VN:VU#495705
https://exchange.xforce.ibmcloud.com/vulnerabilities/10845
XF:proxyserver-mtpsr1120-telnet-access(10845)
CVE-2002-1630
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
2005-03-26
2017-07-10
CVE-2002-1630
http://www.securityfocus.com/bid/6556
BID:6556
http://www.kb.cert.org/vuls/id/717827
CERT-VN:VU#717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
CONFIRM:http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8664
XF:oracle-appserver-sendmail-sample(8664)
CVE-2002-1631
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
2005-03-26
2021-06-15
CVE-2002-1631
http://www.securityfocus.com/bid/6556
BID:6556
http://www.kb.cert.org/vuls/id/717827
CERT-VN:VU#717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
CONFIRM:http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
CVE-2002-1632
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
2005-03-26
2017-07-10
CVE-2002-1632
http://www.securityfocus.com/bid/6556
BID:6556
http://www.kb.cert.org/vuls/id/717827
CERT-VN:VU#717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
CONFIRM:http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8665
XF:oracle-appserver-info-sample(8665)
CVE-2002-1633
Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip.
2005-03-26
2017-07-10
CVE-2002-1633
http://www.securityfocus.com/bid/5000
BID:5000
http://www.securityfocus.com/archive/1/276553
BUGTRAQ:20020612 madcr: QnX 4.25 - multiples bof in suid/no suid files
http://www.kb.cert.org/vuls/id/879386
CERT-VN:VU#879386
https://exchange.xforce.ibmcloud.com/vulnerabilities/9341
XF:qnx-rtos-bin-bo(9341)
CVE-2002-1634
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.
2005-03-28
2017-07-10
CVE-2002-1634
http://www.securityfocus.com/bid/4874
BID:4874
http://www.kb.cert.org/vuls/id/159203
CERT-VN:VU#159203
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm
http://www.procheckup.com/security_info/vuln_pr0201.html
MISC:http://www.procheckup.com/security_info/vuln_pr0201.html
http://www.procheckup.com/security_info/vuln_pr0203.html
MISC:http://www.procheckup.com/security_info/vuln_pr0203.html
http://www.securityfocus.com/advisories/4157
MISC:http://www.securityfocus.com/advisories/4157
http://www.securityfocus.com/advisories/4158
MISC:http://www.securityfocus.com/advisories/4158
http://www.osvdb.org/17461
OSVDB:17461
http://www.osvdb.org/17462
OSVDB:17462
http://www.osvdb.org/17463
OSVDB:17463
http://www.osvdb.org/17464
OSVDB:17464
http://www.osvdb.org/17465
OSVDB:17465
http://www.osvdb.org/17466
OSVDB:17466
http://www.osvdb.org/17467
OSVDB:17467
http://www.osvdb.org/17468
OSVDB:17468
https://exchange.xforce.ibmcloud.com/vulnerabilities/9212
XF:netware-sample-information-disclosure(9212)
CVE-2002-1635
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
2005-03-28
2017-07-10
CVE-2002-1635
http://www.kb.cert.org/vuls/id/936507
CERT-VN:VU#936507
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10716
XF:oracle-perl-cgi-source(10716)
CVE-2002-1636
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
2005-03-28
2017-07-10
CVE-2002-1636
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10687
XF:oracle-htpprint-xss(10687)
CVE-2002-1637
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
2005-03-28
2017-07-10
CVE-2002-1637
http://www.kb.cert.org/vuls/id/712723
CERT-VN:VU#712723
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/972
XF:default-oracle-applsys(972)
https://exchange.xforce.ibmcloud.com/vulnerabilities/971
XF:default-oracle-apps(971)
https://exchange.xforce.ibmcloud.com/vulnerabilities/970
XF:default-oracle-scott(970)
https://exchange.xforce.ibmcloud.com/vulnerabilities/969
XF:default-oracle-sys(969)
https://exchange.xforce.ibmcloud.com/vulnerabilities/968
XF:default-oracle-system(968)
CVE-2002-1638
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-2153. Reason: This candidate is a duplicate of CVE-2002-2153. Notes: All CVE users should reference CVE-2002-2153 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-03-28
2007-10-18
CVE-2002-1638
CVE-2002-1639
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".
2005-03-28
2017-07-10
CVE-2002-1639
http://www.securityfocus.com/bid/4433
BID:4433
http://www.kb.cert.org/vuls/id/158323
CERT-VN:VU#158323
http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
CONFIRM:http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
http://securitytracker.com/id?1003967
SECTRACK:1003967
https://exchange.xforce.ibmcloud.com/vulnerabilities/8782
XF:oracle-configurator-uiservlet-information(8782)
CVE-2002-1640
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
2005-03-28
2017-07-10
CVE-2002-1640
http://www.securityfocus.com/bid/4430
BID:4430
http://www.securityfocus.com/bid/4436
BID:4436
http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
CONFIRM:http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
http://securitytracker.com/id?1003967
SECTRACK:1003967
https://exchange.xforce.ibmcloud.com/vulnerabilities/8780
XF:oracle-configurator-dhtml-css(8780)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8781
XF:oracle-configurator-uiservlet-css(8781)
CVE-2002-1641
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
2005-03-28
2021-06-15
CVE-2002-1641
http://www.securityfocus.com/bid/4856
BID:4856
http://www.kb.cert.org/vuls/id/291555
CERT-VN:VU#291555
http://www.nextgenss.com/vna/ora-webcache.txt
MISC:http://www.nextgenss.com/vna/ora-webcache.txt
CVE-2002-1642
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.
2005-03-28
2017-07-10
CVE-2002-1642
http://www.securityfocus.com/bid/7657
BID:7657
http://www.kb.cert.org/vuls/id/891177
CERT-VN:VU#891177
http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php
MLIST:[pgsql-announce] 20021003 v7.2.3 Released to fix Potentially Critical Bug
http://www.redhat.com/support/errata/RHSA-2003-001.html
REDHAT:RHSA-2003:001
https://exchange.xforce.ibmcloud.com/vulnerabilities/11102
XF:postgresql-vacuum-delete-pcclog(11102)
CVE-2002-1643
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
2005-03-28
2017-12-22
CVE-2002-1643
http://www.securityfocus.com/bid/6454
BID:6454
http://www.securityfocus.com/bid/6456
BID:6456
http://www.securityfocus.com/bid/6458
BID:6458
http://www.securityfocus.com/archive/1/304203
BUGTRAQ:20021220 RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)
http://www.kb.cert.org/vuls/id/974689
CERT-VN:VU#974689
http://www.service.real.com/help/faq/security/bufferoverrun12192002.html
CONFIRM:http://www.service.real.com/help/faq/security/bufferoverrun12192002.html
http://www.nextgenss.com/advisories/realhelix.txt
MISC:http://www.nextgenss.com/advisories/realhelix.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10917
XF:helix-http-get-bo(10917)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10916
XF:helix-rtsp-describe-bo(10916)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10915
XF:helix-rtsp-setup-bo(10915)
CVE-2002-1644
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
2005-03-28
2017-07-10
CVE-2002-1644
http://www.securityfocus.com/bid/6247
BID:6247
http://www.kb.cert.org/vuls/id/740619
CERT-VN:VU#740619
http://www.ssh.com/company/newsroom/article/286/
CONFIRM:http://www.ssh.com/company/newsroom/article/286/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10710
XF:ssh-setsid-privilege-elevation(10710)
CVE-2002-1645
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.
2005-03-28
2017-07-10
CVE-2002-1645
http://www.securityfocus.com/bid/6263
BID:6263
http://www.kb.cert.org/vuls/id/140977
CERT-VN:VU#140977
http://www.ssh.com/company/newsroom/article/287/
CONFIRM:http://www.ssh.com/company/newsroom/article/287/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10723
XF:ssh-client-url-bo(10723)
CVE-2002-1646
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
2005-03-28
2017-07-10
CVE-2002-1646
http://www.securityfocus.com/bid/4810
BID:4810
http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
BUGTRAQ:20020523 [Fwd: Updated version of SSH Secure Shell available]
http://www.kb.cert.org/vuls/id/341187
CERT-VN:VU#341187
http://www.ciac.org/ciac/bulletins/m-081.shtml
CIAC:M-081
http://www.ssh.com/company/newsroom/article/201/
CONFIRM:http://www.ssh.com/company/newsroom/article/201/
http://www.ssh.com/products/ssh/advisories/authentication.cfm
CONFIRM:http://www.ssh.com/products/ssh/advisories/authentication.cfm
https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
XF:ssh-allowedauthentications-bypass-auth(9163)
CVE-2002-1647
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
2005-03-28
2016-10-17
CVE-2002-1647
http://marc.info/?l=bugtraq&m=103177860017930&w=2
BUGTRAQ:20020911 Re: slashdot / slashcode disclosing passwords
http://marc.info/?l=bugtraq&m=103176636403241&w=2
BUGTRAQ:20020911 slashdot / slashcode disclosing passwords
http://marc.info/?l=bugtraq&m=103238514720237&w=2
BUGTRAQ:20020917 Re: slashdot / slashcode disclosing passwords
http://www.kb.cert.org/vuls/id/603945
CERT-VN:VU#603945
CVE-2002-1648
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
2005-03-28
2017-07-10
CVE-2002-1648
http://www.securityfocus.com/bid/3956
BID:3956
http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html
BUGTRAQ:20020124 Vulnerabilities in squirrelmail
http://www.kb.cert.org/vuls/id/153043
CERT-VN:VU#153043
https://exchange.xforce.ibmcloud.com/vulnerabilities/7989
XF:squirrelmail-html-execute-script(7989)
CVE-2002-1649
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
2005-03-28
2017-07-10
CVE-2002-1649
http://www.securityfocus.com/bid/3956
BID:3956
http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html
BUGTRAQ:20020124 Vulnerabilities in squirrelmail
http://www.kb.cert.org/vuls/id/153043
CERT-VN:VU#153043
https://exchange.xforce.ibmcloud.com/vulnerabilities/7989
XF:squirrelmail-html-execute-script(7989)
CVE-2002-1650
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
2005-03-28
2017-07-10
CVE-2002-1650
http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html
BUGTRAQ:20020124 Re: squirrelmail bug
http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html
BUGTRAQ:20020124 squirrelmail bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/7990
XF:squirrelmail-spellchecker-command-execution(7990)
CVE-2002-1651
Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.
2005-03-28
2017-07-10
CVE-2002-1651
http://www.securityfocus.com/bid/5102
BID:5102
http://www.kb.cert.org/vuls/id/636431
CERT-VN:VU#636431
https://exchange.xforce.ibmcloud.com/vulnerabilities/9441
XF:verity-search97-xss(9441)
CVE-2002-1652
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
2005-03-28
2017-07-10
CVE-2002-1652
http://www.securityfocus.com/bid/6141
BID:6141
http://www.kb.cert.org/vuls/id/185251
CERT-VN:VU#185251
http://www.securiteam.com/exploits/5TP0W005FE.html
MISC:http://www.securiteam.com/exploits/5TP0W005FE.html
http://securitytracker.com/id?1002395
SECTRACK:1002395
https://exchange.xforce.ibmcloud.com/vulnerabilities/10595
XF:cgiemail-cgicso-get-bo(10595)
CVE-2002-1653
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.
2005-03-28
2017-07-10
CVE-2002-1653
http://www.securityfocus.com/bid/8431
BID:8431
http://www.kb.cert.org/vuls/id/165099
CERT-VN:VU#165099
https://exchange.xforce.ibmcloud.com/vulnerabilities/10618
XF:cryptcat-e-no-encryption(10618)
CVE-2002-1654
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
2005-03-28
2017-07-10
CVE-2002-1654
http://www.securityfocus.com/bid/3831
BID:3831
http://www.kb.cert.org/vuls/id/985347
CERT-VN:VU#985347
http://www.kb.cert.org/vuls/id/AAMN-567NFX
CONFIRM:http://www.kb.cert.org/vuls/id/AAMN-567NFX
http://www.procheckup.com/vulnerabilities/pr0105.html
MISC:http://www.procheckup.com/vulnerabilities/pr0105.html
http://www.securiteam.com/securitynews/5IP0G0060Q.html
MISC:http://www.securiteam.com/securitynews/5IP0G0060Q.html
http://securitytracker.com/id?1003157
SECTRACK:1003157
http://lists.virus.org/vulnwatch-0201/msg00008.html
VULNWATCH:20020109 Netscape publishing wp-force-auth command
https://exchange.xforce.ibmcloud.com/vulnerabilities/7845
XF:netscape-enterprise-http-brute-force(7845)
CVE-2002-1655
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
2005-03-28
2017-07-10
CVE-2002-1655
http://www.securityfocus.com/bid/3826
BID:3826
http://www.kb.cert.org/vuls/id/191763
CERT-VN:VU#191763
http://www.kb.cert.org/vuls/id/AAMN-567N48
CONFIRM:http://www.kb.cert.org/vuls/id/AAMN-567N48
http://www.procheckup.com/security_info/vuln_pr0104.html
MISC:http://www.procheckup.com/security_info/vuln_pr0104.html
http://cert.uni-stuttgart.de/archive/vulnwatch/2002/01/msg00007.html
VULNWATCH:20020109 Netscape ?wp-html-rend denial of service attack
https://exchange.xforce.ibmcloud.com/vulnerabilities/7842
XF:netscape-enterprise-invalid-command-dos(7842)
CVE-2002-1656
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
2005-03-28
2017-07-10
CVE-2002-1656
http://www.securityfocus.com/bid/4283
BID:4283
http://www.kb.cert.org/vuls/id/162723
CERT-VN:VU#162723
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
MISC:http://www.ifrance.com/kitetoua/tuto/x_holes.txt
http://securitytracker.com/id?1003828
SECTRACK:1003828
https://exchange.xforce.ibmcloud.com/vulnerabilities/8465
XF:xnews-users-world-readable(8465)
CVE-2002-1657
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
2005-04-22
2017-07-10
CVE-2002-1657
http://marc.info/?l=bugtraq&m=111402558115859&w=2
BUGTRAQ:20050420 Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
http://marc.info/?l=bugtraq&m=111403050902165&w=2
BUGTRAQ:20050420 Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php
MLIST:[pgsql-admin] 20020821 Re: OT: password encryption (salt theory)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20215
XF:postgresql-md5-salt-weak-security(20215)
CVE-2002-1658
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
2005-04-27
2017-07-10
CVE-2002-1658
http://www.securityfocus.com/bid/5993
BID:5993
http://marc.info/?l=bugtraq&m=103480856102007&w=2
BUGTRAQ:20021016 Apache 1.3.26
https://sardonix.org/audit/apache-45.html
MISC:https://sardonix.org/audit/apache-45.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10414
XF:apache-htdigest-bo(10414)
CVE-2002-1659
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
2005-05-10
2017-07-10
CVE-2002-1659
http://securitytracker.com/id?1005541
SECTRACK:1005541
http://secunia.com/advisories/10465
SECUNIA:10465
https://exchange.xforce.ibmcloud.com/vulnerabilities/10558
XF:portalapp-user-privilege-elevation(10558)
CVE-2002-1660
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
2005-05-10
2017-07-10
CVE-2002-1660
http://www.securityfocus.com/bid/5820
BID:5820
http://www.securiteam.com/exploits/5QP0P158AC.html
MISC:http://www.securiteam.com/exploits/5QP0P158AC.html
http://securitytracker.com/id?1005284
SECTRACK:1005284
https://exchange.xforce.ibmcloud.com/vulnerabilities/10176
XF:vbulletin-calendar-command-execution(10176)
CVE-2002-1661
The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.
2005-05-05
2017-07-10
CVE-2002-1661
http://www.securityfocus.com/bid/6490
BID:6490
http://marc.info/?l=bugtraq&m=104127108823436&w=2
BUGTRAQ:20021229 Leafnode security announcement SA:2002:01
http://marc.info/?l=bugtraq&m=104152295210075&w=2
BUGTRAQ:20030102 GLSA: leafnode
http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt
CONFIRM:http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2003:005
MANDRAKE:MDKSA-2003:005
http://www.securitytracker.com/id?1005865
SECTRACK:1005865
http://secunia.com/advisories/7799
SECUNIA:7799
http://secunia.com/advisories/7801
SECUNIA:7801
http://secunia.com/advisories/7870
SECUNIA:7870
https://exchange.xforce.ibmcloud.com/vulnerabilities/10942
XF:leafnode-nntp-dos(10942)
CVE-2002-1662
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
2005-05-19
2017-07-10
CVE-2002-1662
http://www.securityfocus.com/bid/6386
BID:6386
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses
https://exchange.xforce.ibmcloud.com/vulnerabilities/10859
XF:mambo-name-field-xss(10859)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10854
XF:mambo-search-xss(10854)
CVE-2002-1663
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
2005-05-19
2017-07-10
CVE-2002-1663
http://www.securityfocus.com/bid/6096
BID:6096
http://archives.neohapsis.com/archives/bugtraq/2002-11/0023.html
BUGTRAQ:20021103 Bug in Monkey Webserver 0.5.0 or minors versions
http://monkeyd.sourceforge.net/Changelog.txt
CONFIRM:http://monkeyd.sourceforge.net/Changelog.txt
http://securitytracker.com/id?1005507
SECTRACK:1005507
http://secunia.com/advisories/7449
SECUNIA:7449
https://exchange.xforce.ibmcloud.com/vulnerabilities/10529
XF:monkey-http-post-dos(10529)
CVE-2002-1664
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
2005-05-28
2016-10-17
CVE-2002-1664
http://marc.info/?l=bugtraq&m=101439616623230&w=2
BUGTRAQ:20020221 Remote crashes in Yahoo messenger
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/393195
CERT-VN:VU#393195
CVE-2002-1665
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
2005-05-28
2016-10-17
CVE-2002-1665
http://marc.info/?l=bugtraq&m=101439616623230&w=2
BUGTRAQ:20020221 Remote crashes in Yahoo messenger
http://www.cert.org/advisories/CA-2002-16.html
CERT:CA-2002-16
http://www.kb.cert.org/vuls/id/755755
CERT-VN:VU#755755
CVE-2002-1666
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
2005-06-21
2017-07-10
CVE-2002-1666
http://www.securityfocus.com/bid/4551
BID:4551
http://otn.oracle.com/deploy/security/pdf/apps_alert_ebiz2.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/apps_alert_ebiz2.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8897
XF:oracle-ebiz-execute-procedures(8897)
CVE-2002-1667
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
2005-06-21
2017-07-10
CVE-2002-1667
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc
FREEBSD:FreeBSD-SA-02:22
https://exchange.xforce.ibmcloud.com/vulnerabilities/8921
XF:freebsd-mmap-msync-dos(8921)
CVE-2002-1668
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.
2005-06-21
2017-07-10
CVE-2002-1668
http://www.securityfocus.com/bid/3817
BID:3817
http://www.securityfocus.com/advisories/3770
HP:HPSBUX0201-178
https://exchange.xforce.ibmcloud.com/vulnerabilities/7844
XF:hp-mmap-dos(7844)
CVE-2002-1669
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
2005-06-21
2017-07-10
CVE-2002-1669
http://www.securityfocus.com/bid/3819
BID:3819
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc
FREEBSD:FreeBSD-SA-02:01
https://exchange.xforce.ibmcloud.com/vulnerabilities/7852
XF:freebsd-pkgadd-insecure-directory(7852)
CVE-2002-1670
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
2005-06-21
2017-07-10
CVE-2002-1670
http://www.securityfocus.com/bid/3887
BID:3887
http://online.securityfocus.com/archive/1/250596
BUGTRAQ:20020115 MSIE 6.0 will rollback during XP Pro Install -- Ref: MSIE may download and run programs automatically - details
https://exchange.xforce.ibmcloud.com/vulnerabilities/7922
XF:winxp-ie-patch-rollback(7922)
CVE-2002-1671
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
2005-06-21
2017-07-10
CVE-2002-1671
http://www.securityfocus.com/bid/3862
BID:3862
http://www.securityfocus.com/archive/1/250248
BUGTRAQ:20020112 IE Clipboard Stealing Vulnerability
http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2
BUGTRAQ:20020115 Re: IE Clipboard Stealing Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7906
XF:ie-clipboarddata-view-clipboard(7906)
CVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
2005-06-21
2017-07-10
CVE-2002-1672
http://www.securityfocus.com/bid/4328
BID:4328
http://online.securityfocus.com/archive/1/263181
BUGTRAQ:20020320 Local privalege escalation issues with Webmin 0.92
http://www.webmin.com/changes.html
CONFIRM:http://www.webmin.com/changes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8595
XF:webmin-directory-permissions(8595)
CVE-2002-1673
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
2005-06-21
2017-07-10
CVE-2002-1673
http://www.securityfocus.com/bid/4329
BID:4329
http://online.securityfocus.com/archive/1/263181
BUGTRAQ:20020320 Local privalege escalation issues with Webmin 0.92
https://exchange.xforce.ibmcloud.com/vulnerabilities/8596
XF:webmin-functions-execute-code(8596)
CVE-2002-1674
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
2005-06-21
2017-07-10
CVE-2002-1674
http://www.securityfocus.com/bid/4040
BID:4040
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc
FREEBSD:FreeBSD-SA-02:09
https://exchange.xforce.ibmcloud.com/vulnerabilities/8112
XF:bsd-fstatfs-dos(8112)
CVE-2002-1675
Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers.
2005-06-21
2017-07-10
CVE-2002-1675
http://www.securiteam.com/unixfocus/5MP080A6LQ.html
MISC:http://www.securiteam.com/unixfocus/5MP080A6LQ.html
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0664.html
VULN-DEV:20020225 Unreal ircd Format String Vuln
https://exchange.xforce.ibmcloud.com/vulnerabilities/8360
XF:unreal-ircd-format-string(8360)
CVE-2002-1676
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.
2005-06-21
2017-07-10
CVE-2002-1676
http://www.securityfocus.com/bid/3957
BID:3957
http://online.securityfocus.com/archive/1/252293
BUGTRAQ:20020124 BindView NetInventory NetRC hostcfg_ni password passed in clear t ext
http://online.securityfocus.com/archive/1/256056
BUGTRAQ:20020213 RE: BindView NetInventory NetRC hostcfg_ni password passed in cle ar text
https://exchange.xforce.ibmcloud.com/vulnerabilities/7992
XF:bindview-netinventory-plaintext-password(7992)
CVE-2002-1677
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path.
2005-06-21
2017-07-10
CVE-2002-1677
http://www.securityfocus.com/bid/4021
BID:4021
http://archives.neohapsis.com/archives/bugtraq/2002-01/0421.html
BUGTRAQ:20020204 Re: Mrtg Path Disclosure Vulnerability
http://online.securityfocus.com/archive/1/254278
BUGTRAQ:20020205 Mrtg Path Disclosure Vulnerability (Revised)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8070
XF:mrtg-14allcgi-path-disclosure(8070)
CVE-2002-1678
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
2005-06-21
2017-07-10
CVE-2002-1678
http://www.securityfocus.com/bid/4349
BID:4349
http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2
BUGTRAQ:20020322 RE: memberlist.php of vBulletin
http://online.securityfocus.com/archive/1/263609
BUGTRAQ:20020322 memberlist.php of vBulletin
https://exchange.xforce.ibmcloud.com/vulnerabilities/8619
XF:vbulletin-memberlist-execute-code(8619)
CVE-2002-1679
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
2005-06-21
2017-07-10
CVE-2002-1679
http://www.securityfocus.com/bid/4008
BID:4008
http://online.securityfocus.com/archive/1/253365
BUGTRAQ:20020131 Fairly serious vulnerability in vBulletin 2.2.0
http://online.securityfocus.com/archive/1/253371
BUGTRAQ:20020131 Semi-serious vulnerability in vBulletin 2.2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/8039
XF:vbulletin-bbs-css(8039)
CVE-2002-1680
Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi.
2005-06-21
2017-07-10
CVE-2002-1680
http://www.securityfocus.com/bid/3914
BID:3914
http://www.securityfocus.com/bid/3921
BID:3921
http://online.securityfocus.com/archive/82/251570
VULN-DEV:20020121 Security holes in COWS (CGI Online Worldweb Shopping)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7986
XF:cows-cgi-css(7986)
CVE-2002-1681
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
2005-06-21
2017-07-10
CVE-2002-1681
http://www.securityfocus.com/bid/5140
BID:5140
http://online.securityfocus.com/archive/1/280255
BUGTRAQ:20020702 Re: XSS in Slashcode
http://online.securityfocus.com/archive/1/280218
BUGTRAQ:20020702 XSS in Slashcode
https://exchange.xforce.ibmcloud.com/vulnerabilities/9473
XF:slashcode-cvs-xss(9473)
CVE-2002-1682
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
2005-06-21
2017-07-10
CVE-2002-1682
http://www.securityfocus.com/bid/3927
BID:3927
http://www.securiteam.com/windowsntfocus/5SP0P0K60C.html
MISC:http://www.securiteam.com/windowsntfocus/5SP0P0K60C.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7968
XF:newsreactor-insecure-password(7968)
CVE-2002-1683
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
2005-06-21
2017-07-10
CVE-2002-1683
http://www.securityfocus.com/bid/5179
BID:5179
http://online.securityfocus.com/archive/1/281141
BUGTRAQ:20020708 BadBlue 1.73 EXT.DLL XSS Variant
https://exchange.xforce.ibmcloud.com/vulnerabilities/9514
XF:badblue-cleansearchstring-xss(9514)
CVE-2002-1684
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
2005-06-21
2017-07-10
CVE-2002-1684
http://www.securityfocus.com/bid/3913
BID:3913
http://www.securityfocus.com/archive/1/251523
BUGTRAQ:20020121 [resend] Strumpf Noir Society on BadBlue
https://exchange.xforce.ibmcloud.com/vulnerabilities/7946
XF:badblue-msoffice-script-directory-traversal(7946)
CVE-2002-1685
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI.
2005-06-21
2017-07-10
CVE-2002-1685
http://www.securityfocus.com/bid/5086
BID:5086
http://online.securityfocus.com/archive/1/281088
BUGTRAQ:20020708 Technical Details of BadBlue EXT.DLL Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/9513
XF:badblue-extdll-xss(9513)
CVE-2002-1686
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
2005-06-21
CVE-2002-1686
http://archives.neohapsis.com/archives/aix/2002-q1/0005.html
AIXAPAR:IY27855
CVE-2002-1687
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
2005-06-21
CVE-2002-1687
http://archives.neohapsis.com/archives/aix/2002-q1/0005.html
AIXAPAR:IY27740
CVE-2002-1688
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
2005-06-21
2017-07-10
CVE-2002-1688
http://www.securityfocus.com/bid/4505
BID:4505
http://online.securityfocus.com/archive/1/267561
BUGTRAQ:20020414 Using the backbutton in IE is dangerous
https://exchange.xforce.ibmcloud.com/vulnerabilities/8844
XF:ie-history-javascript-urls(8844)
CVE-2002-1689
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
2005-06-21
CVE-2002-1689
http://archives.neohapsis.com/archives/aix/2002-q1/0005.html
AIXAPAR:IY27778
CVE-2002-1690
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
2005-06-21
CVE-2002-1690
http://archives.neohapsis.com/archives/aix/2002-q1/0005.html
AIXAPAR:IY28225
CVE-2002-1691
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
2005-06-21
2017-07-10
CVE-2002-1691
http://www.securityfocus.com/bid/4127
BID:4127
http://marc.info/?l=bugtraq&m=101413767925869&w=2
BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
https://exchange.xforce.ibmcloud.com/vulnerabilities/8224
XF:omnipcx-default-user-accounts(8224)
CVE-2002-1692
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
2005-06-21
2017-07-10
CVE-2002-1692
http://www.securityfocus.com/bid/3864
BID:3864
http://www.securitytracker.com/alerts/2002/Jan/1003201.html
MISC:http://www.securitytracker.com/alerts/2002/Jan/1003201.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7892
XF:win95-backup-bo(7892)
CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
2005-06-21
2017-07-10
CVE-2002-1694
http://www.securityfocus.com/bid/3888
BID:3888
http://online.securityfocus.com/archive/1/250591
BUGTRAQ:20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting
https://exchange.xforce.ibmcloud.com/vulnerabilities/7919
XF:iis-modify-log(7919)
CVE-2002-1695
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
2005-06-21
2017-07-10
CVE-2002-1695
http://www.securityfocus.com/bid/3888
BID:3888
http://online.securityfocus.com/archive/1/250591
BUGTRAQ:20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting
https://exchange.xforce.ibmcloud.com/vulnerabilities/7919
XF:iis-modify-log(7919)
CVE-2002-1696
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
2005-06-21
2017-07-10
CVE-2002-1696
http://www.securityfocus.com/bid/3825
BID:3825
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528
NTBUGTRAQ:20020108 PGP 7.0 Outlook Plug-in flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/7900
XF:pgp-outlook-decrypted-copy(7900)
CVE-2002-1697
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
2005-06-21
2017-07-10
CVE-2002-1697
http://www.securityfocus.com/bid/3845
BID:3845
http://seclists.org/bugtraq/2002/Jan/0119.html
BUGTRAQ:20020109 Security weaknesses of VTun
https://exchange.xforce.ibmcloud.com/vulnerabilities/7904
XF:vtun-ecb-weak-encryption(7904)
CVE-2002-1698
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
2005-06-21
2017-07-10
CVE-2002-1698
http://www.securityfocus.com/bid/4675
BID:4675
http://online.securityfocus.com/archive/1/271130
BUGTRAQ:20020506 Misformated message header causes msn messenger to crash
https://exchange.xforce.ibmcloud.com/vulnerabilities/9014
XF:msn-font-header-bo(9014)
CVE-2002-1699
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field.
2005-06-21
2017-07-10
CVE-2002-1699
http://www.securityfocus.com/bid/4676
BID:4676
http://www.securiteam.com/windowsntfocus/5BP031P75C.html
MISC:http://www.securiteam.com/windowsntfocus/5BP031P75C.html
http://www.osvdb.org/21558
OSVDB:21558
https://exchange.xforce.ibmcloud.com/vulnerabilities/9015
XF:aspcc-sql-injection(9015)
CVE-2002-1700
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
2005-06-21
2017-07-10
CVE-2002-1700
http://www.securityfocus.com/bid/5011
BID:5011
http://online.securityfocus.com/archive/1/277487
BUGTRAQ:20020618 ColdFusion MX Cross Site Scripting vulnerability
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
CONFIRM:http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
XF:coldfusion-missing-template-css(9360)
CVE-2002-1702
Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter.
2005-06-21
2017-07-10
CVE-2002-1702
http://www.securityfocus.com/bid/5022
BID:5022
http://online.securityfocus.com/archive/1/277049
BUGTRAQ:20020614 Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues
https://exchange.xforce.ibmcloud.com/vulnerabilities/9363
XF:phpclassifieds-parameters-css(9363)
CVE-2002-1703
Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter.
2005-06-21
2017-07-10
CVE-2002-1703
http://www.securityfocus.com/bid/5023
BID:5023
http://online.securityfocus.com/archive/1/277049
BUGTRAQ:20020614 Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues
https://exchange.xforce.ibmcloud.com/vulnerabilities/9365
XF:netauction-parameters-css(9365)
CVE-2002-1704
Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
2005-06-21
2017-07-10
CVE-2002-1704
http://www.securityfocus.com/bid/5028
BID:5028
http://online.securityfocus.com/archive/1/277126
BUGTRAQ:20020615 malicious PHP source injection
https://exchange.xforce.ibmcloud.com/vulnerabilities/9366
XF:zeroboard-include-remote-file(9366)
CVE-2002-1705
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
2005-06-21
2017-07-10
CVE-2002-1705
http://www.securityfocus.com/bid/5027
BID:5027
http://online.securityfocus.com/archive/1/277133
BUGTRAQ:20020615 IE 5.-6 CSS parsing error
http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2
BUGTRAQ:20020615 RE: IE 5.-6 CSS parsing error
https://exchange.xforce.ibmcloud.com/vulnerabilities/9367
XF:ie-css-bold-dos(9367)
CVE-2002-1706
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
2005-06-21
2017-07-10
CVE-2002-1706
http://www.securityfocus.com/bid/5041
BID:5041
http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml
CISCO:20020617 Cable Modem Termination System Authentication Bypass
https://exchange.xforce.ibmcloud.com/vulnerabilities/9368
XF:cisco-ubr-mic-bypass(9368)
CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
2005-06-21
2017-07-10
CVE-2002-1707
http://www.securityfocus.com/bid/5038
BID:5038
http://online.securityfocus.com/archive/1/277318
BUGTRAQ:20020616 malicious PHP source injection in phpBB
https://exchange.xforce.ibmcloud.com/vulnerabilities/9370
XF:phpbb-include-remote-files(9370)
CVE-2002-1708
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
2005-06-21
2017-07-10
CVE-2002-1708
http://www.securityfocus.com/bid/5060
BID:5060
http://online.securityfocus.com/archive/1/277710
BUGTRAQ:20020618 BasiliX multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
VULNWATCH:20020619 [VulnWatch] BasiliX multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/9384
XF:basilix-webmail-headers-css(9384)
CVE-2002-1709
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
2005-06-21
2017-07-10
CVE-2002-1709
http://www.securityfocus.com/bid/5061
BID:5061
http://online.securityfocus.com/archive/1/277710
BUGTRAQ:20020618 BasiliX multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
VULNWATCH:20020619 [VulnWatch] BasiliX multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/9385
XF:basilix-webmail-sql-injection(9385)
CVE-2002-1710
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
2005-06-21
2017-07-10
CVE-2002-1710
http://www.securityfocus.com/bid/5062
BID:5062
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html
BUGTRAQ:20020618 BasiliX multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
VULNWATCH:20020619 [VulnWatch] BasiliX multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/9386
XF:basilix-webmail-attach-files(9386)
CVE-2002-1711
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
2005-06-21
2017-07-10
CVE-2002-1711
http://www.securityfocus.com/bid/5065
BID:5065
http://online.securityfocus.com/archive/1/277710
BUGTRAQ:20020618 BasiliX multiple vulnerabilities
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
VULNWATCH:20020619 [VulnWatch] BasiliX multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/9387
XF:basilix-webmail-view-attachments(9387)
CVE-2002-1712
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
2005-06-21
2017-07-10
CVE-2002-1712
http://www.securityfocus.com/bid/3967
BID:3967
http://online.securityfocus.com/archive/1/252616
BUGTRAQ:20020128 SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q280446
MSKB:Q280446
https://exchange.xforce.ibmcloud.com/vulnerabilities/8037
XF:win2k-empty-tcp-dos(8037)
CVE-2002-1713
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
2005-06-21
2017-07-10
CVE-2002-1713
http://www.securityfocus.com/bid/5050
BID:5050
http://online.securityfocus.com/archive/1/277515
BUGTRAQ:20020617 Mandrake 8.2 msec security issue
http://www.kb.cert.org/vuls/id/455323
CERT-VN:VU#455323
https://exchange.xforce.ibmcloud.com/vulnerabilities/9389
XF:mandrake-msec-home-permissions(9389)
CVE-2002-1714
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
2005-06-21
2017-07-10
CVE-2002-1714
http://www.securityfocus.com/bid/4564
BID:4564
http://online.securityfocus.com/archive/1/268776
BUGTRAQ:20020420 DoS in Multiple IE Versions (Self-Referenced Directives)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8904
XF:ie-object-directive-dos(8904)
CVE-2002-1715
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
2005-06-21
2017-07-10
CVE-2002-1715
http://www.securityfocus.com/bid/4547
BID:4547
http://online.securityfocus.com/archive/1/268446
BUGTRAQ:20020418 Restricted Shells
https://exchange.xforce.ibmcloud.com/vulnerabilities/8908
XF:ssh-bypass-restricted-shells(8908)
CVE-2002-1716
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.
2005-06-21
2017-07-10
CVE-2002-1716
http://www.securityfocus.com/bid/4398
BID:4398
http://online.securityfocus.com/archive/1/265087
BUGTRAQ:20020331 More Office XP problems
http://www.guninski.com/m$oxp-2.html
MISC:http://www.guninski.com/m$oxp-2.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8711
XF:msoffice-spreadsheet-host-cas(8711)
CVE-2002-1717
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
2005-06-21
2017-07-10
CVE-2002-1717
http://www.securityfocus.com/bid/4078
BID:4078
http://online.securityfocus.com/archive/1/255555
BUGTRAQ:20020210 This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP
http://online.securityfocus.com/archive/1/256125
BUGTRAQ:20020212 Re: This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP
https://exchange.xforce.ibmcloud.com/vulnerabilities/8174
XF:iis-cnf-reveal-information(8174)
CVE-2002-1718
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
2005-06-21
CVE-2002-1718
http://www.securityfocus.com/bid/4084
BID:4084
http://online.securityfocus.com/archive/1/255555
BUGTRAQ:20020210 This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP
http://online.securityfocus.com/archive/1/256125
BUGTRAQ:20020212 Re: This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP
CVE-2002-1719
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages.
2005-06-21
2017-07-10
CVE-2002-1719
http://www.securityfocus.com/bid/4079
BID:4079
http://securitytracker.com/id?1003503
SECTRACK:1003503
https://exchange.xforce.ibmcloud.com/vulnerabilities/40988
XF:bavo-unspecified-security-bypass(40988)
CVE-2002-1720
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field.
2005-06-21
2017-07-10
CVE-2002-1720
http://www.securityfocus.com/bid/4661
BID:4661
http://www.securiteam.com/windowsntfocus/5VP030K75G.html
MISC:http://www.securiteam.com/windowsntfocus/5VP030K75G.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8991
XF:spooky-login-sql-injection(8991)
CVE-2002-1721
Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.
2005-06-21
2017-07-10
CVE-2002-1721
http://www.securityfocus.com/bid/4650
BID:4650
http://www.pldaniels.com/altermime/CHANGELOG
CONFIRM:http://www.pldaniels.com/altermime/CHANGELOG
https://exchange.xforce.ibmcloud.com/vulnerabilities/8992
XF:altermime-snprintf-dos(8992)
CVE-2002-1722
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
2005-06-21
2017-07-10
CVE-2002-1722
http://www.securityfocus.com/bid/4662
BID:4662
http://online.securityfocus.com/archive/1/270702
BUGTRAQ:20020502 Logitech Keyboard Insecurity
https://exchange.xforce.ibmcloud.com/vulnerabilities/8994
XF:logitech-itouch-execute-commands(8994)
CVE-2002-1723
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message.
2005-06-21
2017-07-10
CVE-2002-1723
http://www.ifrance.com/kitetoua/tuto/powerboards.txt
MISC:http://www.ifrance.com/kitetoua/tuto/powerboards.txt
http://online.securityfocus.com/archive/82/266665
VULN-DEV:20020409 Security holes in Powerboard forum
https://exchange.xforce.ibmcloud.com/vulnerabilities/8824
XF:powerboards-path-disclosure(8824)
CVE-2002-1724
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
2005-06-21
2017-07-10
CVE-2002-1724
http://www.securityfocus.com/bid/4668
BID:4668
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9000
XF:phpimageview-var-css(9000)
CVE-2002-1725
phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function.
2005-06-21
2017-07-10
CVE-2002-1725
http://www.securityfocus.com/bid/4668
BID:4668
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970/2002-12-21/2002-12-27/2
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9001
XF:phpimageview-phpinfo-gain-info(9001)
CVE-2002-1726
secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page.
2005-06-21
2017-07-10
CVE-2002-1726
http://www.securityfocus.com/bid/4669
BID:4669
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9002
XF:photodb-admin-access(9002)
CVE-2002-1727
Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL.
2005-06-21
2017-07-10
CVE-2002-1727
http://www.securityfocus.com/bid/4670
BID:4670
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9003
XF:asksam-webpub-css(9003)
CVE-2002-1728
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path.
2005-06-21
2017-07-10
CVE-2002-1728
http://www.securityfocus.com/bid/4670
BID:4670
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9004
XF:asksam-webpub-path-disclosure(9004)
CVE-2002-1729
Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.
2005-06-21
2017-07-10
CVE-2002-1729
http://www.securityfocus.com/bid/4671
BID:4671
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9005
XF:aspjar-guestbook-css(9005)
CVE-2002-1730
ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".
2005-06-21
2017-07-10
CVE-2002-1730
http://www.securityfocus.com/bid/4671
BID:4671
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes4.txt
http://online.securityfocus.com/archive/82/270970
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9006
XF:aspjar-guestbook-delete-messages(9006)
CVE-2002-1731
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
2005-06-21
2017-07-10
CVE-2002-1731
http://www.securityfocus.com/bid/4059
BID:4059
http://securitytracker.com/id?1003507
SECTRACK:1003507
https://exchange.xforce.ibmcloud.com/vulnerabilities/8179
XF:as400-system-request-information(8179)
CVE-2002-1732
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
2005-06-21
2017-07-10
CVE-2002-1732
http://www.securityfocus.com/bid/4042
BID:4042
http://www.osvdb.org/27095
OSVDB:27095
http://www.osvdb.org/27096
OSVDB:27096
http://www.osvdb.org/27097
OSVDB:27097
http://www.osvdb.org/27098
OSVDB:27098
http://securitytracker.com/id?1003502
SECTRACK:1003502
http://www.attrition.org/pipermail/vim/2006-July/000929.html
VIM:20060720 vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8180
XF:actinic-html-tags-css(8180)
CVE-2002-1733
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.
2005-06-21
2017-07-10
CVE-2002-1733
http://www.securityfocus.com/bid/4109
BID:4109
http://www.sentinelchicken.com/advisories/prospero/
MISC:http://www.sentinelchicken.com/advisories/prospero/
https://exchange.xforce.ibmcloud.com/vulnerabilities/8184
XF:prospero-html-msg-css(8184)
CVE-2002-1734
NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true".
2005-06-21
2017-07-10
CVE-2002-1734
http://www.securityfocus.com/bid/4672
BID:4672
http://www.derkeiler.com/Mailing-Lists/securityfocus/vuln-dev/2002-05/0135.html
VULN-DEV:20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook
https://exchange.xforce.ibmcloud.com/vulnerabilities/9007
XF:newspro-admin-access(9007)
CVE-2002-1735
Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors.
2005-06-21
2017-07-10
CVE-2002-1735
http://www.securityfocus.com/bid/4043
BID:4043
http://securitytracker.com/id?1003493
SECTRACK:1003493
https://exchange.xforce.ibmcloud.com/vulnerabilities/8186
XF:linux-dlogin-bo(8186)
CVE-2002-1736
Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input."
2005-06-21
2017-07-10
CVE-2002-1736
http://securitytracker.com/id?1003506
SECTRACK:1003506
https://exchange.xforce.ibmcloud.com/vulnerabilities/8187
XF:cginews-view-files(8187)
CVE-2002-1737
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
2005-06-21
2017-07-10
CVE-2002-1737
http://www.securityfocus.com/bid/4103
BID:4103
http://online.securityfocus.com/archive/1/256124
BUGTRAQ:20020212 Astaro Security Linux Improper File Permissions Flaw
http://online.securityfocus.com/archive/1/256127
BUGTRAQ:20020212 RE: Astaro Security Linux Improper File Permissions Flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/8190
XF:astaro-insecure-file-permissions(8190)
CVE-2002-1738
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.
2005-06-21
2017-07-10
CVE-2002-1738
http://www.securityfocus.com/bid/4685
BID:4685
http://online.securityfocus.com/archive/1/271374
BUGTRAQ:20020507 Multiple Vulnerabilities in MDaemon + WorldClient
https://exchange.xforce.ibmcloud.com/vulnerabilities/9024
XF:mdaemon-default-account(9024)
CVE-2002-1739
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
2005-06-21
2017-07-10
CVE-2002-1739
http://www.securityfocus.com/bid/4686
BID:4686
http://online.securityfocus.com/archive/1/271374
BUGTRAQ:20020507 Multiple Vulnerabilities in MDaemon + WorldClient
https://exchange.xforce.ibmcloud.com/vulnerabilities/9025
XF:mdaemon-weak-encryption(9025)
CVE-2002-1740
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
2005-06-21
2017-07-10
CVE-2002-1740
http://www.securityfocus.com/bid/4689
BID:4689
http://online.securityfocus.com/archive/1/271374
BUGTRAQ:20020507 Multiple Vulnerabilities in MDaemon + WorldClient
https://exchange.xforce.ibmcloud.com/vulnerabilities/9026
XF:mdaemon-worldclient-foldername-bo(9026)
CVE-2002-1741
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
2005-06-21
2017-07-10
CVE-2002-1741
http://www.securityfocus.com/bid/4687
BID:4687
http://online.securityfocus.com/archive/1/271374
BUGTRAQ:20020507 Multiple Vulnerabilities in MDaemon + WorldClient
https://exchange.xforce.ibmcloud.com/vulnerabilities/9027
XF:mdaemon-worldclient-delete-files(9027)
CVE-2002-1742
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.
2005-06-21
2017-07-10
CVE-2002-1742
http://www.securityfocus.com/bid/4493
BID:4493
http://online.securityfocus.com/archive/1/267051
BUGTRAQ:20020411 SOAP::Lite hole
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A02.asc
FREEBSD:FreeBSD-SN-02:02
http://use.perl.org/articles/02/04/09/000212.shtml?tid=5
MISC:http://use.perl.org/articles/02/04/09/000212.shtml?tid=5
http://www.phrack.com/show.php?p=58&a=9
MISC:http://www.phrack.com/show.php?p=58&a=9
http://www.phrack.org/show.php?p=58&a=9
MISC:http://www.phrack.org/show.php?p=58&a=9
http://www.soaplite.com/
MISC:http://www.soaplite.com/
https://exchange.xforce.ibmcloud.com/vulnerabilities/8838
XF:soap-perl-execute-functions(8838)
CVE-2002-1743
AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
2005-06-21
2017-07-10
CVE-2002-1743
http://www.securityfocus.com/bid/4514
BID:4514
http://online.securityfocus.com/archive/1/267656
BUGTRAQ:20020414 Possible vulnerabilities of ICQ files opened in IE or OE
https://exchange.xforce.ibmcloud.com/vulnerabilities/8843
XF:icq-hpf-access-dos(8843)
CVE-2002-1744
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
2005-06-21
2017-07-10
CVE-2002-1744
http://www.securityfocus.com/bid/4525
BID:4525
http://online.securityfocus.com/archive/1/267945
BUGTRAQ:20020417 Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
http://online.securityfocus.com/archive/1/268065
BUGTRAQ:20020417 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/8853
XF:iis-codebrws-view-source(8853)
CVE-2002-1745
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
2005-06-21
2017-07-10
CVE-2002-1745
http://www.securityfocus.com/bid/4543
BID:4543
http://online.securityfocus.com/archive/1/268303
BUGTRAQ:20020418 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/8853
XF:iis-codebrws-view-source(8853)
CVE-2002-1746
Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
2005-06-21
2017-07-10
CVE-2002-1746
http://seclists.org/bugtraq/2002/Jan/0119.html
BUGTRAQ:20020109 Security weaknesses of VTun
https://exchange.xforce.ibmcloud.com/vulnerabilities/7870
XF:vpn-replay-attack(7870)
CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB.
2005-06-21
2017-07-10
CVE-2002-1747
http://seclists.org/bugtraq/2002/Jan/0119.html
BUGTRAQ:20020109 Security weaknesses of VTun
https://exchange.xforce.ibmcloud.com/vulnerabilities/7868
XF:vpn-modify-packets(7868)
CVE-2002-1748
Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts.
2005-06-21
2017-07-10
CVE-2002-1748
http://www.securityfocus.com/bid/3839
BID:3839
http://www.securityfocus.com/archive/1/249355
BUGTRAQ:20020110 [SA-2002:00] Slashcode login vulunerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7863
XF:slashcode-account-access(7863)
CVE-2002-1749
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
2005-06-21
2017-07-10
CVE-2002-1749
http://www.securityfocus.com/bid/4095
BID:4095
http://www.ntbugtraq.com/default.aspx?pid=36&sid=1&A2=ind0202&L=ntbugtraq&T=0&O=D&F=N&P=5224
NTBUGTRAQ:20020211 Terminal doesn't lock after disconnect in Terminal Services
https://exchange.xforce.ibmcloud.com/vulnerabilities/8199
XF:win2k-terminal-services-unlocked(8199)
CVE-2002-1750
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
2005-06-21
2017-07-10
CVE-2002-1750
http://www.securityfocus.com/bid/4448
BID:4448
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
BUGTRAQ:20020408 multiple CGIscript.net scripts - Remote Code Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636
XF:cgiscript-url-execute-commands(8636)
CVE-2002-1751
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
2005-06-21
2017-07-10
CVE-2002-1751
http://www.securityfocus.com/bid/4450
BID:4450
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
BUGTRAQ:20020408 multiple CGIscript.net scripts - Remote Code Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636
XF:cgiscript-url-execute-commands(8636)
CVE-2002-1752
csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
2005-06-21
2017-07-10
CVE-2002-1752
http://www.securityfocus.com/bid/4452
BID:4452
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
BUGTRAQ:20020408 multiple CGIscript.net scripts - Remote Code Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636
XF:cgiscript-url-execute-commands(8636)
CVE-2002-1753
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
2005-06-21
2017-07-10
CVE-2002-1753
http://www.securityfocus.com/bid/4451
BID:4451
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
BUGTRAQ:20020408 multiple CGIscript.net scripts - Remote Code Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636
XF:cgiscript-url-execute-commands(8636)
CVE-2002-1754
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
2005-06-21
2017-07-10
CVE-2002-1754
http://support.novell.com/servlet/tidfinder/2962694
CONFIRM:http://support.novell.com/servlet/tidfinder/2962694
http://www.cqure.net/advisories.jsp?id=15
MISC:http://www.cqure.net/advisories.jsp?id=15
https://exchange.xforce.ibmcloud.com/vulnerabilities/9035
XF:netware-client-hostname-dos(9035)
CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
2005-06-21
2017-07-10
CVE-2002-1755
http://www.securityfocus.com/archive/1/249142
BUGTRAQ:20020109 Security flaws in tinc
https://exchange.xforce.ibmcloud.com/vulnerabilities/7868
XF:vpn-modify-packets(7868)
CVE-2002-1756
ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed.
2005-06-21
2017-07-10
CVE-2002-1756
http://www.securityfocus.com/bid/4719
BID:4719
http://online.securityfocus.com/archive/1/271963
BUGTRAQ:20020510 Possible Buffer Overflow in ACDSee 4.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/9052
XF:acdsee-ais-description-bo(9052)
CVE-2002-1757
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
2005-06-21
2017-07-10
CVE-2002-1757
http://www.securityfocus.com/bid/4596
BID:4596
http://online.securityfocus.com/archive/1/269407
BUGTRAQ:20020424 PHProjekt multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/8943
XF:phprojekt-unauth-script-access(8943)
CVE-2002-1758
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.
2005-06-21
2017-07-10
CVE-2002-1758
http://www.securityfocus.com/bid/4599
BID:4599
http://online.securityfocus.com/archive/1/269407
BUGTRAQ:20020424 PHProjekt multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/8943
XF:phprojekt-unauth-script-access(8943)
CVE-2002-1759
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
2005-06-21
2017-07-11
CVE-2002-1759
http://www.securityfocus.com/bid/4597
BID:4597
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html
BUGTRAQ:20020424 PHProjekt multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/8944
XF:phprojekt-upload-read-files(8944)
CVE-2002-1760
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
2005-06-21
2017-07-10
CVE-2002-1760
http://www.securityfocus.com/bid/4598
BID:4598
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html
BUGTRAQ:20020424 PHProjekt multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/8945
XF:phprojekt-sql-injection(8945)
CVE-2002-1761
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
2005-06-21
CVE-2002-1761
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html
BUGTRAQ:20020424 PHProjekt multiple vulnerabilities
CVE-2002-1762
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.
2005-06-21
2017-07-10
CVE-2002-1762
http://www.securityfocus.com/bid/4594
BID:4594
http://online.securityfocus.com/archive/1/269408
BUGTRAQ:20020425 Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8947
XF:mbsa-plaintext-system-info(8947)
CVE-2002-1763
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
2005-06-21
2017-07-10
CVE-2002-1763
http://www.securityfocus.com/bid/5040
BID:5040
http://online.securityfocus.com/archive/1/277335
BUGTRAQ:20020617 Re: Solaris 8 Screensaver Issue?
http://online.securityfocus.com/archive/1/277316
BUGTRAQ:20020617 Solaris 8 Screensaver Issue?
http://online.securityfocus.com/archive/1/277724
BUGTRAQ:20020619 Solaris 8 Screensaver Issue
https://exchange.xforce.ibmcloud.com/vulnerabilities/9406
XF:solaris-dtscreen-screenlock-bypass(9406)
CVE-2002-1764
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2005-06-21
2017-07-10
CVE-2002-1764
http://www.securityfocus.com/bid/5068
BID:5068
http://online.securityfocus.com/archive/1/277932
BUGTRAQ:20020620 Acrobat reader 4.05 temporary files
https://exchange.xforce.ibmcloud.com/vulnerabilities/9407
XF:adobe-acrobat-tmpfile-symlink(9407)
CVE-2002-1765
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.
2005-06-21
2017-07-10
CVE-2002-1765
http://www.securityfocus.com/bid/4715
BID:4715
http://online.securityfocus.com/advisories/4117
CONECTIVA:CLA-2002:486
http://mail.gnome.org/archives/gnome-announce-list/2002-May/msg00020.html
MLIST:[gnome-announce] 20020503 Patch for serious bug in 1.0.3
http://rhn.redhat.com/errata/RHBA-2002-080.html
REDHAT:RHBA-2002:080
https://exchange.xforce.ibmcloud.com/vulnerabilities/9059
XF:evolution-mime-header-dos(9059)
CVE-2002-1766
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
2005-06-21
2017-07-10
CVE-2002-1766
http://www.securityfocus.com/bid/5010
BID:5010
http://online.securityfocus.com/archive/1/276876
BUGTRAQ:20020613 Microsoft FrontPage vs Composer Netscape...
https://exchange.xforce.ibmcloud.com/vulnerabilities/9355
XF:netscape-composer-font-bo(9355)
CVE-2002-1767
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
2005-06-21
2017-07-10
CVE-2002-1767
http://www.securityfocus.com/bid/4413
BID:4413
http://online.securityfocus.com/archive/1/265452
BUGTRAQ:20020401 Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8772
XF:oracle-tnslsnr-command-line-bo(8772)
CVE-2002-1768
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
2005-06-21
2017-07-10
CVE-2002-1768
http://www.securityfocus.com/bid/4948
BID:4948
http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html
BUGTRAQ:20020605 Three possible DoS attacks against some IOS versions.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html
BUGTRAQ:20020606 Re: Three possible DoS attacks against some IOS versions.
https://exchange.xforce.ibmcloud.com/vulnerabilities/9282
XF:cisco-ios-hsrp-dos(9282)
CVE-2002-1769
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
2005-06-21
2017-07-10
CVE-2002-1769
http://www.securityfocus.com/bid/3998
BID:3998
http://online.securityfocus.com/advisories/3843
MISC:http://online.securityfocus.com/advisories/3843
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248840
MSKB:Q248840
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
VULNWATCH:20020129 RFP2201: MS Site Server Evilness
https://exchange.xforce.ibmcloud.com/vulnerabilities/8048
XF:siteserver-ldap-anonymous-account(8048)
CVE-2002-1770
Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer.
2005-06-21
2017-07-10
CVE-2002-1770
http://www.securityfocus.com/bid/4343
BID:4343
http://marc.info/?l=bugtraq&m=101680576827641&w=2
BUGTRAQ:2002032 Automatically opening IE + Executing attachments
http://security.greymagic.com/adv/gm002-ie/
MISC:http://security.greymagic.com/adv/gm002-ie/
http://marc.info/?l=ntbugtraq&m=101680201823534&w=2
NTBUGTRAQ:2002032 Automatically opening IE + Executing attachments
https://exchange.xforce.ibmcloud.com/vulnerabilities/8609
XF:msviewer-tvideo-execute-attachment(8609)
CVE-2002-1771
Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
2005-06-21
2017-07-10
CVE-2002-1771
http://www.securityfocus.com/bid/3955
BID:3955
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html
BUGTRAQ:20020123 Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9
http://www.scriptarchive.com/readme/formmail.html#history
CONFIRM:http://www.scriptarchive.com/readme/formmail.html#history
https://exchange.xforce.ibmcloud.com/vulnerabilities/8013
XF:formmail-smtp-header-spam(8013)
CVE-2002-1772
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.
2005-06-21
2017-07-10
CVE-2002-1772
http://www.securityfocus.com/bid/4012
BID:4012
http://online.securityfocus.com/archive/1/253373
BUGTRAQ:20020131 Possible privilege escalation with NDS for NT
https://exchange.xforce.ibmcloud.com/vulnerabilities/8065
XF:netware-nds-unauth-access(8065)
CVE-2002-1773
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
2005-06-21
2017-07-10
CVE-2002-1773
http://www.securityfocus.com/bid/4031
BID:4031
http://online.securityfocus.com/archive/1/254133
BUGTRAQ:20020205 OSX ICQ DoS
http://online.securityfocus.com/archive/1/254141
BUGTRAQ:20020205 Re: OSX ICQ DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/8085
XF:icq-macos-dos(8085)
CVE-2002-1774
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed.
2005-06-21
2017-07-10
CVE-2002-1774
http://www.securityfocus.com/bid/4242
BID:4242
http://online.securityfocus.com/archive/1/260271
BUGTRAQ:20020307 Various Vulnerabilities in Norton Anti-Virus 2002
http://online.securityfocus.com/archive/1/260678
BUGTRAQ:20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000
https://exchange.xforce.ibmcloud.com/vulnerabilities/8389
XF:nav-nullchar-bypass-protection(8389)
CVE-2002-1775
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed.
2005-06-21
2017-07-10
CVE-2002-1775
http://www.securityfocus.com/bid/4243
BID:4243
http://online.securityfocus.com/archive/1/260271
BUGTRAQ:20020307 Various Vulnerabilities in Norton Anti-Virus 2002
http://online.securityfocus.com/archive/1/260678
BUGTRAQ:20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000
https://exchange.xforce.ibmcloud.com/vulnerabilities/8390
XF:nav-nonrfc-bypass-protection(8390)
CVE-2002-1776
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
2005-06-21
2017-07-10
CVE-2002-1776
http://www.securityfocus.com/bid/4245
BID:4245
http://online.securityfocus.com/archive/1/260271
BUGTRAQ:20020307 Various Vulnerabilities in Norton Anti-Virus 2002
http://online.securityfocus.com/archive/1/260678
BUGTRAQ:20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000
https://exchange.xforce.ibmcloud.com/vulnerabilities/8391
XF:nav-filetype-bypass-protection(8391)
CVE-2002-1777
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed.
2005-06-21
2017-07-10
CVE-2002-1777
http://www.securityfocus.com/bid/4246
BID:4246
http://online.securityfocus.com/archive/1/260271
BUGTRAQ:20020307 Various Vulnerabilities in Norton Anti-Virus 2002
http://online.securityfocus.com/archive/1/260678
BUGTRAQ:20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000
https://exchange.xforce.ibmcloud.com/vulnerabilities/8392
XF:nav-contenttype-bypass-protection(8392)
CVE-2002-1778
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
2005-06-21
2017-07-10
CVE-2002-1778
http://www.securityfocus.com/bid/4521
BID:4521
http://online.securityfocus.com/archive/1/267850
BUGTRAQ:20020416 Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/8859
XF:norton-bypass-portscan-protection(8859)
CVE-2002-1779
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
2005-06-21
CVE-2002-1779
http://www.securityfocus.com/bid/4545
BID:4545
http://online.securityfocus.com/archive/1/267850
BUGTRAQ:20020416 Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.05.16.html
CVE-2002-1780
BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves.
2005-06-21
2017-07-10
CVE-2002-1780
http://online.securityfocus.com/archive/1/258644
BUGTRAQ:20020227 BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY
http://online.securityfocus.com/archive/1/258986
BUGTRAQ:20020227 Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY
https://exchange.xforce.ibmcloud.com/vulnerabilities/8299
XF:bpm-http-device-dos(8299)
CVE-2002-1781
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
2005-06-21
2017-07-10
CVE-2002-1781
http://www.securityfocus.com/bid/4055
BID:4055
http://archives.neohapsis.com/archives/bugtraq/2002-02/0051.html
BUGTRAQ:20020207 [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities
http://online.securityfocus.com/archive/1/256117
BUGTRAQ:20020212 Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities
http://www.globalintersec.com/adv/delegate-2002012101.txt
MISC:http://www.globalintersec.com/adv/delegate-2002012101.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/8114
XF:delegate-proxy-pop-bo(8114)
CVE-2002-1782
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
2005-06-21
2017-07-10
CVE-2002-1782
http://www.securityfocus.com/bid/4909
BID:4909
http://online.securityfocus.com/archive/1/275127
BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw
http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
CONFIRM:http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1
http://www.security.nnov.ru/advisories/courier.asp
MISC:http://www.security.nnov.ru/advisories/courier.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/9238
XF:wuimapd-information-disclosure(9238)
CVE-2002-1783
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.
2005-06-28
2017-07-10
CVE-2002-1783
http://www.securityfocus.com/bid/5681
BID:5681
http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.html
BUGTRAQ:20020909 PHP fopen() CRLF Injection
http://archives.neohapsis.com/archives/bugtraq/2002-09/0132.html
BUGTRAQ:20020912 Re: PHP fopen() CRLF Injection
http://www.debian.org/security/2002/dsa-168
DEBIAN:DSA-168
https://exchange.xforce.ibmcloud.com/vulnerabilities/10080
XF:php-fopen-crlf-injection(10080)
CVE-2002-1784
Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors.
2005-06-28
CVE-2002-1784
http://www.securityfocus.com/bid/5242
BID:5242
http://online.securityfocus.com/advisories/4288
COMPAQ:SSRT0795
http://www.iss.net/security_center/static/9614.php
XF:tru64-inetd-remote-dos(9614)
CVE-2002-1785
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
2005-06-28
CVE-2002-1785
http://www.securityfocus.com/bid/6144
BID:6144
http://archives.neohapsis.com/archives/bugtraq/2002-11/0104.html
BUGTRAQ:20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bug
http://online.securityfocus.com/archive/1/302961
BUGTRAQ:20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug
http://www.iss.net/security_center/static/10567.php
XF:zeus-admin-index-xss(10567)
CVE-2002-1786
SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information.
2005-06-28
CVE-2002-1786
http://www.securityfocus.com/bid/5737
BID:5737
ftp://patches.sgi.com/support/free/security/advisories/20020902-01-I
SGI:20020902-01-I
http://www.iss.net/security_center/static/10138.php
XF:irix-root-coredumps(10138)
CVE-2002-1787
Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors.
2005-06-28
CVE-2002-1787
http://www.securityfocus.com/bid/5892
BID:5892
http://www.ciac.org/ciac/bulletins/n-004.shtml
CIAC:N-004
ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P
SGI:20020903-02-P
http://www.iss.net/security_center/static/10274.php
XF:irix-uux-bo(10274)
CVE-2002-1788
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
2005-06-28
2007-01-30
CVE-2002-1788
http://www.securityfocus.com/bid/5160
BID:5160
http://online.securityfocus.com/archive/1/280639
BUGTRAQ:20020704 nn remote format string vulnerability
http://www.osvdb.org/27086
OSVDB:27086
http://www.iss.net/security_center/static/9491.php
XF:nn-error-msg-format-string(9491)
CVE-2002-1789
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
2005-06-28
CVE-2002-1789
http://www.securityfocus.com/bid/5240
BID:5240
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.iss.net/security_center/static/9583.php
XF:newsx-syslog-format-string(9583)
CVE-2002-1790
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
2005-06-28
CVE-2002-1790
http://www.securityfocus.com/bid/5213
BID:5213
http://online.securityfocus.com/archive/1/281914
BUGTRAQ:20020712 Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability
http://www.iss.net/security_center/static/9580.php
XF:iis-smtp-mail-relay(9580)
CVE-2002-1791
SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files.
2005-06-28
CVE-2002-1791
http://www.securityfocus.com/bid/5895
BID:5895
http://www.ciac.org/ciac/bulletins/n-004.shtml
CIAC:N-004
ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P
SGI:20020903-01-P
http://www.iss.net/security_center/static/10273.php
XF:irix-desktop-files-insecure(10273)
CVE-2002-1792
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
2005-06-28
2017-07-11
CVE-2002-1792
http://www.securityfocus.com/bid/5351
BID:5351
http://online.securityfocus.com/archive/1/284953
BUGTRAQ:20020729 Fake Identd - Remote root exploit
http://www.iss.net/security_center/static/9731.php
XF:fake-identd-bo(9731)
CVE-2002-1793
HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
2005-06-28
CVE-2002-1793
http://www.securityfocus.com/bid/5791
BID:5791
http://online.securityfocus.com/advisories/4502
HP:HPSBUX0209-220
http://www.iss.net/security_center/static/10206.php
XF:hp-vvos-modssl-dos(10206)
CVE-2002-1794
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.
2005-06-28
2017-10-09
CVE-2002-1794
http://www.securityfocus.com/bid/5839
BID:5839
http://www.ciac.org/ciac/bulletins/n-006.shtml
CIAC:N-006
http://online.securityfocus.com/advisories/4512
HP:HPSBUX0209-221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5593
OVAL:oval:org.mitre.oval:def:5593
http://www.iss.net/security_center/static/10266.php
XF:hp-ldapux-pamauthz-bypass(10266)
CVE-2002-1795
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
2005-06-28
CVE-2002-1795
http://www.securityfocus.com/bid/5952
BID:5952
http://online.securityfocus.com/archive/1/294938
BUGTRAQ:20021011 [SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability
http://www.lac.co.jp/security/english/snsadv_e/56_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/56_e.html
http://www.iss.net/security_center/static/10342.php
XF:ms-tsac-connect-xss(10342)
CVE-2002-1796
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
2005-06-28
CVE-2002-1796
http://www.securityfocus.com/bid/5334
BID:5334
http://www.securityfocus.com/archive/1/284648
BUGTRAQ:20020227 Phenoelit Advisory #0815 +--
http://online.securityfocus.com/advisories/4317
HP:HPSBUX0207-203
http://www.phenoelit.de/stuff/HP_Chai.txt
MISC:http://www.phenoelit.de/stuff/HP_Chai.txt
http://www.iss.net/security_center/static/9695.php
XF:hp-chaivm-add-services(9695)
CVE-2002-1797
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer.
2005-06-28
2021-06-15
CVE-2002-1797
http://www.securityfocus.com/bid/5332
BID:5332
http://online.securityfocus.com/archive/1/284648
BUGTRAQ:20020727 Phenoelit Advisory #0815 +--
http://www.phenoelit.de/stuff/HP_Chai.txt
MISC:http://www.phenoelit.de/stuff/HP_Chai.txt
http://www.iss.net/security_center/static/9694.php
XF:hp-chaivm-unauth-access(9694)
CVE-2002-1798
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
2005-06-28
2007-10-18
CVE-2002-1798
http://www.securityfocus.com/bid/5851
BID:5851
http://www.securityfocus.com/bid/5855
BID:5855
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
BUGTRAQ:20021002 Multiple Web Security Holes
http://www.iss.net/security_center/static/10306.php
XF:midicart-php-access-upload(10306)
CVE-2002-1799
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
2005-06-28
CVE-2002-1799
http://www.securityfocus.com/bid/5945
BID:5945
http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html
BUGTRAQ:20021010 Multiple vulnerabilities in phpRank
http://www.iss.net/security_center/static/10336.php
XF:phprank-javascript-xss(10336)
CVE-2002-1800
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
2005-06-28
CVE-2002-1800
http://www.securityfocus.com/bid/5947
BID:5947
http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html
BUGTRAQ:20021010 Multiple vulnerabilities in phpRank
http://www.iss.net/security_center/static/10352.php
XF:phprank-admin-plaintext-password(10352)
CVE-2002-1801
ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.
2005-06-28
CVE-2002-1801
http://www.securityfocus.com/bid/4976
BID:4976
http://online.securityfocus.com/archive/1/276133
BUGTRAQ:20020609 [LoWNOISE] ImageFolio Pro 2.2
http://www.iss.net/security_center/static/9308.php
XF:magefolio-setup-cgi-access(9308)
CVE-2002-1802
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
2005-06-28
CVE-2002-1802
http://www.securityfocus.com/bid/5785
BID:5785
http://archives.neohapsis.com/archives/bugtraq/2002-09/0286.html
BUGTRAQ:20020924 Xoops RC3 script injection vulnerability
http://www.securityfocus.com/archive/1/293161
BUGTRAQ:20020926 Re: Xoops RC3 script injection vulnerability fixed
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1803
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
2005-06-28
CVE-2002-1803
http://www.securityfocus.com/bid/5796
BID:5796
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html
BUGTRAQ:20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1804
Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
2005-06-28
CVE-2002-1804
http://www.securityfocus.com/bid/5797
BID:5797
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html
BUGTRAQ:20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1805
Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
2005-06-28
CVE-2002-1805
http://www.securityfocus.com/bid/5798
BID:5798
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html
BUGTRAQ:20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1806
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
2005-06-28
CVE-2002-1806
http://www.securityfocus.com/bid/5801
BID:5801
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html
BUGTRAQ:20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1807
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
2005-06-28
CVE-2002-1807
http://www.securityfocus.com/bid/5802
BID:5802
http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html
BUGTRAQ:20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
http://www.iss.net/security_center/static/10173.php
XF:cms-news-image-xss(10173)
CVE-2002-1808
Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic.
2005-06-28
CVE-2002-1808
http://www.securityfocus.com/bid/5957
BID:5957
http://archives.neohapsis.com/archives/bugtraq/2002-10/0179.html
BUGTRAQ:20021014 ECHU Alert #3 : Meunity 1.1 script injection vulnerability
http://www.iss.net/security_center/static/10369.php
XF:meunity-forum-image-xss(10369)
CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
2005-06-28
CVE-2002-1809
http://www.securityfocus.com/bid/5503
BID:5503
http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html
BUGTRAQ:20020818 Weak MySQL Default Configuration on Windows
http://www.iss.net/security_center/static/9902.php
XF:mysql-default-root-access(9902)
CVE-2002-1810
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
2005-06-28
CVE-2002-1810
http://www.securityfocus.com/bid/6015
BID:6015
http://online.securityfocus.com/archive/1/296374
BUGTRAQ:20021021 D-Link Access Point DWL-900AP+ TFTP Vulnerability
http://www.iss.net/security_center/static/10424.php
XF:dlink-tftp-obtain-information(10424)
CVE-2002-1811
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
2005-06-28
CVE-2002-1811
http://www.securityfocus.com/bid/5571
BID:5571
http://online.securityfocus.com/archive/1/289112
BUGTRAQ:20020826 Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability
http://www.iss.net/security_center/static/9960.php
XF:belkin-ap-snmp-dos(9960)
CVE-2002-1812
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
2005-06-28
2021-06-15
CVE-2002-1812
http://www.securityfocus.com/bid/5578
BID:5578
http://www.netric.org/advisories/netric-adv007.txt
MISC:http://www.netric.org/advisories/netric-adv007.txt
http://www.securiteam.com/exploits/5CP0Y0080G.html
MISC:http://www.securiteam.com/exploits/5CP0Y0080G.html
http://www.iss.net/security_center/static/9991.php
XF:gdam123-mp3-filename-bo(9991)
CVE-2002-1813
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.
2005-06-28
CVE-2002-1813
http://www.securityfocus.com/bid/6027
BID:6027
http://archives.neohapsis.com/archives/bugtraq/2002-10/0319.html
BUGTRAQ:20021021 AIM 4.8.2790 remote file execution vulnerability
http://www.iss.net/security_center/static/10441.php
XF:aim-url-execute-files(10441)
CVE-2002-1814
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
2005-06-28
CVE-2002-1814
http://www.securityfocus.com/bid/5125
BID:5125
http://online.securityfocus.com/archive/1/279676
BUGTRAQ:20020628 efstool local root exploit
http://www.securiteam.com/exploits/5AP0E0K8AO.html
MISC:http://www.securiteam.com/exploits/5AP0E0K8AO.html
http://www.iss.net/security_center/static/9451.php
XF:linux-efstool-bo(9451)
CVE-2002-1815
Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
2005-06-28
CVE-2002-1815
http://www.securityfocus.com/bid/5533
BID:5533
http://online.securityfocus.com/archive/1/288415
BUGTRAQ:20020821 bugtraq@security.nnov.ru list issues [2]
http://www.iss.net/security_center/static/9929.php
XF:aquonics-filemanager-directory-traversal(9929)
CVE-2002-1816
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2005-06-28
2005-07-06
CVE-2002-1816
http://www.securityfocus.com/bid/5956
BID:5956
http://archives.neohapsis.com/archives/bugtraq/2002-10/0187.html
BUGTRAQ:20021012 Pyramid Research Project - atphttpd security advisorie
http://secunia.com/advisories/7293
SECUNIA:7293
http://www.iss.net/security_center/static/10362.php
XF:atphttpd-sockgets-bo(10362)
CVE-2002-1817
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.
2005-06-28
2021-06-15
CVE-2002-1817
http://www.securityfocus.com/bid/5688
BID:5688
http://seer.support.veritas.com/docs/238143.htm
CONFIRM:http://seer.support.veritas.com/docs/238143.htm
http://securitytracker.com/id?1005204
SECTRACK:1005204
http://www.iss.net/security_center/static/10082.php
XF:vcs-unauth-root-access(10082)
CVE-2002-1818
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
2005-06-28
CVE-2002-1818
http://www.securityfocus.com/bid/6153
BID:6153
http://online.securityfocus.com/archive/1/299235
BUGTRAQ:20021110 benchmark tool for HTTP pages.
http://www.iss.net/security_center/static/10589.php
XF:ez-httpbench-view-files(10589)
CVE-2002-1819
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
2005-06-28
CVE-2002-1819
http://www.securityfocus.com/bid/6158
BID:6158
http://online.securityfocus.com/archive/1/299287
BUGTRAQ:20021111 Multiple vulnerabilities in Tiny HTTPd
http://www.iss.net/security_center/static/10596.php
XF:tinyhttpd-dotdot-directory-traversal(10596)
CVE-2002-1820
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."
2005-06-28
CVE-2002-1820
http://www.securityfocus.com/bid/5580
BID:5580
http://www.securityfocus.com/archive/1/289417
BUGTRAQ:20020825 `admin' bug in upb
http://www.iss.net/security_center/static/9972.php
XF:upb-register-admin-spoof(9972)
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
2005-06-28
CVE-2002-1821
http://www.securityfocus.com/bid/5666
BID:5666
http://securitytracker.com/id?1005198
SECTRACK:1005198
CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).
2005-06-28
2016-10-17
CVE-2002-1822
http://www.securityfocus.com/bid/6181
BID:6181
http://marc.info/?l=bugtraq&m=103726020802411&w=2
BUGTRAQ:20021113 JSP processor 1.1 information disclosure
http://www.iss.net/security_center/static/10628.php
XF:ibm-http-path-disclosure(10628)
CVE-2002-1823
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
2005-06-28
CVE-2002-1823
http://www.securityfocus.com/bid/6190
BID:6190
http://online.securityfocus.com/archive/1/300066
BUGTRAQ:20021116 Remote Buffer Overflow vulnerability in Zeroo HTTP Server.
http://www.iss.net/security_center/static/10642.php
XF:zeroo-http-server-bo(10642)
CVE-2002-1824
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
2005-06-28
CVE-2002-1824
http://www.securityfocus.com/bid/5778
BID:5778
http://online.securityfocus.com/archive/1/292842
BUGTRAQ:20020923 IE6 SSL Certificate Chain Verification
http://www.iss.net/security_center/static/10180.php
XF:ie-ssl-certificate-expired(10180)
CVE-2002-1825
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
2005-06-28
2005-12-12
CVE-2002-1825
http://www.securityfocus.com/bid/5811
BID:5811
http://www.securityfocus.com/archive/1/293229
BUGTRAQ:20020926 remote SYSTEM compromise in WASD OpenVMS http server
http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt
CONFIRM:http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt
http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt
MISC:http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt
http://www.osvdb.org/21288
OSVDB:21288
http://www.iss.net/security_center/static/10213.php
XF:wasd-http-perlrte-format-string(10213)
CVE-2002-1826
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
2005-06-28
CVE-2002-1826
http://www.securityfocus.com/bid/4762
BID:4762
http://online.securityfocus.com/archive/1/273002
BUGTRAQ:20020517 Grsecurity problem - modifying "read-only kernel"
http://www.iss.net/security_center/static/9109.php
XF:grsecurity-linux-kernel-patch(9109)
CVE-2002-1827
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
2005-06-28
2021-06-15
CVE-2002-1827
http://www.securityfocus.com/bid/4822
BID:4822
http://online.securityfocus.com/archive/1/274033
BUGTRAQ:20020524 Sendmail file locking - PoC
http://www.sendmail.org/LockingAdvisory.txt
CONFIRM:http://www.sendmail.org/LockingAdvisory.txt
http://www.iss.net/security_center/static/9162.php
XF:sendmail-file-locking-dos(9162)
CVE-2002-1828
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
2005-06-28
CVE-2002-1828
http://www.securityfocus.com/bid/5707
BID:5707
http://online.securityfocus.com/archive/1/291791
BUGTRAQ:20020913 Savant 3.1 multiple vulnerabilities
http://www.iss.net/security_center/static/10103.php
XF:savant-neg-content-dos(10103)
CVE-2002-1829
Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag.
2005-06-28
2017-07-10
CVE-2002-1829
http://www.securityfocus.com/bid/4819
BID:4819
http://marc.info/?l=vuln-dev&m=102221487407632&w=2
VULN-DEV:20020523 Security holes in OpenBB
https://exchange.xforce.ibmcloud.com/vulnerabilities/9160
XF:openbb-admin-access(9160)
CVE-2002-1830
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
2005-06-28
2016-10-17
CVE-2002-1830
http://www.securityfocus.com/bid/4823
BID:4823
http://marc.info/?l=vuln-dev&m=102221487407632&w=2
VULN-DEV:20020523 Security holes in OpenBB
http://www.iss.net/security_center/static/9160.php
XF:openbb-admin-access(9160)
CVE-2002-1831
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
2005-06-28
CVE-2002-1831
http://www.securityfocus.com/bid/4827
BID:4827
http://online.securityfocus.com/archive/1/274086
BUGTRAQ:20020523 Re: Misformated message header causes msn messenger to crash
http://www.iss.net/security_center/static/9161.php
XF:msn-invite-dos(9161)
CVE-2002-1832
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options.
2005-06-28
2021-06-15
CVE-2002-1832
http://www.securityfocus.com/bid/4871
BID:4871
http://www.scaramanga.co.uk/firestorm/NEWS
CONFIRM:http://www.scaramanga.co.uk/firestorm/NEWS
http://www.iss.net/security_center/static/9192.php
XF:firestorm-nids-ipoptions-dos(9192)
CVE-2002-1833
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
2005-06-28
2007-01-17
CVE-2002-1833
http://www.securityfocus.com/bid/4765
BID:4765
http://www.securityfocus.com/bid/4766
BID:4766
http://online.securityfocus.com/archive/1/273089
BUGTRAQ:20020517 Re: Xerox DocuTech problems
http://online.securityfocus.com/archive/1/273029
BUGTRAQ:20020517 Xerox DocuTech problems
http://online.securityfocus.com/archive/1/273079
BUGTRAQ:20020518 RE: Xerox DocuTech problems
http://online.securityfocus.com/archive/1/273078
BUGTRAQ:20020518 Re: Xerox DocuTech problems
http://www.iss.net/security_center/static/9108.php
XF:xerox-docutech-insecure-configuration(9108)
CVE-2002-1834
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
2005-06-28
CVE-2002-1834
http://www.securityfocus.com/bid/4766
BID:4766
http://online.securityfocus.com/archive/1/273029
BUGTRAQ:20020517 Xerox DocuTech problems
http://online.securityfocus.com/archive/1/273078
BUGTRAQ:20020518 Re: Xerox DocuTech problems
http://www.iss.net/security_center/static/9108.php
XF:xerox-docutech-insecure-configuration(9108)
CVE-2002-1835
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
2005-06-28
CVE-2002-1835
http://www.securityfocus.com/bid/4765
BID:4765
http://online.securityfocus.com/archive/1/273029
BUGTRAQ:20020517 Xerox DocuTech problems
http://totally.righteous.net/jedgar/overview_of_security.pdf
CONFIRM:http://totally.righteous.net/jedgar/overview_of_security.pdf
http://www.iss.net/security_center/static/9108.php
XF:xerox-docutech-insecure-configuration(9108)
CVE-2002-1836
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
2005-06-28
CVE-2002-1836
http://www.securityfocus.com/bid/4765
BID:4765
http://online.securityfocus.com/archive/1/273089
BUGTRAQ:20020517 Re: Xerox DocuTech problems
http://online.securityfocus.com/archive/1/273029
BUGTRAQ:20020517 Xerox DocuTech problems
http://totally.righteous.net/jedgar/overview_of_security.pdf
CONFIRM:http://totally.righteous.net/jedgar/overview_of_security.pdf
http://www.iss.net/security_center/static/9108.php
XF:xerox-docutech-insecure-configuration(9108)
CVE-2002-1837
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
2005-06-28
2021-06-15
CVE-2002-1837
http://www.securityfocus.com/bid/4870
BID:4870
http://online.securityfocus.com/archive/1/274433
BUGTRAQ:20020528 Information Disclosure Vulnerability in IDS 0.8x
http://ids.sourceforge.net/ChangeLog.html
CONFIRM:http://ids.sourceforge.net/ChangeLog.html
http://www.iss.net/security_center/static/9201.php
XF:ids-dir-existence(9201)
CVE-2002-1838
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
2005-06-28
CVE-2002-1838
http://www.securityfocus.com/bid/4869
BID:4869
http://www.stevesachs.com/charities.cron_CHANGELOG
CONFIRM:http://www.stevesachs.com/charities.cron_CHANGELOG
CVE-2002-1839
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
2005-06-28
CVE-2002-1839
http://www.securityfocus.com/bid/4830
BID:4830
http://online.securityfocus.com/archive/1/274144
BUGTRAQ:20020524 TrendMicro Interscan VirusWall security problem
http://www.iss.net/security_center/static/9168.php
XF:interscan-viruswall-header-removal(9168)
CVE-2002-1840
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
2005-06-28
CVE-2002-1840
http://www.securityfocus.com/bid/4831
BID:4831
http://online.securityfocus.com/archive/1/274132
BUGTRAQ:20020525 irssi backdoored.
http://real.irssi.org/?page=backdoor
CONFIRM:http://real.irssi.org/?page=backdoor
http://www.iss.net/security_center/static/9176.php
XF:irssi-backdoor-version(9176)
CVE-2002-1841
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
2005-06-28
2016-10-17
CVE-2002-1841
http://www.securityfocus.com/bid/5116
BID:5116
http://online.securityfocus.com/archive/1/280340
BUGTRAQ:20020702 Noguska Nola 1.1.1 [ Intranet Business Management Software ]
http://marc.info/?l=vuln-dev&m=102511114021370&w=2
VULN-DEV:20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]
http://marc.info/?l=vuln-dev&m=102520790718208&w=2
VULN-DEV:20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]
http://www.iss.net/security_center/static/9438.php
XF:nola-php-script-upload(9438)
CVE-2002-1842
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
2005-06-28
CVE-2002-1842
http://www.securityfocus.com/bid/5998
BID:5998
http://www.securityfocus.com/bid/5999
BID:5999
http://online.securityfocus.com/archive/1/296073
BUGTRAQ:20021018 SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution
http://www.iss.net/security_center/static/10402.php
XF:perlbot-email-command-execution(10402)
http://www.iss.net/security_center/static/10401.php
XF:perlbot-shell-command-execution(10401)
CVE-2002-1843
Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
2005-06-28
CVE-2002-1843
http://www.securityfocus.com/bid/6008
BID:6008
http://www.securityfocus.com/bid/6009
BID:6009
http://online.securityfocus.com/archive/1/296134
BUGTRAQ:20021018 SCAN Associates Advisory: perlbot 1.9.2 - Remote Command Execution
http://www.iss.net/security_center/static/10404.php
XF:perlbot-filename-command-execution(10404)
http://www.iss.net/security_center/static/10403.php
XF:perlbot-text-command-execution(10403)
CVE-2002-1844
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
2005-06-28
CVE-2002-1844
http://www.securityfocus.com/bid/6003
BID:6003
http://archives.neohapsis.com/archives/bugtraq/2002-10/0260.html
BUGTRAQ:20021018 Microsoft Windows Media Player for Sparc/Solaris vulnerability
http://www.iss.net/security_center/static/10398.php
XF:mediaplayer-world-writable-executables(10398)
CVE-2002-1845
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.
2005-06-28
CVE-2002-1845
http://www.securityfocus.com/bid/6004
BID:6004
http://online.securityfocus.com/archive/1/296121
BUGTRAQ:20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums
http://www.iss.net/security_center/static/10406.php
XF:yabb-index-xss(10406)
CVE-2002-1846
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
2005-06-28
CVE-2002-1846
http://online.securityfocus.com/archive/1/296121
BUGTRAQ:20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums
CVE-2002-1847
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
2005-06-28
2021-06-15
CVE-2002-1847
http://www.securityfocus.com/bid/5357
BID:5357
http://online.securityfocus.com/archive/1/285082
BUGTRAQ:20020730 Windows mplay32 buffer overflow
http://www.iss.net/security_center/static/9727.php
XF:mediaplayer-mplay32-filename-bo(9727)
CVE-2002-1848
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
2005-06-28
CVE-2002-1848
http://www.securityfocus.com/bid/4835
BID:4835
http://www.tightvnc.com/changelog-win32.html
CONFIRM:http://www.tightvnc.com/changelog-win32.html
CVE-2002-1849
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users.
2005-06-28
CVE-2002-1849
http://www.securityfocus.com/bid/5370
BID:5370
http://archives.neohapsis.com/archives/bugtraq/2002-07/0427.html
BUGTRAQ:20020731 FW: Parachat DoS Vulnerability
http://www.iss.net/security_center/static/9735.php
XF:parachat-no-logoff-dos(9735)
CVE-2002-1850
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
2005-06-28
2016-10-17
CVE-2002-1850
http://www.securityfocus.com/bid/5787
BID:5787
http://www.securityfocus.com/bid/8725
BID:8725
http://seclists.org/bugtraq/2002/Sep/0253.html
BUGTRAQ:20020923 Apache 2.0.(39|40) DOS (PHP!)
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8
CONFIRM:http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8
http://issues.apache.org/bugzilla/show_bug.cgi?id=10515
MISC:http://issues.apache.org/bugzilla/show_bug.cgi?id=10515
http://issues.apache.org/bugzilla/show_bug.cgi?id=22030
MISC:http://issues.apache.org/bugzilla/show_bug.cgi?id=22030
http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2
MLIST:[apache-httpd-dev] 20020925 CGI bucket needed
http://securitytracker.com/id?1007823
SECTRACK:1007823
http://www.iss.net/security_center/static/10200.php
XF:apache-stderr-dos(10200)
CVE-2002-1851
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
2005-06-28
CVE-2002-1851
http://www.securityfocus.com/bid/4850
BID:4850
http://www.nextgenss.com/vna/ips-wsftp.txt
MISC:http://www.nextgenss.com/vna/ips-wsftp.txt
http://www.iss.net/security_center/static/10185.php
XF:wsftp-pro-client-bo(10185)
CVE-2002-1852
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
2005-06-28
CVE-2002-1852
http://www.securityfocus.com/bid/5829
BID:5829
http://archives.neohapsis.com/archives/bugtraq/2002-09/0344.html
BUGTRAQ:20020930 XSS bug in Monkey (0.5.0) HTTP server
http://www.iss.net/security_center/static/10229.php
XF:monkey-url-request-xss(10229)
http://www.iss.net/security_center/static/10226.php
XF:monkey-url-test2pl-xss(10226)
CVE-2002-1853
Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php.
2005-06-28
CVE-2002-1853
http://www.securityfocus.com/bid/5836
BID:5836
http://www.securityfocus.com/archive/1/293564
BUGTRAQ:20020929 MyNewsGroups :) XSS patch
http://secunia.com/advisories/7177
SECUNIA:7177
http://www.iss.net/security_center/static/10238.php
XF:mynewsgroups-message-subject-xss(10238)
CVE-2002-1854
Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.
2005-06-28
CVE-2002-1854
http://www.securityfocus.com/bid/5113
BID:5113
http://online.securityfocus.com/archive/1/279268
BUGTRAQ:20020627 [sp00fed packet] Whois vulnerability
http://www.iss.net/security_center/static/9439.php
XF:rlaj-whois-command-execution(9439)
CVE-2002-1855
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1855
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1856
HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1856
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1857
jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
2021-06-15
CVE-2002-1857
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1858
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1858
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1859
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1859
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1860
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1860
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1861
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
2005-06-28
CVE-2002-1861
http://www.securityfocus.com/bid/5119
BID:5119
http://online.securityfocus.com/archive/1/279582
BUGTRAQ:20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
http://www.iss.net/security_center/static/9446.php
XF:webinf-dot-file-retrieval(9446)
CVE-2002-1862
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.
2005-06-28
CVE-2002-1862
http://www.securityfocus.com/bid/6074
BID:6074
http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html
BUGTRAQ:20021031 SmartMail server DOS
http://www.iss.net/security_center/static/10533.php
XF:smartmail-terminate-connection-dos(10533)
CVE-2002-1863
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.
2005-06-28
CVE-2002-1863
http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html
BUGTRAQ:20021101 Iomega NAS A300U security and inter-operability issues
http://www.iss.net/security_center/static/10530.php
XF:iomega-ftp-shared-directories(10530)
CVE-2002-1864
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
2005-06-28
CVE-2002-1864
http://www.securityfocus.com/bid/5662
BID:5662
http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html
BUGTRAQ:20020903 Re: SWS Web Server v0.1.0 Exploit
http://www.iss.net/security_center/static/10070.php
XF:sws-webserver-directory-traversal(10070)
CVE-2002-1865
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
2005-06-28
CVE-2002-1865
http://www.securityfocus.com/bid/6090
BID:6090
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0052.html
VULNWATCH:20021101 Re: IDEFENSE DOS in Linksys BEFSR41 EtherFast Cable/DSL Router + More issues DLINK & LINKSYS
http://www.iss.net/security_center/static/10537.php
XF:ap-embedded-http-dos(10537)
CVE-2002-1866
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist.
2005-06-28
CVE-2002-1866
http://www.securityfocus.com/bid/5659
BID:5659
http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html
BUGTRAQ:20020903 Re: SWS Web Server v0.1.0 Exploit
http://www.iss.net/security_center/static/10071.php
XF:sws-webserver-invalid-file-dos(10071)
CVE-2002-1867
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
2005-06-28
2016-10-17
CVE-2002-1867
http://www.securityfocus.com/bid/4975
BID:4975
http://marc.info/?l=bugtraq&m=102373053829427&w=2
BUGTRAQ:20020609 [LoWNOISE] ImageFolio Pro 2.2
http://www.iss.net/security_center/static/9308.php
XF:imagefolio-setup-cgi-access(9308)
CVE-2002-1868
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
2005-06-28
CVE-2002-1868
http://www.securityfocus.com/bid/5392
BID:5392
http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES
CONFIRM:http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES
http://www.iss.net/security_center/static/9787.php
XF:dispair-execute-commands(9787)
CVE-2002-1869
Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
2005-06-28
CVE-2002-1869
http://www.securityfocus.com/bid/6095
BID:6095
http://www.heysoft.de/nt/eventlog/hsb01e.htm
CONFIRM:http://www.heysoft.de/nt/eventlog/hsb01e.htm
http://securitytracker.com/id?1005517
SECTRACK:1005517
http://www.iss.net/security_center/static/10535.php
XF:eventsave-event-log-loss(10535)
CVE-2002-1870
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
2005-06-28
CVE-2002-1870
http://www.securityfocus.com/bid/5660
BID:5660
http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html
BUGTRAQ:20020903 Re: SWS Web Server v0.1.0 Exploit
http://www.iss.net/security_center/static/10072.php
XF:sws-webserver-recv-overwrite(10072)
CVE-2002-1871
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
2005-06-28
CVE-2002-1871
http://www.securityfocus.com/bid/5208
BID:5208
http://sunsolve.sun.com/search/document.do?assetkey=1-26-45693-1
SUNALERT:45693
http://www.iss.net/security_center/static/9544.php
XF:solaris-pkgadd-insecure-permissions(9544)
CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
2005-06-28
2021-06-15
CVE-2002-1872
http://www.securityfocus.com/bid/6097
BID:6097
http://online.securityfocus.com/archive/1/298361
BUGTRAQ:20021102 Weak Password Encryption Scheme in MS SQL Server
http://www.nextgenss.com/papers/tp-SQL2000.pdf
MISC:http://www.nextgenss.com/papers/tp-SQL2000.pdf
http://www.iss.net/security_center/static/10542.php
XF:mssql-weak-password-encryption(10542)
CVE-2002-1873
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
2005-06-28
CVE-2002-1873
http://www.securityfocus.com/bid/5412
BID:5412
http://online.securityfocus.com/archive/1/286220
BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
http://www.iss.net/security_center/static/9789.php
XF:exchange-msrpc-dos(9789)
CVE-2002-1874
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
2005-06-28
2008-05-08
CVE-2002-1874
http://www.securityfocus.com/bid/6105
BID:6105
http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup
CONFIRM:http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup
http://securitytracker.com/id?1005523
SECTRACK:1005523
http://www.iss.net/security_center/static/10538.php
XF:astrocam-cgi-command-execution(10538)
CVE-2002-1875
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
2005-06-28
CVE-2002-1875
http://www.securityfocus.com/bid/5206
BID:5206
http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-07/0010.html
NTBUGTRAQ:20020710 Entercept Agent Password Exposure
http://www.iss.net/security_center/static/9546.php
XF:entercept-agent-password-exposure(9546)
CVE-2002-1876
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
2005-06-28
CVE-2002-1876
http://www.securityfocus.com/bid/5413
BID:5413
http://online.securityfocus.com/archive/1/286220
BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
http://www.iss.net/security_center/static/9791.php
XF:exchange-license-dos(9791)
CVE-2002-1877
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
2005-06-28
2009-10-14
CVE-2002-1877
http://www.securityfocus.com/bid/5667
BID:5667
http://online.securityfocus.com/archive/1/290849
BUGTRAQ:20020907 NetGear FM114P URL filter bypassing vulnerability
http://www.iss.net/security_center/static/10061.php
XF:netgear-fm114p-ip-bypass(10061)
CVE-2002-1878
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
2005-06-28
2006-09-13
CVE-2002-1878
http://www.securityfocus.com/bid/4977
BID:4977
http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
BUGTRAQ:20020608 Security holes in LokwaBB and W-Agora
http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563
CONFIRM:http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563
http://www.ifrance.com/kitetoua/tuto/W-Agora.txt
MISC:http://www.ifrance.com/kitetoua/tuto/W-Agora.txt
http://www.iss.net/security_center/static/9317.php
XF:wagora-file-include(9317)
CVE-2002-1879
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
2005-06-28
CVE-2002-1879
http://www.securityfocus.com/bid/4981
BID:4981
http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
BUGTRAQ:20020608 Security holes in LokwaBB and W-Agora
http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
MISC:http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
http://www.iss.net/security_center/static/9318.php
XF:lokwa-bb-sql-injection(9318)
CVE-2002-1880
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php.
2005-06-28
CVE-2002-1880
http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
BUGTRAQ:20020608 Security holes in LokwaBB and W-Agora
http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
MISC:http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
CVE-2002-1881
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
2005-06-28
CVE-2002-1881
http://www.securityfocus.com/bid/5445
BID:5445
http://archives.neohapsis.com/archives/bugtraq/2002-08/0088.html
BUGTRAQ:20020811 Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow
http://www.iss.net/security_center/static/9843.php
XF:flash-swf-rot13-dos(9843)
CVE-2002-1882
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
2005-06-28
2021-06-15
CVE-2002-1882
http://www.securityfocus.com/bid/5901
BID:5901
http://www.oracle.com/technology/deploy/security/pdf/2002alert44rev1.pdf
CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/2002alert44rev1.pdf
http://www.iss.net/security_center/static/10285.php
XF:oracle-ebusiness-unauth-access(10285)
CVE-2002-1883
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
2005-06-28
CVE-2002-1883
http://www.securityfocus.com/bid/5833
BID:5833
http://online.securityfocus.com/archive/1/293556
BUGTRAQ:20020929 QT Assistant leaves port unfiltered
http://lists.trolltech.com/qt-interest/2002-09/thread00549-0.html
MLIST:[Qt-interest] 20020915 assistant leaves port unfiltered
http://www.iss.net/security_center/static/10227.php
XF:qt-assistant-default-port(10227)
CVE-2002-1884
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
2005-06-28
CVE-2002-1884
http://www.securityfocus.com/bid/5849
BID:5849
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
BUGTRAQ:20021002 Multiple Web Security Holes
http://www.iss.net/security_center/static/10308.php
XF:py-membres-admin-privileges(10308)
CVE-2002-1885
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
2005-06-28
2006-09-13
CVE-2002-1885
http://www.securityfocus.com/bid/5860
BID:5860
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
BUGTRAQ:20021002 Multiple Web Security Holes
http://www.iss.net/security_center/static/10309.php
XF:powerphlogger-showhits-file-include(10309)
CVE-2002-1886
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
2005-06-28
CVE-2002-1886
http://www.securityfocus.com/bid/5850
BID:5850
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
BUGTRAQ:20021002 Multiple Web Security Holes
http://www.iss.net/security_center/static/10310.php
XF:tightauction-config-information-disclosure(10310)
CVE-2002-1887
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
2005-06-28
2006-09-13
CVE-2002-1887
http://www.securityfocus.com/bid/5886
BID:5886
http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html
BUGTRAQ:20021003 phpMyNewsletter
http://secunia.com/advisories/7220
SECUNIA:7220
http://www.iss.net/security_center/static/10288.php
XF:phpmynewsletter-customize-file-include(10288)
CVE-2002-1888
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
2005-06-28
CVE-2002-1888
http://www.securityfocus.com/bid/5878
BID:5878
http://archives.neohapsis.com/archives/bugtraq/2002-10/0043.html
BUGTRAQ:20021003 CommonName Toolbar potentially exposes LAN web addresses
http://www.iss.net/security_center/static/10293.php
XF:commonname-intranet-address-disclosure(10293)
CVE-2002-1889
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
2005-06-28
CVE-2002-1889
http://www.securityfocus.com/bid/5898
BID:5898
http://online.securityfocus.com/archive/1/294131
BUGTRAQ:20021004 vulnerabilities in logsurfer
ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc
CONFIRM:ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc
http://www.iss.net/security_center/static/10287.php
XF:logsurfer-contextaction-offbyone-bo(10287)
CVE-2002-1890
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.
2005-06-28
CVE-2002-1890
http://www.securityfocus.com/bid/4984
BID:4984
http://online.securityfocus.com/archive/1/276317
BUGTRAQ:20020611 RHmask
http://www.iss.net/security_center/static/9335.php
XF:rhmask-mask-file-symlink(9335)
CVE-2002-1891
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
2005-06-28
CVE-2002-1891
http://www.securityfocus.com/bid/4998
BID:4998
http://online.securityfocus.com/archive/1/276537
BUGTRAQ:20020612 Remote Hole in IRC Client and Stuff
http://www.iss.net/security_center/static/9340.php
XF:ircit-invite-bo(9340)
CVE-2002-1892
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
2005-06-28
CVE-2002-1892
http://www.securityfocus.com/bid/5830
BID:5830
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00004.html
BUGTRAQ:20021001 NETGEAR FVS318 Information Disclosure
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0133.html
VULNWATCH:20020927 FVS318 Config stores usernames/passwd's in plain text
http://www.iss.net/security_center/static/10216.php
XF:netgear-fvs318-plaintext-passwords(10216)
CVE-2002-1893
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.
2005-06-28
CVE-2002-1893
http://www.securityfocus.com/bid/5906
BID:5906
http://archives.neohapsis.com/archives/bugtraq/2002-10/0085.html
BUGTRAQ:20021006 ArGoSoft Web-Mail security problem
http://www.iss.net/security_center/static/10301.php
XF:argosoft-webmail-xss(10301)
CVE-2002-1894
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
2005-06-28
CVE-2002-1894
http://www.securityfocus.com/bid/6195
BID:6195
http://online.securityfocus.com/archive/1/300362
BUGTRAQ:20021118 XSS bug in phpBB
http://www.phpbb.com/phpBB/viewtopic.php?t=56283
CONFIRM:http://www.phpbb.com/phpBB/viewtopic.php?t=56283
http://www.iss.net/security_center/static/10653.php
XF:phpbb-viewtopic-script-xss(10653)
CVE-2002-1895
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
2005-06-28
2020-02-13
CVE-2002-1895
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0020.html
VULNWATCH:20021011 Apache Tomcat 3.x and 4.0.x: Remote denial-of-service vulnerability
http://www.iss.net/security_center/static/10348.php
XF:tomcat-get-device-dos(10348)
CVE-2002-1896
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
2005-06-28
CVE-2002-1896
http://www.securityfocus.com/bid/5767
BID:5767
http://alsaplayer.org/changelog.php3
CONFIRM:http://alsaplayer.org/changelog.php3
http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67
CONFIRM:http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67
http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001730.html
FULLDISC:20020920 Alsasound local b0f (not an issue if not setuid root)
http://www.iss.net/security_center/static/10157.php
XF:alsaplayer-command-line-bo(10157)
CVE-2002-1897
MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow.
2005-06-28
2006-06-05
CVE-2002-1897
http://www.securityfocus.com/bid/5954
BID:5954
http://seclists.org/lists/bugtraq/2002/Oct/0177.html
BUGTRAQ:20021012 Long URL crashes My Web Server 1.0.2
http://www.mywebserver.org/us/downloads/whats_new_in_this_version.shtml
CONFIRM:http://www.mywebserver.org/us/downloads/whats_new_in_this_version.shtml
http://www.iss.net/security_center/static/10349.php
XF:mywebserver-long-url-dos(10349)
CVE-2002-1898
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
2005-06-28
CVE-2002-1898
http://lists.apple.com/archives/security-announce/2002/Sep/msg00001.html
APPLE:2002-09-20
http://www.securityfocus.com/bid/5768
BID:5768
http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172
MISC:http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172
http://www.iss.net/security_center/static/10156.php
XF:macos-terminal-url-link(10156)
CVE-2002-1899
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.
2005-06-28
CVE-2002-1899
http://archives.neohapsis.com/archives/bugtraq/2002-08/0135.html
BUGTRAQ:20020814 IceWarp Webmail XSS
http://archives.neohapsis.com/archives/bugtraq/2002-11/0172.html
BUGTRAQ:20021112 IceWarp 3.4.5 XSS *AGAIN*
http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt
CONFIRM:http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt
http://www.iss.net/security_center/static/9866.php
XF:icewarp-name-xss(9866)
CVE-2002-1900
Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists.
2005-06-28
CVE-2002-1900
http://www.securityfocus.com/bid/4988
BID:4988
CVE-2002-1901
Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags.
2005-06-28
CVE-2002-1901
http://www.securityfocus.com/bid/4992
BID:4992
CVE-2002-1902
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.
2005-06-28
2021-06-15
CVE-2002-1902
http://www.securityfocus.com/bid/4960
BID:4960
http://freshmeat.net/releases/86842/
CONFIRM:http://freshmeat.net/releases/86842/
http://www.iss.net/security_center/static/10055.php
XF:cgiforum-infinite-recursion-dos(10055)
CVE-2002-1903
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
2005-06-28
CVE-2002-1903
http://www.securityfocus.com/bid/4963
BID:4963
http://online.securityfocus.com/archive/1/276029
BUGTRAQ:20020607 Pine 4.44 Privacy Patch
http://www.iss.net/security_center/static/9297.php
XF:pine-username-disclosure(9297)
CVE-2002-1904
Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request.
2005-06-28
CVE-2002-1904
http://www.securityfocus.com/bid/5960
BID:5960
http://online.securityfocus.com/archive/1/295141
BUGTRAQ:20021013 Pyramid Research Project - ghttpd security advisorie
http://lynorics.sundawn.net/prog/ghttpd.html#versionen
CONFIRM:http://lynorics.sundawn.net/prog/ghttpd.html#versionen
http://www.iss.net/security_center/static/10361.php
XF:gaztek-httpd-log-bo(10361)
CVE-2002-1905
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
2005-06-28
CVE-2002-1905
http://www.securityfocus.com/bid/5964
BID:5964
http://online.securityfocus.com/archive/1/295146
BUGTRAQ:20021013 Security vulnerabilities in Polycom ViaVideo Web component
http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf
http://www.iss.net/security_center/static/10359.php
XF:viavideo-webserver-get-bo(10359)
CVE-2002-1906
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
2005-06-28
CVE-2002-1906
http://www.securityfocus.com/bid/5962
BID:5962
http://online.securityfocus.com/archive/1/295146
BUGTRAQ:20021013 Security vulnerabilities in Polycom ViaVideo Web component
http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf
http://www.iss.net/security_center/static/10360.php
XF:viavideo-inc-request-dos(10360)
CVE-2002-1907
TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
2005-06-28
CVE-2002-1907
http://www.securityfocus.com/bid/5961
BID:5961
http://online.securityfocus.com/archive/1/295149
BUGTRAQ:20021013 Long URL causes TelCondex SimpleWebServer to crash
http://www.iss.net/security_center/static/10367.php
XF:simplewebserver-long-url-dos(10367)
CVE-2002-1908
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
2005-06-28
CVE-2002-1908
http://www.securityfocus.com/bid/5907
BID:5907
http://www.securiteam.com/windowsntfocus/6C00C1F5QA.html
MISC:http://www.securiteam.com/windowsntfocus/6C00C1F5QA.html
http://www.iss.net/security_center/static/10370.php
XF:iis-http-host-dos(10370)
CVE-2002-1909
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password.
2005-06-28
CVE-2002-1909
http://www.securityfocus.com/bid/5969
BID:5969
http://online.securityfocus.com/archive/1/295309
BUGTRAQ:20021015 Ingenium Admin Password Vulnerability
http://www.iss.net/security_center/static/10387.php
XF:ingenium-config-sensitive-information(10387)
CVE-2002-1910
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
2005-06-28
CVE-2002-1910
http://www.securityfocus.com/bid/5970
BID:5970
http://online.securityfocus.com/archive/1/295309
BUGTRAQ:20021015 Ingenium Admin Password Vulnerability
http://www.iss.net/security_center/static/10389.php
XF:ingenium-weak-encryption(10389)
CVE-2002-1911
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
2005-06-28
CVE-2002-1911
http://www.securityfocus.com/bid/5975
BID:5975
http://www.securityfocus.com/archive/1/295434
BUGTRAQ:20021016 NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-10/0238.html
BUGTRAQ:20021017 Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
http://www.iss.net/security_center/static/10379.php
XF:zonealarm-synflood-dos(10379)
CVE-2002-1912
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
2005-06-28
2021-06-15
CVE-2002-1912
http://www.securityfocus.com/bid/5977
BID:5977
http://www.securityfocus.com/archive/1/295516
BUGTRAQ:20021016 [GIS 2002021001] SkyStream EMR5000 DVB router DoS.
http://www.globalintersec.com/adv/skystream-2002021001.txt
MISC:http://www.globalintersec.com/adv/skystream-2002021001.txt
http://www.iss.net/security_center/static/10380.php
XF:skystream-emr5000-kernel-dos(10380)
CVE-2002-1913
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
2005-06-28
CVE-2002-1913
http://www.securityfocus.com/bid/5982
BID:5982
http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html
BUGTRAQ:20021016 phptonuke allows Remote File Retrieving
http://www.iss.net/security_center/static/10396.php
XF:myphpnuke-phptonuke-view-files(10396)
CVE-2002-1914
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.
2005-06-28
2006-03-20
CVE-2002-1914
http://www.securityfocus.com/bid/5264
BID:5264
http://online.securityfocus.com/archive/1/283033
BUGTRAQ:20020717 asciiSECURE advisory (2002-07-17/1)
http://support.avaya.com/elmodocs2/security/ASA-2006-156.htm
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-156.htm
http://www.redhat.com/support/errata/RHSA-2005-583.html
REDHAT:RHSA-2005:583
http://secunia.com/advisories/21520
SECUNIA:21520
http://www.iss.net/security_center/static/9632.php
XF:dump-flock-dumpdates-dos(9632)
CVE-2002-1915
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
2005-06-28
CVE-2002-1915
http://www.securityfocus.com/bid/5265
BID:5265
http://online.securityfocus.com/archive/1/283033
BUGTRAQ:20020717 asciiSECURE advisory (2002-07-17/1)
http://www.iss.net/security_center/static/9633.php
XF:tip-flock-acculog-dos(9633)
CVE-2002-1916
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
2005-06-28
CVE-2002-1916
http://www.securiteam.com/windowsntfocus/6F00A205QQ.html
MISC:http://www.securiteam.com/windowsntfocus/6F00A205QQ.html
http://www.iss.net/security_center/static/10395.php
XF:pirch-auto-log-dos(10395)
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
2005-06-28
CVE-2002-1917
http://www.securityfocus.com/bid/5271
BID:5271
http://online.securityfocus.com/archive/1/283140
BUGTRAQ:20020719 Geeklog XSS and CRLF Injection
http://www.iss.net/security_center/static/9639.php
XF:geeklog-email-crlf-injection(9639)
CVE-2002-1918
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
2005-06-28
2017-07-10
CVE-2002-1918
http://www.securityfocus.com/bid/4849
BID:4849
http://www.nextgenss.com/vna/ms-ado.txt
MISC:http://www.nextgenss.com/vna/ms-ado.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10186
XF:ms-ado-bo(10186)
CVE-2002-1919
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
2005-06-28
2009-04-11
CVE-2002-1919
http://www.securityfocus.com/bid/4861
BID:4861
http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html
BUGTRAQ:20020527 Re: VP-ASP shopping cart software.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0061.html
BUGTRAQ:20020610 Re: VP-ASP shopping cart software.
CVE-2002-1920
Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name.
2005-06-28
CVE-2002-1920
http://www.securityfocus.com/bid/4862
BID:4862
http://online.securityfocus.com/archive/1/274279
BUGTRAQ:20020527 Problems with various windows FTP servers
http://www.iss.net/security_center/static/9189.php
XF:ftpxq-mkd-bo(9189)
CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
2005-06-28
CVE-2002-1921
http://www.securityfocus.com/bid/5511
BID:5511
http://online.securityfocus.com/archive/1/288105
BUGTRAQ:20020818 Weak MySQL Default Configuration on Windows
http://www.iss.net/security_center/static/9908.php
XF:mysql-disabled-binding-loopback(9908)
CVE-2002-1922
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
2005-06-28
CVE-2002-1922
http://www.securityfocus.com/bid/5997
BID:5997
http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html
BUGTRAQ:20021018 vBulletin XSS Security Bug
http://www.iss.net/security_center/static/10407.php
XF:vBulletin-usercp-xss(10407)
CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
2005-06-28
CVE-2002-1923
http://www.securityfocus.com/bid/5513
BID:5513
http://online.securityfocus.com/archive/1/288105
BUGTRAQ:20020818 Weak MySQL Default Configuration on Windows
http://www.iss.net/security_center/static/9909.php
XF:mysql-win-logging-disabled(9909)
CVE-2002-1924
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
2005-06-28
CVE-2002-1924
http://www.securityfocus.com/bid/5069
BID:5069
http://online.securityfocus.com/archive/1/277930
BUGTRAQ:20020620 bugtraq@security.nnov.ru list issues
http://www.security.nnov.ru/news2064.html
MISC:http://www.security.nnov.ru/news2064.html
http://www.iss.net/security_center/static/9413.php
XF:powerchute-dir-world-writeable(9413)
CVE-2002-1925
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.
2005-06-28
CVE-2002-1925
http://www.securityfocus.com/bid/5525
BID:5525
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00298.html
BUGTRAQ:20020820 NSSI-2002-tpfw: Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
http://www.iss.net/security_center/static/9918.php
XF:tinyfw-portscan-log-dos(9918)
CVE-2002-1926
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
2005-06-28
CVE-2002-1926
http://www.securityfocus.com/bid/5533
BID:5533
http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html
BUGTRAQ:20020821 bugtraq@security.nnov.ru list issues [2]
http://www.iss.net/security_center/static/9929.php
XF:aquonics-filemanager-directory-traversal(9929)
CVE-2002-1927
Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.
2005-06-28
2017-07-10
CVE-2002-1927
http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html
BUGTRAQ:20020821 bugtraq@security.nnov.ru list issues [2]
https://exchange.xforce.ibmcloud.com/vulnerabilities/9930
XF:aquonics-filemanager-userlist-access(9930)
CVE-2002-1928
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
2005-06-28
CVE-2002-1928
http://archives.neohapsis.com/archives/bugtraq/2002-10/0265.html
BUGTRAQ:20021018 interSEC security advisory - Multiple bugs in Web602 web server
http://www.iss.net/security_center/static/10450.php
XF:602pro-get-directory-tree(10450)
CVE-2002-1929
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
2005-06-28
2007-11-02
CVE-2002-1929
http://www.securityfocus.com/bid/6018
BID:6018
http://www.securityfocus.com/bid/6019
BID:6019
http://www.securityfocus.com/bid/6020
BID:6020
http://online.securityfocus.com/archive/1/296387
BUGTRAQ:20021020 XSS vulnerabilites in Pafiledb
http://www.securiteam.com/unixfocus/6J00Q0A5PK.html
MISC:http://www.securiteam.com/unixfocus/6J00Q0A5PK.html
http://www.iss.net/security_center/static/10416.php
XF:pafiledb-script-xss(10416)
CVE-2002-1930
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
2005-06-28
CVE-2002-1930
http://www.securityfocus.com/bid/6012
BID:6012
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0032.html
VULNWATCH:20021021 AN HTTPD SOCKS4 username Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/10410.php
XF:an-http-socks4-bo(10410)
CVE-2002-1931
Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.
2005-06-28
CVE-2002-1931
http://www.securityfocus.com/bid/6021
BID:6021
http://online.securityfocus.com/archive/1/296387
BUGTRAQ:20021020 XSS vulnerabilites in Pafiledb
http://www.phparena.net/downloads/pafiledb.php?action=license&id=1&file=16
CONFIRM:http://www.phparena.net/downloads/pafiledb.php?action=license&id=1&file=16
http://www.iss.net/security_center/static/10451.php
XF:pafiledb-url-request-xss(10451)
CVE-2002-1932
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
2005-06-28
CVE-2002-1932
http://www.securityfocus.com/bid/5972
BID:5972
http://online.securityfocus.com/archive/1/295341
BUGTRAQ:20021011 A full event log does not send administrative alerts
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;329350
MSKB:Q329350
http://www.iss.net/security_center/static/10377.php
XF:win-admin-alerts-fail(10377)
CVE-2002-1933
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
2005-06-28
CVE-2002-1933
http://www.securityfocus.com/bid/5535
BID:5535
http://online.securityfocus.com/archive/1/288415
BUGTRAQ:20020821 bugtraq@security.nnov.ru list issues [2]
http://www.iss.net/security_center/static/9946.php
XF:win2k-ts-screensaver-unlocked(9946)
CVE-2002-1934
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
2005-06-28
CVE-2002-1934
http://www.securityfocus.com/bid/5534
BID:5534
http://online.securityfocus.com/archive/1/288383
BUGTRAQ:20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones
http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt
MISC:http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt
http://www.iss.net/security_center/static/9948.php
XF:pingtel-xpressa-information-leak(9948)
CVE-2002-1935
Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
2005-06-28
CVE-2002-1935
http://www.securityfocus.com/bid/5537
BID:5537
http://online.securityfocus.com/archive/1/288383
BUGTRAQ:20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones
http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt
MISC:http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt
http://www.iss.net/security_center/static/9949.php
XF:pingtel-xpressa-weak-parameters(9949)
CVE-2002-1936
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
2005-06-28
CVE-2002-1936
http://www.securityfocus.com/bid/5564
BID:5564
http://online.securityfocus.com/archive/1/288866
BUGTRAQ:20020823 UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw
http://www.iss.net/security_center/static/9951.php
XF:utstarcom-bas-default-accounts(9951)
CVE-2002-1937
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
2005-06-28
CVE-2002-1937
http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html
BUGTRAQ:20021022 Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R
http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html
BUGTRAQ:20021022 Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R
http://www.iss.net/security_center/static/10442.php
XF:firewallvpn-arp-mitm(10442)
CVE-2002-1938
Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters.
2005-06-28
CVE-2002-1938
http://www.securityfocus.com/bid/6031
BID:6031
http://online.securityfocus.com/archive/1/296635
BUGTRAQ:20021022 Virgil CGI Scanner Vulnerability
http://www.iss.net/security_center/static/10444.php
XF:virgil-cgi-execute-commands(10444)
CVE-2002-1939
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
2005-06-28
CVE-2002-1939
http://www.securityfocus.com/bid/6032
BID:6032
http://online.securityfocus.com/archive/1/296658
BUGTRAQ:20021022 FlashFXP 1.4 Local Password Disclosure Vulnerability
http://www.iss.net/security_center/static/10445.php
XF:flashfxp-password-disclosure(10445)
CVE-2002-1940
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
2005-06-28
CVE-2002-1940
http://www.securityfocus.com/bid/5391
BID:5391
http://archives.neohapsis.com/archives/bugtraq/2002-07/0504.html
BUGTRAQ:20020802 Lcc-win32 infos diffusion
http://www.iss.net/security_center/static/9749.php
XF:lccwin32-binary-file-disclosure(9749)
CVE-2002-1941
Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request with the Host header set.
2005-06-28
CVE-2002-1941
http://www.securityfocus.com/bid/6034
BID:6034
http://online.securityfocus.com/archive/1/296759
BUGTRAQ:20021023 [SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability
http://www.iss.net/security_center/static/10447.php
XF:webserver-4everyone-host-bo(10447)
CVE-2002-1942
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service (crash) via a large number of concurrent sessions.
2005-06-28
CVE-2002-1942
http://www.securityfocus.com/bid/5394
BID:5394
http://archives.neohapsis.com/archives/bugtraq/2002-07/0507.html
BUGTRAQ:20020802 Xitami Connection Flood Server Termination Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-07/0516.html
BUGTRAQ:20020804 Clarification on Xitami DoS
http://www.iss.net/security_center/static/9751.php
XF:xitami-keep-alive-dos(9751)
CVE-2002-1943
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
2005-06-28
CVE-2002-1943
http://www.securityfocus.com/bid/5822
BID:5822
http://online.securityfocus.com/archive/1/293443
BUGTRAQ:20020927 SafeTP coughs up internal server IP addresses
http://www.iss.net/security_center/static/10210.php
XF:safetp-passivemode-ip-disclosure(10210)
CVE-2002-1944
Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap.
2005-06-28
CVE-2002-1944
http://archives.neohapsis.com/archives/bugtraq/2002-10/0429.html
BUGTRAQ:20021030 Motorola Cable Modem DOS
http://www.iss.net/security_center/static/10513.php
XF:motorola-surfboard-portscan-dos(10513)
CVE-2002-1945
Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3).
2005-06-28
2005-07-12
CVE-2002-1945
http://www.securityfocus.com/bid/6075
BID:6075
http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html
BUGTRAQ:20021031 SmartMail server DOS
http://www.iss.net/security_center/static/10512.php
XF:smartmail-server-ports-dos(10512)
CVE-2002-1946
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
2005-06-28
CVE-2002-1946
http://archives.neohapsis.com/archives/bugtraq/2002-10/0438.html
BUGTRAQ:20021101 Weak Password Encryption Scheme in Integrated Dialer
http://www.iss.net/security_center/static/10517.php
XF:integrated-dialer-weak-encryption(10517)
CVE-2002-1947
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
2005-06-28
2021-06-15
CVE-2002-1947
http://www.securityfocus.com/bid/5936
BID:5936
http://www.webmin.com/changes.html
CONFIRM:http://www.webmin.com/changes.html
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
FREEBSD:FreeBSD-SA-02:06
http://www.iss.net/security_center/static/10381.php
XF:webmin-identical-ssl-keys(10381)
CVE-2002-1948
Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors.
2005-06-28
CVE-2002-1948
http://www.securityfocus.com/bid/5488
BID:5488
http://www.iss.net/security_center/static/9882.php
XF:gringotts-multiple-bo(9882)
CVE-2002-1949
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
2005-06-28
CVE-2002-1949
http://www.securityfocus.com/bid/6092
BID:6092
http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html
BUGTRAQ:20021101 Iomega NAS A300U security and inter-operability issues
http://www.iss.net/security_center/static/10521.php
XF:iomega-plaintext-administrative-password(10521)
CVE-2002-1950
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list.
2005-06-28
CVE-2002-1950
http://www.securityfocus.com/bid/5946
BID:5946
http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html
BUGTRAQ:20021010 Multiple vulnerabilities in phpRank
http://www.iss.net/security_center/static/10351.php
XF:phprank-banner-url-xss(10351)
CVE-2002-1951
Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.
2005-06-28
2017-12-19
CVE-2002-1951
http://www.securityfocus.com/bid/5464
BID:5464
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
CONFIRM:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
http://www.securiteam.com/securitynews/5MP0C1580W.html
MISC:http://www.securiteam.com/securitynews/5MP0C1580W.html
http://osvdb.org/81099
OSVDB:81099
http://www.iss.net/security_center/static/9884.php
XF:goahead-long-url-bo(9884)
CVE-2002-1952
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
2005-06-28
2005-08-05
CVE-2002-1952
http://www.securityfocus.com/bid/5948
BID:5948
http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html
BUGTRAQ:20021010 Multiple vulnerabilities in phpRank
http://www.iss.net/security_center/static/10353.php
XF:phprank-null-bypass-authentication(10353)
CVE-2002-1953
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.
2005-06-28
CVE-2002-1953
http://www.securityfocus.com/bid/5492
BID:5492
http://online.securityfocus.com/archive/1/288980
BUGTRAQ:20020824 AOL Instant Messenger Heap Overflow
http://www.iss.net/security_center/static/9950.php
XF:aim-goim-screenname-bo(9950)
CVE-2002-1954
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
2005-06-28
CVE-2002-1954
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
BUGTRAQ:20030603 PHP XSS exploit in phpinfo()
http://www.techie.hopto.org/vulns/2002-36.txt
MISC:http://www.techie.hopto.org/vulns/2002-36.txt
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0021.html
VULNWATCH:20021013 PHP Information Functions May Allow Cross-Site Scripting
http://www.iss.net/security_center/static/10355.php
XF:php-phpinfo-xss(10355)
CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.
2005-06-28
CVE-2002-1955
http://www.securityfocus.com/bid/6093
BID:6093
http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html
BUGTRAQ:20021101 Iomega NAS A300U security and inter-operability issues
http://www.iss.net/security_center/static/10523.php
XF:iomega-nas-a300u-mitm(10523)
CVE-2002-1956
ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.
2005-06-28
CVE-2002-1956
http://www.securityfocus.com/bid/5172
BID:5172
http://www.iss.net/security_center/static/9504.php
XF:rox-filer-insecure-permissions(9504)
CVE-2002-1957
Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages.
2005-06-28
2021-06-15
CVE-2002-1957
http://www.securityfocus.com/bid/5152
BID:5152
http://siag.nu/pen/news-0.9.3.shtml
CONFIRM:http://siag.nu/pen/news-0.9.3.shtml
http://www.iss.net/security_center/static/9505.php
XF:pen-netlog-bo(9505)
CVE-2002-1958
Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.
2005-06-28
2007-10-23
CVE-2002-1958
http://www.securityfocus.com/bid/5173
BID:5173
http://www.securityfocus.com/bid/6013
BID:6013
http://sourceforge.net/forum/forum.php?forum_id=191501
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=191501
http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html
FULLDISC:20021021 kmMail XSS
http://www.iss.net/security_center/static/9507.php
XF:kmmail-safe-tag-xss(9507)
CVE-2002-1959
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
2005-06-28
CVE-2002-1959
http://www.securityfocus.com/bid/5174
BID:5174
http://www.nagios.org/changelog.php
CONFIRM:http://www.nagios.org/changelog.php
http://www.iss.net/security_center/static/9508.php
XF:nagios-plugin-command-execution(9508)
CVE-2002-1960
Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
2005-06-28
CVE-2002-1960
http://www.securityfocus.com/bid/5151
BID:5151
http://www.share360.com/products/s360/Release_Notes.html
CONFIRM:http://www.share360.com/products/s360/Release_Notes.html
http://www.iss.net/security_center/static/9510.php
XF:share360-xss(9510)
CVE-2002-1961
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot).
2005-06-28
CVE-2002-1961
http://www.securityfocus.com/bid/5634
BID:5634
http://archives.neohapsis.com/archives/bugtraq/2002-09/0032.html
BUGTRAQ:20020904 Bypassing the Finjan SurfinGate URL filter
http://archives.neohapsis.com/archives/bugtraq/2002-09/0043.html
BUGTRAQ:20020904 RE: Bypassing the Finjan SurfinGate URL filter
http://www.iss.net/security_center/static/10037.php
XF:finjan-surfingate-dot-bypass(10037)
CVE-2002-1962
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname.
2005-06-28
CVE-2002-1962
http://www.securityfocus.com/bid/5629
BID:5629
http://archives.neohapsis.com/archives/bugtraq/2002-09/0032.html
BUGTRAQ:20020904 Bypassing the Finjan SurfinGate URL filter
http://archives.neohapsis.com/archives/bugtraq/2002-09/0043.html
BUGTRAQ:20020904 RE: Bypassing the Finjan SurfinGate URL filter
http://www.iss.net/security_center/static/10038.php
XF:finjan-surfingate-ip-bypass(10038)
CVE-2002-1963
Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.
2005-06-28
CVE-2002-1963
http://www.securityfocus.com/bid/5178
BID:5178
http://online.securityfocus.com/archive/1/281100
BUGTRAQ:20020707 Linux kernels DoSable by file-max limit
http://www.securityfocus.com/archive/1/281359
BUGTRAQ:20020708 Re: Linux kernels DoSable by file-max limit
http://www.iss.net/security_center/static/9515.php
XF:linux-file-limit-dos(9515)
CVE-2002-1964
Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors.
2005-06-28
CVE-2002-1964
http://www.securityfocus.com/bid/5021
BID:5021
CVE-2002-1965
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
2005-06-28
CVE-2002-1965
http://www.securityfocus.com/bid/5025
BID:5025
http://online.securityfocus.com/archive/1/277058
BUGTRAQ:20020614 ALERT: Xitami 2.5b5
http://online.securityfocus.com/archive/1/279269
BUGTRAQ:20020627 Xitami 2.5 Beta Errors.gsl Script Injection Vulnerabilities
CVE-2002-1966
Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
2005-06-28
CVE-2002-1966
http://www.securityfocus.com/bid/5029
BID:5029
http://packetstormsecurity.nl/0206-exploits/magiccard_vuln.txt
MISC:http://packetstormsecurity.nl/0206-exploits/magiccard_vuln.txt
http://www.securiteam.com/unixfocus/5IP0G2K7FQ.html
MISC:http://www.securiteam.com/unixfocus/5IP0G2K7FQ.html
CVE-2002-1967
Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command.
2005-06-28
CVE-2002-1967
http://www.securityfocus.com/bid/5185
BID:5185
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0005.html
VULNWATCH:20020705 bug
http://www.iss.net/security_center/static/9516.php
XF:xircon-client-command-dos(9516)
CVE-2002-1968
Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server.
2005-06-28
CVE-2002-1968
http://archives.neohapsis.com/archives/bugtraq/2002-12/0017.html
BUGTRAQ:20021128 Lag Security Advisory - Com21 cable modem configuration file feeding vulnerability
http://securitytracker.com/id?1005524
SECTRACK:1005524
http://www.iss.net/security_center/static/10543.php
XF:com21-doxport-config-file(10543)
CVE-2002-1969
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.
2005-06-28
CVE-2002-1969
http://www.securityfocus.com/bid/6106
BID:6106
http://www.iss.net/security_center/static/10562.php
XF:magic-book-username-dos(10562)
CVE-2002-1970
SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.
2005-06-28
CVE-2002-1970
http://www.securityfocus.com/bid/6109
BID:6109
http://online.securityfocus.com/archive/1/298587
BUGTRAQ:20021105 SnortCenter 0.9.5 temp file naming problems...
http://www.iss.net/security_center/static/10540.php
XF:snortcenter-tmp-file-insecure(10540)
CVE-2002-1971
The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument.
2005-06-28
CVE-2002-1971
http://www.securityfocus.com/bid/6107
BID:6107
http://online.securityfocus.com/archive/1/298588
BUGTRAQ:20021105 networking_utils.php
http://www.sourcecraft.org/index.php
CONFIRM:http://www.sourcecraft.org/index.php
http://securitytracker.com/id?1005543
SECTRACK:1005543
http://www.iss.net/security_center/static/10541.php
XF:networkingutils-ping-read-files(10541)
CVE-2002-1972
Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports.
2005-06-28
2021-06-15
CVE-2002-1972
http://freshmeat.net/releases/101529/
CONFIRM:http://freshmeat.net/releases/101529/
http://securitytracker.com/id?1005534
SECTRACK:1005534
http://www.iss.net/security_center/static/10552.php
XF:pp-powerswitch-port-access(10552)
CVE-2002-1973
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
2005-06-28
2017-07-10
CVE-2002-1973
http://www.securityfocus.com/bid/5188
BID:5188
http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html
BUGTRAQ:20020708 ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0135.html
BUGTRAQ:20020711 MFC ISAPI Framework Buffer Overflow
http://archives.neohapsis.com/archives/bugtraq/2002-07/0145.html
BUGTRAQ:20020712 MFC Overflow Test Code
http://archives.neohapsis.com/archives/bugtraq/2002-07/0144.html
BUGTRAQ:20020712 Re: MFC ISAPI Framework Buffer Overflow
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;216562
MSKB:216562
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310649
MSKB:310649
https://exchange.xforce.ibmcloud.com/vulnerabilities/9529
XF:mfc-lib-isapi-bo(9529)
CVE-2002-1974
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
2005-06-28
CVE-2002-1974
http://www.securityfocus.com/bid/5200
BID:5200
http://online.securityfocus.com/archive/1/281437
BUGTRAQ:20020710 Multiple Security Vulnerabilities in Sharp Zaurus
http://www.securityfocus.com/archive/1/281549
BUGTRAQ:20020710 Re: Multiple Security Vulnerabilities in Sharp Zaurus
http://www.securityfocus.com/archive/1/281652
BUGTRAQ:20020711 Re: Multiple Security Vulnerabilities in Sharp Zaurus
http://www.iss.net/security_center/static/9534.php
XF:zaurus-insecure-ftp-permissions(9534)
CVE-2002-1975
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
2005-06-28
CVE-2002-1975
http://www.securityfocus.com/bid/5201
BID:5201
http://online.securityfocus.com/archive/1/281437
BUGTRAQ:20020710 Multiple Security Vulnerabilities in Sharp Zaurus
http://www.iss.net/security_center/static/9535.php
XF:zaurus-passcode-weak-encryption(9535)
CVE-2002-1976
ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
2005-06-28
2005-07-15
CVE-2002-1976
http://www.securityfocus.com/bid/5304
BID:5304
http://archives.neohapsis.com/archives/bugtraq/2002-07/0279.html
BUGTRAQ:20020724 Interface promiscuity obscurity in Linux
http://online.securityfocus.com/archive/1/284142
BUGTRAQ:20020724 Re: Interface promiscuity obscurity in Linux
http://online.securityfocus.com/archive/1/284257
BUGTRAQ:20020725 Re: Interface promiscuity obscurity in Linux
http://www.iss.net/security_center/static/9676.php
XF:linux-ifconfig-promiscuous-mode(9676)
CVE-2002-1977
Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.
2005-06-28
CVE-2002-1977
http://www.securityfocus.com/bid/5318
BID:5318
http://archives.neohapsis.com/archives/bugtraq/2002-07/0313.html
BUGTRAQ:20020725 PGP 7.04 Patch Modifies the Password Cache Setting
http://archives.neohapsis.com/archives/bugtraq/2002-07/0322.html
BUGTRAQ:20020725 RE: PGP 7.04 Patch Modifies the Password Cache Setting
http://www.iss.net/security_center/static/9690.php
XF:pgp-passphrase-cache(9690)
CVE-2002-1978
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
2005-06-28
2009-04-03
CVE-2002-1978
http://www.securityfocus.com/bid/6010
BID:6010
http://www.kb.cert.org/vuls/id/328867
CERT-VN:VU#328867
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
NETBSD:NetBSD-SA2002-024
http://securitytracker.com/id?1005442
SECTRACK:1005442
http://www.iss.net/security_center/static/10409.php
XF:ip-filter-bypass-firewall(10409)
CVE-2002-1979
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
2005-06-28
2009-04-03
CVE-2002-1979
http://www.kb.cert.org/vuls/id/328867
CERT-VN:VU#328867
http://www.kb.cert.org/vuls/id/AAMN-5EQR65
CONFIRM:http://www.kb.cert.org/vuls/id/AAMN-5EQR65
CVE-2002-1980
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
2005-06-28
CVE-2002-1980
http://www.securityfocus.com/bid/5207
BID:5207
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45707
SUNALERT:45707
http://www.iss.net/security_center/static/9545.php
XF:solaris-vold-bo(9545)
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
2005-06-28
CVE-2002-1981
http://www.securityfocus.com/bid/5604
BID:5604
http://seclists.org/lists/bugtraq/2002/Sep/0009.html
BUGTRAQ:20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)
http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt
MISC:http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt
http://www.iss.net/security_center/static/10012.php
XF:mssql-sp-public-access(10012)
CVE-2002-1982
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.
2005-06-28
CVE-2002-1982
http://www.securityfocus.com/bid/5189
BID:5189
http://www.securityfocus.com/archive/82/281274
VULN-DEV:20020709 VANED LABS: icecast filesystem disclosure
http://www.iss.net/security_center/static/9530.php
XF:icecast-dotdot-information-disclosure(9530)
CVE-2002-1983
The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.
2005-06-28
2017-07-10
CVE-2002-1983
http://www.securityfocus.com/bid/6114
BID:6114
http://online.securityfocus.com/archive/1/298689
BUGTRAQ:20021106 QNX 6.1 TimeCreate weakness
https://exchange.xforce.ibmcloud.com/vulnerabilities/10550
XF:qnx-rtp-timer-dos(10550)
CVE-2002-1984
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
2005-06-28
CVE-2002-1984
http://www.securityfocus.com/bid/5094
BID:5094
http://seclists.org/bugtraq/2002/Jun/0303.html
BUGTRAQ:20020625 A DoS against IE in W2K and XP? You Make the Call...
CVE-2002-1985
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
2005-06-28
CVE-2002-1985
http://www.securityfocus.com/bid/6151
BID:6151
http://online.securityfocus.com/archive/1/299232
BUGTRAQ:20021111 Buffer Overflow in iSMTP Gateway
http://www.nii.co.in/vuln/ismtp.html
MISC:http://www.nii.co.in/vuln/ismtp.html
http://www.iss.net/security_center/static/10577.php
XF:ismtp-mailfrom-command-bo(10577)
CVE-2002-1986
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
2005-06-28
CVE-2002-1986
http://www.securityfocus.com/bid/6188
BID:6188
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0074.html
VULNWATCH:20021114 Perception LiteServe HTTP CGI Disclosure Vulnerability
http://www.iss.net/security_center/static/10635.php
XF:liteserve-script-source-disclosure(10635)
CVE-2002-1987
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).
2005-07-14
CVE-2002-1987
http://www.securityfocus.com/bid/5031
BID:5031
http://online.securityfocus.com/archive/1/277225
BUGTRAQ:20020617 KPMG-2002020: Resin view_source.jsp Arbitrary File Reading
http://www.iss.net/security_center/static/9351.php
XF:resin-viewsource-directory-traversal(9351)
CVE-2002-1988
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
2005-07-14
CVE-2002-1988
http://www.securityfocus.com/bid/5032
BID:5032
http://online.securityfocus.com/archive/1/277232
BUGTRAQ:20020617 KPMG-2002021: Resin Large Parameter Denial of Service
http://www.iss.net/security_center/static/9352.php
XF:resin-large-variable-dos(9352)
CVE-2002-1989
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
2005-07-14
CVE-2002-1989
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html
VULNWATCH:20020617 KPMG-2002022: Resin DOS device Denial of Service
CVE-2002-1990
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.
2005-07-14
CVE-2002-1990
http://www.securityfocus.com/bid/5095
BID:5095
http://online.securityfocus.com/archive/1/278747
BUGTRAQ:20020625 Caucho Resin Path Disclosure
http://www.iss.net/security_center/static/9419.php
XF:resin-example-path-disclosure(9419)
CVE-2002-1991
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
2005-07-14
2021-06-15
CVE-2002-1991
http://www.securityfocus.com/bid/5037
BID:5037
http://online.securityfocus.com/archive/1/277312
BUGTRAQ:20020616 PHP source injection in osCommerce
http://www.oscommerce.com/about.php/news,72
CONFIRM:http://www.oscommerce.com/about.php/news,72
http://www.iss.net/security_center/static/9369.php
XF:oscommerce-include-remote-files(9369)
CVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
2005-07-14
CVE-2002-1992
http://www.securityfocus.com/bid/5121
BID:5121
http://www.macromedia.com/v1/handlers/index.cfm?ID=23161
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23161
http://www.iss.net/security_center/static/9460.php
XF:coldfusion-mx-jrundll-bo(9460)
CVE-2002-1993
webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
2005-07-14
CVE-2002-1993
http://www.securityfocus.com/bid/5048
BID:5048
http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html
BUGTRAQ:20020618 WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via "followup" bug
http://www.iss.net/security_center/static/9378.php
XF:webbs-followup-execute-commands(9378)
CVE-2002-1994
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
2005-07-14
CVE-2002-1994
http://www.securityfocus.com/bid/5080
BID:5080
http://online.securityfocus.com/archive/1/278181
BUGTRAQ:20020621 AdvServer DoS
http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt
MISC:http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt
http://www.iss.net/security_center/static/9410.php
XF:advserver-http-crlf-dos(9410)
CVE-2002-1995
Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
2005-07-14
CVE-2002-1995
http://www.securityfocus.com/bid/3807
BID:3807
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0048.html
VULN-DEV:20020106 CSS in PHPNuke add-on
http://www.iss.net/security_center/static/7837.php
XF:phpnuke-phptonuke-css(7837)
CVE-2002-1996
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.
2005-07-14
2021-06-15
CVE-2002-1996
http://www.securityfocus.com/bid/4350
BID:4350
http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html
BUGTRAQ:20020322 PostNuke Bugged
http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html
BUGTRAQ:20020322 Re: PostNuke Bugged
http://sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228
MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228
http://www.iss.net/security_center/static/8605.php
XF:postnuke-modules-index-css(8605)
CVE-2002-1997
ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension.
2005-07-14
2017-07-10
CVE-2002-1997
http://www.securityfocus.com/bid/4407
BID:4407
http://www.securityfocus.com/archive/1/265387
BUGTRAQ:20020402 Various Vulnerabilities in ZoneAlarm MailSafe
https://exchange.xforce.ibmcloud.com/vulnerabilities/8744
XF:zonealarm-mailsafe-dot-bypass(8744)
CVE-2002-1998
Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21).
2005-07-14
CVE-2002-1998
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0129.html
BUGTRAQ:20020110 Re: Unixware 7.1.1 rpc.cmsd remote exploit code.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0127.html
BUGTRAQ:20020110 Unixware 7.1.1 rpc.cmsd remote exploit code.
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.12/CSSA-2002-SCO.12.txt
CALDERA:CSSA-2002-SCO.12
http://www.iss.net/security_center/static/8597.php
XF:openunix-unixware-rpccmsd-bo(8597)
CVE-2002-1999
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.
2005-07-14
CVE-2002-1999
http://www.securityfocus.com/bid/4342
BID:4342
http://www.ciac.org/ciac/bulletins/m-061.shtml
CIAC:M-061
http://archives.neohapsis.com/archives/hp/2002-q1/0092.html
HP:HPSBUX0203-189
http://www.iss.net/security_center/static/8606.php
XF:hp-praesidium-unauth-access(8606)
CVE-2002-2000
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
2005-07-14
CVE-2002-2000
http://www.securityfocus.com/bid/4184
BID:4184
http://ftp.support.compaq.com/patches/.new/html/SSRT0813.shtml
COMPAQ:SSRT0813
http://www.iss.net/security_center/static/8306.php
XF:openvms-acms-process-privileges(8306)
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
2021-11-11
2024-01-10
CVE-2002-20001
https://dheatattack.gitlab.io/
MISC:https://dheatattack.gitlab.io/
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
MISC:https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
https://dheatattack.com
MISC:https://dheatattack.com
https://github.com/Balasys/dheater
MISC:https://github.com/Balasys/dheater
https://github.com/mozilla/ssl-config-generator/issues/162
MISC:https://github.com/mozilla/ssl-config-generator/issues/162
https://gitlab.com/dheatattack/dheater
MISC:https://gitlab.com/dheatattack/dheater
https://support.f5.com/csp/article/K83120834
MISC:https://support.f5.com/csp/article/K83120834
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt
MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt
https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/
MISC:https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/
https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/
MISC:https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/
https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol
MISC:https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol
https://www.suse.com/support/kb/doc/?id=000020510
MISC:https://www.suse.com/support/kb/doc/?id=000020510
CVE-2002-2001
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
2005-07-14
2007-10-18
CVE-2002-2001
http://www.securityfocus.com/bid/3940
BID:3940
http://www.mandriva.com/security/advisories?name=MDKSA-2002:008
MANDRAKE:MDKSA-2002:008
http://www.iss.net/security_center/static/7980.php
XF:linux-jmcce-tmp-symlink(7980)
CVE-2002-2002
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.
2005-07-14
CVE-2002-2002
http://www.securityfocus.com/bid/4544
BID:4544
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.html
BUGTRAQ:20020417 [SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
COMPAQ:SSRT0771U
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
COMPAQ:SSRT541
http://www.lac.co.jp/security/english/snsadv_e/51_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/51_e.html
http://www.iss.net/security_center/static/8863.php
XF:libc-lang-locpath-bo(8863)
CVE-2002-2003
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
2005-07-14
CVE-2002-2003
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
COMPAQ:SSRT541
CVE-2002-2004
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
2005-07-14
CVE-2002-2004
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
COMPAQ:SSRT541
CVE-2002-2005
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.
2005-07-14
2017-02-15
CVE-2002-2005
http://www.securityfocus.com/bid/4310
BID:4310
http://archives.neohapsis.com/archives/hp/2002-q1/0084.html
HP:HPSBUX0203-188
http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00279.html
SUN:00217
http://www.iss.net/security_center/static/8483.php
XF:java-webstart-access-resources(8483)
CVE-2002-2006
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
2005-07-14
2020-02-13
CVE-2002-2006
http://www.securityfocus.com/bid/4575
BID:4575
http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
BUGTRAQ:20020422 Tomcat real path disclosure (2)
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://secunia.com/advisories/30899
SECUNIA:30899
http://secunia.com/advisories/30908
SECUNIA:30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SUNALERT:239312
http://www.vupen.com/english/advisories/2008/1979/references
VUPEN:ADV-2008-1979
http://www.iss.net/security_center/static/8932.php
XF:tomcat-example-class-information(8932)
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
2005-07-14
CVE-2002-2007
http://www.securityfocus.com/bid/4876
BID:4876
http://www.securityfocus.com/bid/4877
BID:4877
http://www.securityfocus.com/bid/4878
BID:4878
http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.html
BUGTRAQ:20020529 Vulnerability in Apache Tomcat v3.23 & v3.24
http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.html
BUGTRAQ:20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)
http://www.kb.cert.org/vuls/id/116963
CERT-VN:VU#116963
http://www.procheckup.com/security_info/vuln_pr0205.html
MISC:http://www.procheckup.com/security_info/vuln_pr0205.html
http://www.procheckup.com/security_info/vuln_pr0206.html
MISC:http://www.procheckup.com/security_info/vuln_pr0206.html
http://www.procheckup.com/security_info/vuln_pr0207.html
MISC:http://www.procheckup.com/security_info/vuln_pr0207.html
http://www.iss.net/security_center/static/9208.php
XF:tomcat-sample-reveal-path(9208)
CVE-2002-2008
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
2005-07-14
2020-02-13
CVE-2002-2008
http://www.securityfocus.com/bid/5054
BID:5054
http://archives.neohapsis.com/archives/bugtraq/2002-06/0225.html
BUGTRAQ:20020619 KPMG-2002024: Apache Tomcat Path Disclosure
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://www.iss.net/security_center/static/9394.php
XF:tomcat-lpt9-path-disclosure(9394)
CVE-2002-2009
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
2005-07-14
2020-02-13
CVE-2002-2009
http://www.securityfocus.com/bid/4557
BID:4557
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html
BUGTRAQ:20010419 Re: Tomcat 4.1 real path disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.html
BUGTRAQ:20020419 Tomcat 4.1 real path disclosure
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://exchange.xforce.ibmcloud.com/vulnerabilities/42915
XF:tomcat-jsp-path-disclosure(42915)
CVE-2002-2010
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
2005-07-14
CVE-2002-2010
http://www.securityfocus.com/bid/5091
BID:5091
http://archives.neohapsis.com/archives/bugtraq/2002-06/0321.html
BUGTRAQ:20020626 XSS in HTDIG
http://www.iss.net/security_center/static/9433.php
XF:htdig-htsearch-xss(9433)
CVE-2002-2011
Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
2005-07-14
CVE-2002-2011
http://www.securityfocus.com/bid/4565
BID:4565
http://archives.neohapsis.com/archives/bugtraq/2002-04/0287.html
BUGTRAQ:20020419 Another Faq-O-Matic XSS Vuln?
http://www.iss.net/security_center/static/8906.php
XF:faqomatic-cgi-file-css(8906)
CVE-2002-2012
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
2005-07-14
CVE-2002-2012
http://www.securityfocus.com/bid/3796
BID:3796
http://www.securityfocus.com/advisories/3761
HP:HPSBTL0201-010
http://www.iss.net/security_center/static/7810.php
XF:apache-http-unexpected-behavior(7810)
CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
2005-07-14
CVE-2002-2013
http://www.securityfocus.com/bid/3925
BID:3925
http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html
BUGTRAQ:20020121 Mozilla Cookie Exploit
http://alive.znep.com/~marcs/security/mozillacookie/demo.html
MISC:http://alive.znep.com/~marcs/security/mozillacookie/demo.html
http://www.iss.net/security_center/static/7973.php
XF:mozilla-netscape-steal-cookies(7973)
CVE-2002-2014
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
2005-07-14
CVE-2002-2014
http://www.securityfocus.com/bid/3991
BID:3991
http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html
BUGTRAQ:20020131 Script for find domino
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html
VULN-DEV:20020130 Enumerating users on a Domino webserver
http://www.iss.net/security_center/static/8038.php
XF:lotus-domino-username-disclosure(8038)
CVE-2002-2015
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
2005-07-14
CVE-2002-2015
http://www.securityfocus.com/bid/4381
BID:4381
http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html
BUGTRAQ:20020327 postnuke v 0.7.0.3 remote command execution
http://www.iss.net/security_center/static/8699.php
XF:postnuke-caselist-include-modules(8699)
CVE-2002-2016
User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.
2005-07-14
CVE-2002-2016
http://www.securityfocus.com/bid/3973
BID:3973
http://archives.neohapsis.com/archives/bugtraq/2002-01/0338.html
BUGTRAQ:20020128 user-mode-linux problems
http://www.iss.net/security_center/static/8005.php
XF:uml-kernel-memory-access(8005)
CVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
2005-07-14
CVE-2002-2017
http://www.securityfocus.com/bid/3994
BID:3994
http://online.securityfocus.com/archive/1/253183
BUGTRAQ:20020130 sastcpd 8.0 'authprog' local root vulnerability
http://www.iss.net/security_center/static/8024.php
XF:sas-sastcpd-authprog-env(8024)
CVE-2002-2018
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
2005-07-14
CVE-2002-2018
http://www.securityfocus.com/bid/3995
BID:3995
http://online.securityfocus.com/archive/1/253183
BUGTRAQ:20020130 sastcpd 8.0 'authprog' local root vulnerability
http://www.sas.com/service/techsup/unotes/SN/004/004201.html
MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
http://securitytracker.com/id?1003406
SECTRACK:1003406
CVE-2002-2019
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
2005-07-14
CVE-2002-2019
http://www.securityfocus.com/bid/5037
BID:5037
http://archives.neohapsis.com/archives/bugtraq/2002-06/0188.html
BUGTRAQ:20020616 PHP source injection in osCommerce
http://www.oscommerce.com/about.php/news,72
CONFIRM:http://www.oscommerce.com/about.php/news,72
http://www.iss.net/security_center/static/9369.php
XF:oscommerce-include-remote-files(9369)
CVE-2002-2020
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
2005-07-14
CVE-2002-2020
http://www.securityfocus.com/bid/5036
BID:5036
http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html
BUGTRAQ:20020617 External access to Netgear RP114 "firewall"
http://www.iss.net/security_center/static/9371.php
XF:netgear-default-external-access(9371)
CVE-2002-2021
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
2005-07-14
CVE-2002-2021
http://www.securityfocus.com/bid/4512
BID:4512
http://archives.neohapsis.com/archives/bugtraq/2002-04/0163.html
BUGTRAQ:20020413 wbboard 1.1.1 Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/8841.php
XF:burningboard-bbs-css(8841)
CVE-2002-2022
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
2005-07-14
CVE-2002-2022
http://www.securityfocus.com/bid/4249
BID:4249
http://cert.uni-stuttgart.de/archive/vuln-dev/2002/03/msg00050.html
VULN-DEV:20020305 Latest Kaffe Java Virtual Machine Format Strings issue.
http://www.iss.net/security_center/static/8399.php
XF:openvm-class-format-strings(8399)
CVE-2002-2023
The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
2005-07-14
CVE-2002-2023
http://www.securityfocus.com/bid/3859
BID:3859
http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz
CONFIRM:http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz
CVE-2002-2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
2005-07-14
CVE-2002-2024
http://www.securityfocus.com/bid/4445
BID:4445
http://bugs.horde.org/show_bug.cgi?id=916
MISC:http://bugs.horde.org/show_bug.cgi?id=916
http://www.iss.net/security_center/static/8768.php
XF:imp-php-path-disclosure(8768)
CVE-2002-2025
Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.
2005-07-14
CVE-2002-2025
http://www.securityfocus.com/bid/4019
BID:4019
http://www.securityfocus.com/bid/4020
BID:4020
http://www.securityfocus.com/archive/1/253830
BUGTRAQ:20020204 KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/945e97608fda942a85256b37007905b1?OpenDocument&Highlight=0,JCHN547JWV
CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/945e97608fda942a85256b37007905b1?OpenDocument&Highlight=0,JCHN547JWV
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/a77f8a5132cce70085256b8000792112?OpenDocument&Highlight=0,JCHN4UMKLA
CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/a77f8a5132cce70085256b8000792112?OpenDocument&Highlight=0,JCHN4UMKLA
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0037.html
VULNWATCH:20020204 KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
CVE-2002-2026
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.
2005-07-14
CVE-2002-2026
http://www.securityfocus.com/bid/3781
BID:3781
http://securitytracker.com/id?1003130
SECTRACK:1003130
http://www.iss.net/security_center/static/7793.php
XF:browseftp-server-response-bo(7793)
CVE-2002-2027
Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities.
2005-07-14
CVE-2002-2027
http://www.securityfocus.com/bid/3932
BID:3932
http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc
CONFIRM:http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc
CVE-2002-2028
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
2005-07-14
CVE-2002-2028
http://www.securityfocus.com/bid/3933
BID:3933
http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html
BUGTRAQ:20020121 The "Lunch Break Hole"
http://www.heysoft.de/nt/lbh.htm
MISC:http://www.heysoft.de/nt/lbh.htm
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188700
MSKB:Q188700
CVE-2002-2029
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
2005-07-14
CVE-2002-2029
http://www.securityfocus.com/bid/3786
BID:3786
http://www.securiteam.com/windowsntfocus/5ZP030U60U.html
MISC:http://www.securiteam.com/windowsntfocus/5ZP030U60U.html
http://www.iss.net/security_center/static/7815.php
XF:apache-php-view-files(7815)
CVE-2002-2030
Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request.
2005-07-14
CVE-2002-2030
http://www.securityfocus.com/bid/3778
BID:3778
http://securitytracker.com/id?1003123
SECTRACK:1003123
http://www.iss.net/security_center/static/7821.php
XF:sqldata-enterprise-bo(7821)
CVE-2002-2031
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
2005-07-14
CVE-2002-2031
http://www.securityfocus.com/bid/3779
BID:3779
http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html
BUGTRAQ:20020103 Serious IE privacy issues
http://www.iss.net/security_center/static/7784.php
XF:ie-javascript-onerror(7784)
CVE-2002-2032
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
2005-07-14
CVE-2002-2032
http://www.securityfocus.com/bid/3906
BID:3906
http://www.securityfaq.com/unixfocus/5OP041P6BE.html
MISC:http://www.securityfaq.com/unixfocus/5OP041P6BE.html
CVE-2002-2033
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
2005-07-14
CVE-2002-2033
http://www.securityfocus.com/bid/3810
BID:3810
http://archives.neohapsis.com/archives/bugtraq/2002-01/0065.html
BUGTRAQ:20020107 Faqmanager.cgi file read vulnerability
http://www.iss.net/security_center/static/7833.php
XF:faqmanager-cgi-null-file-read(7833)
CVE-2002-2034
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.
2005-07-14
CVE-2002-2034
http://www.securityfocus.com/bid/3820
BID:3820
http://www.impsec.org/email-tools/sanitizer-changelog.html
CONFIRM:http://www.impsec.org/email-tools/sanitizer-changelog.html
http://www.iss.net/security_center/static/7847.php
XF:pes-mime-bypass-filter(7847)
CVE-2002-2035
SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form.
2005-07-14
CVE-2002-2035
http://www.securiteam.com/windowsntfocus/5CP041P75S.html
MISC:http://www.securiteam.com/windowsntfocus/5CP041P75S.html
http://www.iss.net/security_center/static/9016.php
XF:mylogin2000-sql-injection(9016)
CVE-2002-2036
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
2005-07-14
CVE-2002-2036
http://www.securityfocus.com/bid/4911
BID:4911
http://sunsolve.sun.com/search/document.do?assetkey=1-26-44069-1
SUNALERT:44069
http://www.iss.net/security_center/static/9252.php
XF:srss-nscm-unauthorized-access(9252)
CVE-2002-2037
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
2005-07-14
CVE-2002-2037
http://www.securityfocus.com/bid/3897
BID:3897
http://www.cisco.com/warp/public/707/Solaris-for-MGC-pub.shtml
CISCO:20020116 Hardening of Solaris OS for MGC
http://www.iss.net/security_center/static/7912.php
XF:cisco-mgc-exposure(7912)
CVE-2002-2038
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.
2005-07-14
CVE-2002-2038
http://www.securityfocus.com/bid/4913
BID:4913
http://www.iss.net/security_center/static/9255.php
XF:ngpt-shared-memory-dos(9255)
CVE-2002-2039
/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.
2005-07-14
2016-10-17
CVE-2002-2039
http://www.securityfocus.com/bid/4914
BID:4914
http://marc.info/?l=bugtraq&m=102312549511726&w=2
BUGTRAQ:20020603 QNX
http://www.iss.net/security_center/static/9256.php
XF:qnx-rtos-su-core-dump(9256)
CVE-2002-2040
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
2005-07-14
CVE-2002-2040
http://www.securityfocus.com/bid/4915
BID:4915
http://www.securityfocus.com/bid/4916
BID:4916
http://online.securityfocus.com/archive/1/275218
BUGTRAQ:20020603 QNX
http://www.iss.net/security_center/static/9257.php
XF:qnx-rtos-phgrafx-privileges(9257)
CVE-2002-2041
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
2005-07-14
2005-11-04
CVE-2002-2041
http://www.securityfocus.com/bid/4917
BID:4917
http://www.securityfocus.com/bid/4918
BID:4918
http://online.securityfocus.com/archive/1/275218
BUGTRAQ:20020603 QNX
http://www.iss.net/security_center/static/9258.php
XF:qnx-rtos-phlocale-bo(9258)
http://www.iss.net/security_center/static/9259.php
XF:qnx-rtos-pkginstaller-bo(9259)
CVE-2002-2042
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
2005-07-14
CVE-2002-2042
http://www.securityfocus.com/bid/4919
BID:4919
http://online.securityfocus.com/archive/1/275218
BUGTRAQ:20020603 QNX
http://www.iss.net/security_center/static/9260.php
XF:qnx-rtos-process-modification(9260)
CVE-2002-2043
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
2005-07-14
CVE-2002-2043
http://www.securityfocus.com/bid/4409
BID:4409
http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html
BUGTRAQ:20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.
http://www.iss.net/security_center/static/8748.php
XF:cyrus-sasl-patch-pop-access(8748)
CVE-2002-2044
Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action.
2005-07-14
CVE-2002-2044
http://www.securityfocus.com/bid/4281
BID:4281
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
MISC:http://www.ifrance.com/kitetoua/tuto/x_holes.txt
http://securitytracker.com/id?1003827
SECTRACK:1003827
http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
VULN-DEV:20020313 X_holes
http://www.iss.net/security_center/static/8468.php
XF:xstat-admin-php-css(8468)
CVE-2002-2045
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
2005-07-14
2017-07-10
CVE-2002-2045
http://www.securityfocus.com/bid/4279
BID:4279
http://www.securityfocus.com/bid/4280
BID:4280
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
MISC:http://www.ifrance.com/kitetoua/tuto/x_holes.txt
http://securitytracker.com/id?1003827
SECTRACK:1003827
http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
VULN-DEV:20020313 X_holes
https://exchange.xforce.ibmcloud.com/vulnerabilities/8466
XF:xstat-action-reveal-path(8466)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8467
XF:xstat-phpinfo-reveal-info(8467)
CVE-2002-2046
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
2005-07-14
2021-06-15
CVE-2002-2046
http://www.ifrance.com/kitetoua/tuto/x_holes.txt
MISC:http://www.ifrance.com/kitetoua/tuto/x_holes.txt
http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
VULN-DEV:20020313 X_holes
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file.
2005-07-14
CVE-2002-2047
http://www.securityfocus.com/bid/4296
BID:4296
http://sketch.sourceforge.net/oldnews.html#N1
CONFIRM:http://sketch.sourceforge.net/oldnews.html#N1
http://securitytracker.com/id?1003818
SECTRACK:1003818
http://www.iss.net/security_center/static/8469.php
XF:sketch-eps-command-execution(8469)
CVE-2002-2048
Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability.
2005-07-14
2016-10-17
CVE-2002-2048
http://marc.info/?l=vuln-dev&m=102321152215055&w=2
VULN-DEV:20020604 PFinger Buffer Overflow Vulnerability.
http://www.iss.net/security_center/static/9269.php
XF:pfinger-query-bo(9269)
CVE-2002-2049
configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system.
2005-07-14
CVE-2002-2049
http://www.securityfocus.com/bid/4898
BID:4898
http://archives.neohapsis.com/archives/bugtraq/2002-05/0281.html
BUGTRAQ:20020531 Trojan/backdoor in fragroute 1.2 source distribution
http://www.freebsd.org/cgi/query-pr.cgi?pr=38716
CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=38716
http://www.iss.net/security_center/static/9272.php
XF:fragroute-host-download-backdoor(9272)
CVE-2002-2050
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.
2005-07-14
CVE-2002-2050
http://www.securityfocus.com/bid/3821
BID:3821
http://jan.kneschke.de/projects/modlogan/download/ChangeLog
CONFIRM:http://jan.kneschke.de/projects/modlogan/download/ChangeLog
http://www.iss.net/security_center/static/7848.php
XF:modlogan-splitby-symlink(7848)
CVE-2002-2051
The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.
2005-07-14
2021-06-15
CVE-2002-2051
http://www.securityfocus.com/bid/3821
BID:3821
http://jan.kneschke.de/projects/modlogan/download/ChangeLog
MISC:http://jan.kneschke.de/projects/modlogan/download/ChangeLog
http://www.iss.net/security_center/static/7848.php
XF:modlogan-splitby-symlink(7848)
CVE-2002-2052
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
2005-07-14
CVE-2002-2052
http://www.securityfocus.com/bid/4947
BID:4947
http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html
BUGTRAQ:20020605 Three possible DoS attacks against some IOS versions.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html
BUGTRAQ:20020606 Re: Three possible DoS attacks against some IOS versions.
http://www.iss.net/security_center/static/9281.php
XF:cisco-ios-portscan-dos(9281)
CVE-2002-2053
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
2005-07-14
CVE-2002-2053
http://www.securityfocus.com/bid/4949
BID:4949
http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html
BUGTRAQ:20020605 Three possible DoS attacks against some IOS versions.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html
BUGTRAQ:20020606 Re: Three possible DoS attacks against some IOS versions.
http://www.iss.net/security_center/static/9283.php
XF:cisco-ios-hsrp-loop-dos(9283)
CVE-2002-2054
TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin.
2005-07-14
2016-10-17
CVE-2002-2054
http://www.securityfocus.com/bid/4925
BID:4925
http://www.ifrance.com/kitetoua/tuto/Teekai.txt
MISC:http://www.ifrance.com/kitetoua/tuto/Teekai.txt
http://marc.info/?l=vuln-dev&m=102313697923798&w=2
VULN-DEV:20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com
http://www.iss.net/security_center/static/9285.php
XF:teekais-forum-admin-access(9285)
CVE-2002-2055
Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
2005-07-14
2016-10-17
CVE-2002-2055
http://www.securityfocus.com/bid/4924
BID:4924
http://www.ifrance.com/kitetoua/tuto/Teekai.txt
MISC:http://www.ifrance.com/kitetoua/tuto/Teekai.txt
http://marc.info/?l=vuln-dev&m=102313697923798&w=2
VULN-DEV:20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com
http://www.iss.net/security_center/static/9284.php
XF:teekais-tracking-xss(9284)
CVE-2002-2056
Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie.
2005-07-14
2016-10-17
CVE-2002-2056
http://www.ifrance.com/kitetoua/tuto/Teekai.txt
MISC:http://www.ifrance.com/kitetoua/tuto/Teekai.txt
http://marc.info/?l=vuln-dev&m=102313697923798&w=2
VULN-DEV:20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com
CVE-2002-2057
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
2005-07-14
2016-10-17
CVE-2002-2057
http://www.securityfocus.com/bid/4926
BID:4926
http://www.ifrance.com/kitetoua/tuto/Teekai.txt
MISC:http://www.ifrance.com/kitetoua/tuto/Teekai.txt
http://marc.info/?l=vuln-dev&m=102313697923798&w=2
VULN-DEV:20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com
http://www.iss.net/security_center/static/9286.php
XF:teekais-forum-obtain-information(9286)
CVE-2002-2058
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
2005-07-14
CVE-2002-2058
http://www.securityfocus.com/bid/4926
BID:4926
http://online.securityfocus.com/archive/82/275246
VULN-DEV:20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com
http://www.iss.net/security_center/static/9286.php
XF:teekais-forum-obtain-information(9286)
CVE-2002-2059
BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key.
2005-07-14
CVE-2002-2059
http://www.securityfocus.com/bid/4610
BID:4610
http://archives.neohapsis.com/archives/bugtraq/2002-04/0356.html
BUGTRAQ:20020425 Intel D845HV/WN/PT series motherboard vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-05/0017.html
BUGTRAQ:20020503 Re: Intel D845HV/WN/PT series motherboard vulnerability
ftp://download.intel.com/design/motherbd/bg/P06-0027.pdf
CONFIRM:ftp://download.intel.com/design/motherbd/bg/P06-0027.pdf
ftp://download.intel.com/design/motherbd/hv/P12-0041d.pdf
CONFIRM:ftp://download.intel.com/design/motherbd/hv/P12-0041d.pdf
ftp://download.intel.com/design/motherbd/pt/P06-0027.pdf
CONFIRM:ftp://download.intel.com/design/motherbd/pt/P06-0027.pdf
ftp://download.intel.com/design/motherbd/wn/P12-0041d.pdf
CONFIRM:ftp://download.intel.com/design/motherbd/wn/P12-0041d.pdf
http://www.iss.net/security_center/static/8998.php
XF:intel-d845-change-device(8998)
CVE-2002-2060
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.
2005-07-14
CVE-2002-2060
http://www.securityfocus.com/bid/4921
BID:4921
http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog
CONFIRM:http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog
http://www.iss.net/security_center/static/9287.php
XF:links-png-image-bo(9287)
CVE-2002-2061
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
2005-07-14
2007-10-18
CVE-2002-2061
http://bugzilla.mozilla.org/show_bug.cgi?id=157202
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157202
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
CONFIRM:http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
http://www.mandriva.com/security/advisories?name=MDKSA-2002:074
MANDRAKE:MDKSA-2002:074
http://www.iss.net/security_center/static/9287.php
XF:links-png-image-bo(9287)
CVE-2002-2062
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
2005-07-14
CVE-2002-2062
http://www.securityfocus.com/bid/4954
BID:4954
http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html
BUGTRAQ:20020606 Microsoft Internet Explorer
http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html
MISC:http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html
http://www.iss.net/security_center/static/9290.php
XF:ie-ftp-name-xss(9290)
CVE-2002-2063
AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.
2005-07-14
CVE-2002-2063
http://www.securityfocus.com/bid/4620
BID:4620
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0412.html
BUGTRAQ:20020429 ITCP Advisory 13: Bypassing of ATGuard Firewall possible
http://www.iss.net/security_center/static/8962.php
XF:atguard-firewall-bypass(8962)
CVE-2002-2064
isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.
2005-07-14
CVE-2002-2064
http://www.securityfocus.com/bid/4622
BID:4622
http://www.ifrance.com/kitetoua/tuto/PWG.txt
MISC:http://www.ifrance.com/kitetoua/tuto/PWG.txt
http://seclists.org/lists/vuln-dev/2002/Apr/0270.html
VULN-DEV:20020427 Security holes in 11 products...
CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
2005-07-14
CVE-2002-2065
http://www.securityfocus.com/bid/4961
BID:4961
http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=93295
CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=93295
http://www.iss.net/security_center/static/9296.php
XF:webcalendar-inc-obtain-information(9296)
CVE-2002-2066
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
2005-07-14
2021-06-15
CVE-2002-2066
http://www.securityfocus.com/bid/3912
BID:3912
http://www.securityfocus.com/archive/1/251565
BUGTRAQ:20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
http://www.ciac.org/ciac/bulletins/m-034.shtml
CIAC:M-034
http://www.bcwipe.com/
CONFIRM:http://www.bcwipe.com/
http://www.seifried.org/security/advisories/kssa-003.html
MISC:http://www.seifried.org/security/advisories/kssa-003.html
http://www.iss.net/security_center/static/7953.php
XF:ntfs-ads-file-wipe(7953)
CVE-2002-2067
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
2005-07-14
CVE-2002-2067
http://www.securityfocus.com/bid/3912
BID:3912
http://www.securityfocus.com/archive/1/251565
BUGTRAQ:20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
http://www.ciac.org/ciac/bulletins/m-034.shtml
CIAC:M-034
http://www.east-tec.com/eraser/faq.htm
MISC:http://www.east-tec.com/eraser/faq.htm
http://www.seifried.org/security/advisories/kssa-003.html
MISC:http://www.seifried.org/security/advisories/kssa-003.html
http://www.iss.net/security_center/static/7953.php
XF:ntfs-ads-file-wipe(7953)
CVE-2002-2068
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
2005-07-14
CVE-2002-2068
http://www.securityfocus.com/bid/3912
BID:3912
http://www.securityfocus.com/archive/1/251565
BUGTRAQ:20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
http://www.ciac.org/ciac/bulletins/m-034.shtml
CIAC:M-034
http://www.seifried.org/security/advisories/kssa-003.html
MISC:http://www.seifried.org/security/advisories/kssa-003.html
http://www.iss.net/security_center/static/7953.php
XF:ntfs-ads-file-wipe(7953)
CVE-2002-2069
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
2005-07-14
CVE-2002-2069
http://www.securityfocus.com/bid/3912
BID:3912
http://www.securityfocus.com/archive/1/251565
BUGTRAQ:20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
http://www.ciac.org/ciac/bulletins/m-034.shtml
CIAC:M-034
http://www.seifried.org/security/advisories/kssa-003.html
MISC:http://www.seifried.org/security/advisories/kssa-003.html
http://www.iss.net/security_center/static/7953.php
XF:ntfs-ads-file-wipe(7953)
CVE-2002-2070
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
2005-07-14
CVE-2002-2070
http://www.securityfocus.com/bid/3912
BID:3912
http://www.securityfocus.com/archive/1/251565
BUGTRAQ:20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS
http://www.ciac.org/ciac/bulletins/m-034.shtml
CIAC:M-034
http://www.seifried.org/security/advisories/kssa-003.html
MISC:http://www.seifried.org/security/advisories/kssa-003.html
http://www.iss.net/security_center/static/7953.php
XF:ntfs-ads-file-wipe(7953)
CVE-2002-2071
Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.
2005-07-14
CVE-2002-2071
http://www.securityfocus.com/bid/4011
BID:4011
http://archives.neohapsis.com/archives/bugtraq/2002-01/0357.html
BUGTRAQ:20020130 DoS bug on Tru64
http://www.iss.net/security_center/static/8040.php
XF:tru64-nmap-portscan-dos(8040)
CVE-2002-2072
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
2005-07-14
CVE-2002-2072
http://www.securityfocus.com/bid/3992
BID:3992
http://ohhara.sarang.net/security/jvmcrash.txt
MISC:http://ohhara.sarang.net/security/jvmcrash.txt
http://securitytracker.com/id?1003418
SECTRACK:1003418
http://www.iss.net/security_center/static/8042.php
XF:sun-jre-jvm-dos(8042)
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
2005-07-14
2016-10-17
CVE-2002-2073
http://www.securityfocus.com/bid/3999
BID:3999
http://marc.info/?l=vulnwatch&m=101235440104716&w=2
VULNWATCH:20020130 RFP2201: MS Site Server Evilness
http://www.iss.net/security_center/static/8050.php
XF:siteserver-asp-css(8050)
CVE-2002-2074
SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page.
2005-07-14
CVE-2002-2074
http://www.securityfocus.com/bid/3822
BID:3822
http://dl.droso.net/mailidx-20020105.tar.gz
CONFIRM:http://dl.droso.net/mailidx-20020105.tar.gz
http://securitytracker.com/id?1003269
SECTRACK:1003269
http://www.iss.net/security_center/static/7965.php
XF:mailidx-search-input-validation(7965)
CVE-2002-2075
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
2005-07-14
CVE-2002-2075
http://archives.neohapsis.com/archives/bugtraq/2002-04/0295.html
BUGTRAQ:20020419 DOS for Icq 2001&2002
http://www.iss.net/security_center/static/8909.php
XF:icq-contacts-dos(8909)
CVE-2002-2076
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
2005-07-14
CVE-2002-2076
http://www.securityfocus.com/bid/4576
BID:4576
http://archives.neohapsis.com/archives/bugtraq/2002-04/0316.html
BUGTRAQ:20020421 Lil' HTTP Server Directory Traversal Vulnerability
http://www.iss.net/security_center/static/8913.php
XF:lilhttp-dotdot-directory-traversal(8913)
CVE-2002-2077
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
2005-07-14
CVE-2002-2077
http://www.securityfocus.com/bid/4410
BID:4410
http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm
BINDVIEW:20020402 Windows 2000 DCOM clients may leak sensitive information onto the network
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367
MSKB:Q300367
http://www.iss.net/security_center/static/8739.php
XF:win2k-dcom-memory-leak(8739)
CVE-2002-2078
Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command.
2005-07-14
CVE-2002-2078
http://www.securityfocus.com/bid/4427
BID:4427
http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html
BUGTRAQ:20020403 SECURITY.NNO: FTGate PRO/Office hotfixes
http://www.ftgate.com/knwldgbs/hotfix.htm
CONFIRM:http://www.ftgate.com/knwldgbs/hotfix.htm
http://www.security.nnov.ru/advisories/ftgate.asp
MISC:http://www.security.nnov.ru/advisories/ftgate.asp
http://www.iss.net/security_center/static/8749.php
XF:ftgate-apop-bo(8749)
CVE-2002-2079
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
2005-07-14
CVE-2002-2079
http://www.securityfocus.com/bid/4580
BID:4580
http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html
BUGTRAQ:20020423 Denial of Service in Mosix 1.5.x
http://www.iss.net/security_center/static/8927.php
XF:mosix-malformed-packet-dos(8927)
CVE-2002-2080
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
2005-07-14
CVE-2002-2080
http://www.securityfocus.com/bid/4428
BID:4428
http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html
BUGTRAQ:20020403 SECURITY.NNO: FTGate PRO/Office hotfixes
http://www.ftgate.com/knwldgbs/hotfix.htm
MISC:http://www.ftgate.com/knwldgbs/hotfix.htm
http://www.security.nnov.ru/advisories/ftgate.asp
MISC:http://www.security.nnov.ru/advisories/ftgate.asp
http://www.iss.net/security_center/static/8750.php
XF:ftgate-rcpt-to-dos(8750)
CVE-2002-2081
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
2005-07-14
CVE-2002-2081
http://www.securityfocus.com/bid/4002
BID:4002
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
VULNWATCH:20020129 RFP2201: MS Site Server Evilness
http://www.iss.net/security_center/static/8053.php
XF:siteserver-cphost-upload-dos(8053)
CVE-2002-2082
FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users.
2005-07-14
CVE-2002-2082
http://www.securityfocus.com/bid/4429
BID:4429
http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html
BUGTRAQ:20020403 SECURITY.NNO: FTGate PRO/Office hotfixes
http://www.iss.net/security_center/static/8751.php
XF:ftgate-pop3-user-dos(8751)
CVE-2002-2083
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
2005-07-14
CVE-2002-2083
http://archives.neohapsis.com/archives/bugtraq/2002-01/0151.html
BUGTRAQ:20020111 Novell Netware Login "bypass" to execute programs
CVE-2002-2084
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
2005-07-14
CVE-2002-2084
http://www.securityfocus.com/bid/4038
BID:4038
http://securitytracker.com/id?1003430
SECTRACK:1003430
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0279.html
VULN-DEV:20020131 Big Security Holes in Portix-PHP Portal
CVE-2002-2085
Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
2005-07-14
CVE-2002-2085
http://securitytracker.com/id?1003456
SECTRACK:1003456
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0369.html
VULN-DEV:20020205 Security Hole in WWWeBBB forum
CVE-2002-2086
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
2005-07-14
2017-07-10
CVE-2002-2086
http://www.securityfocus.com/bid/4666
BID:4666
http://www.securityfocus.com/bid/4667
BID:4667
http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311
http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311
http://www.squirrelmail.org/changelog.php
CONFIRM:http://www.squirrelmail.org/changelog.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/9008
XF:squirrelmail-header-xss(9008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9009
XF:squirrelmail-html-attachment-xss(9009)
CVE-2002-2087
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
2005-08-05
CVE-2002-2087
http://www.securityfocus.com/bid/5044
BID:5044
http://www.securityfocus.com/bid/5046
BID:5046
http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00222.html
BUGTRAQ:20020618 Interbase 6.0 malloc() issues
http://www.iss.net/security_center/static/9392.php
XF:interbase-interbase-variable-bo(9392)
CVE-2002-2088
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.
2005-08-05
CVE-2002-2088
http://www.securityfocus.com/bid/4581
BID:4581
http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html
BUGTRAQ:20020423 Denial of Service in Mosix 1.5.x
http://www.iss.net/security_center/static/8928.php
XF:mosix-clumpos-blank-password(8928)
CVE-2002-2089
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
2005-08-05
CVE-2002-2089
http://www.securityfocus.com/bid/5085
BID:5085
http://cert.uni-stuttgart.de/archive/vuln-dev/2002/06/msg00262.html
VULN-DEV:20020621 solaris 9 sparc rcp
http://www.iss.net/security_center/static/9411.php
XF:solaris-rcp-bo(9411)
CVE-2002-2090
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
2005-08-05
CVE-2002-2090
http://www.securityfocus.com/bid/5252
BID:5252
http://seclists.org/bugtraq/2002/Jul/0186.html
BUGTRAQ:20020717 KPMG-2002033: Resin DOS device path disclosure
CVE-2002-2091
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
2005-08-05
CVE-2002-2091
http://www.securityfocus.com/bid/5105
BID:5105
http://archives.neohapsis.com/archives/bugtraq/2002-06/0314.html
BUGTRAQ:20020625 Formatstring Vulnerability in decfingerd 0.7
http://www.iss.net/security_center/static/9434.php
XF:decfingerd-syslog-format-string(9434)
CVE-2002-2092
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
2005-08-05
2017-12-18
CVE-2002-2092
http://www.securityfocus.com/bid/3891
BID:3891
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc
FREEBSD:FreeBSD-SA-02:08
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-001.txt.asc
NETBSD:NetBSD-SA2002-001
http://www.osvdb.org/19475
OSVDB:19475
https://exchange.xforce.ibmcloud.com/vulnerabilities/7945
XF:bsd-exec-race-condition(7945)
CVE-2002-2093
The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin.
2005-08-05
2017-12-18
CVE-2002-2093
http://www.securityfocus.com/bid/3974
BID:3974
ftp://patches.sgi.com/support/free/security/advisories/20020103-01-I
SGI:20020103-01-I
https://exchange.xforce.ibmcloud.com/vulnerabilities/8016
XF:irix-o2-vcp-view-information(8016)
CVE-2002-2094
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
2005-08-05
CVE-2002-2094
http://www.securityfocus.com/bid/3908
BID:3908
http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html
BUGTRAQ:20020118 Vulnerability in hellbent
http://www.iss.net/security_center/static/7930.php
XF:hellbent-root-path-disclosure(7930)
CVE-2002-2095
Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow.
2005-08-05
CVE-2002-2095
http://www.securityfocus.com/bid/3909
BID:3909
http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html
BUGTRAQ:20020118 Vulnerability in hellbent
http://www.iss.net/security_center/static/7931.php
XF:hellbent-prefs-obtain-info(7931)
CVE-2002-2096
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
2005-08-05
CVE-2002-2096
http://www.securityfocus.com/bid/4405
BID:4405
http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html
BUGTRAQ:20020402 iXsecurity.20020313.nw6remotemanager.a
http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html
BUGTRAQ:20020406 NetWare Remote Manager patches
http://support.novell.com/servlet/tidfinder/2962026
CONFIRM:http://support.novell.com/servlet/tidfinder/2962026
http://www.iss.net/security_center/static/8736.php
XF:netware-remote-manager-bo(8736)
CVE-2002-2097
The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.
2005-08-05
2017-12-18
CVE-2002-2097
http://www.securityfocus.com/bid/3852
BID:3852
http://securitytracker.com/id?1003252
SECTRACK:1003252
https://exchange.xforce.ibmcloud.com/vulnerabilities/7972
XF:maradns-malformed-packet-dos(7972)
CVE-2002-2098
Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets.
2005-08-05
2017-12-18
CVE-2002-2098
http://www.securityfocus.com/bid/3824
BID:3824
http://www.dabo.de/software/axspawn.html
CONFIRM:http://www.dabo.de/software/axspawn.html
http://securitytracker.com/id?1003242
SECTRACK:1003242
https://exchange.xforce.ibmcloud.com/vulnerabilities/7974
XF:axspawn-pam-login-bo(7974)
CVE-2002-2099
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
2005-08-05
2017-12-18
CVE-2002-2099
http://securitytracker.com/id?1003241
SECTRACK:1003241
https://exchange.xforce.ibmcloud.com/vulnerabilities/7979
XF:ddd-home-bo(7979)
CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
2005-08-05
CVE-2002-2100
http://www.securityfocus.com/bid/4334
BID:4334
http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html
BUGTRAQ:20020320 Questionable security policies in Outlook 2002
http://www.iss.net/security_center/static/8611.php
XF:outlook-iframe-url(8611)
CVE-2002-2101
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
2005-08-05
CVE-2002-2101
http://www.securityfocus.com/bid/4337
BID:4337
http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html
BUGTRAQ:20020320 Questionable security policies in Outlook 2002
http://www.iss.net/security_center/static/8613.php
XF:outlook-href-url-javascript(8613)
CVE-2002-2102
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
2005-08-05
CVE-2002-2102
http://www.securityfocus.com/bid/4359
BID:4359
http://www.jcraft.com/jzlib/ChangeLog
CONFIRM:http://www.jcraft.com/jzlib/ChangeLog
http://www.iss.net/security_center/static/8627.php
XF:jzlib-infblocks-dos(8627)
CVE-2002-2103
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
2005-08-05
CVE-2002-2103
http://www.securityfocus.com/bid/4358
BID:4358
http://www.apache.org/dist/httpd/CHANGES_1.3
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.iss.net/security_center/static/8629.php
XF:apache-double-reverse-spoof(8629)
CVE-2002-2104
graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function.
2005-08-05
2017-12-18
CVE-2002-2104
http://www.securityfocus.com/bid/3962
BID:3962
http://securitytracker.com/id?1003376
SECTRACK:1003376
https://exchange.xforce.ibmcloud.com/vulnerabilities/7999
XF:ganglia-graph-command-execution(7999)
CVE-2002-2105
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
2005-08-05
2017-12-18
CVE-2002-2105
http://www.securityfocus.com/bid/3942
BID:3942
http://www.supernature-forum.de/vbb/printthread.php?threadid=6458
MISC:http://www.supernature-forum.de/vbb/printthread.php?threadid=6458
http://securitytracker.com/id?1003308
SECTRACK:1003308
https://exchange.xforce.ibmcloud.com/vulnerabilities/8000
XF:winxp-manifest-xml-dos(8000)
CVE-2002-2106
PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.
2005-08-05
2017-12-18
CVE-2002-2106
http://www.securityfocus.com/bid/3946
BID:3946
http://sourceforge.net/mailarchive/message.php?msg_id=185752
MLIST:[tavi-devel] 20020102 "Tavi security advisory
http://securitytracker.com/id?1003307
SECTRACK:1003307
https://exchange.xforce.ibmcloud.com/vulnerabilities/8001
XF:wikkitikkitavi-include-template(8001)
CVE-2002-2107
Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
2005-08-05
CVE-2002-2107
http://www.securityfocus.com/bid/4369
BID:4369
http://www.securiteam.com/securitynews/5BP0R1P6KE.html
MISC:http://www.securiteam.com/securitynews/5BP0R1P6KE.html
http://www.iss.net/security_center/static/8651.php
XF:openkeyserver-web-interface-css(8651)
CVE-2002-2108
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail.
2005-08-05
CVE-2002-2108
http://www.securityfocus.com/bid/3959
BID:3959
http://vaio-online.sony.com/announcement/announcement_content.html
CONFIRM:http://vaio-online.sony.com/announcement/announcement_content.html
http://vaio-online.sony.com/announcement/technical_explain.html
CONFIRM:http://vaio-online.sony.com/announcement/technical_explain.html
http://www.iss.net/security_center/static/8009.php
XF:vaio-html-gain-access(8009)
CVE-2002-2109
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
2005-08-05
CVE-2002-2109
http://www.securityfocus.com/bid/3954
BID:3954
http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html
BUGTRAQ:20020123 Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9
http://worldwidemart.com/scripts/formmail.shtml
CONFIRM:http://worldwidemart.com/scripts/formmail.shtml
http://www.iss.net/security_center/static/8012.php
XF:formmail-referer-header-spoof(8012)
CVE-2002-2110
The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device.
2005-08-05
CVE-2002-2110
http://www.securityfocus.com/bid/4375
BID:4375
http://archives.neohapsis.com/archives/bugtraq/2002-03/0335.html
BUGTRAQ:20020327 RCA cable modem Deny of Service
http://www.iss.net/security_center/static/8661.php
XF:rca-cablemodem-reset-dos(8661)
CVE-2002-2111
Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.
2005-08-05
2017-07-10
CVE-2002-2111
http://www.securityfocus.com/bid/3984
BID:3984
http://www.scaramanga.co.uk/fwmon/fwmon-1.0.10.tar.gz
CONFIRM:http://www.scaramanga.co.uk/fwmon/fwmon-1.0.10.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/8104
XF:fwmon-large-packet-bo(8104)
CVE-2002-2112
RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information.
2005-08-05
CVE-2002-2112
http://www.securityfocus.com/bid/4377
BID:4377
http://archives.neohapsis.com/archives/bugtraq/2002-03/0335.html
BUGTRAQ:20020327 RCA cable modem Deny of Service
http://archives.neohapsis.com/archives/bugtraq/2002-03/0336.html
BUGTRAQ:20020327 Re: RCA cable modem Deny of Service
http://www.iss.net/security_center/static/8662.php
XF:rca-cablemodem-snmp-public(8662)
CVE-2002-2113
search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter.
2005-08-05
CVE-2002-2113
http://www.securityfocus.com/bid/3985
BID:3985
http://www.securiteam.com/securitynews/5WP0R2K60O.html
MISC:http://www.securiteam.com/securitynews/5WP0R2K60O.html
http://www.iss.net/security_center/static/8032.php
XF:ahg-search-execute-commands(8032)
CVE-2002-2114
Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call.
2005-08-05
2017-07-10
CVE-2002-2114
http://www.securityfocus.com/bid/3988
BID:3988
http://sourceforge.net/tracker/index.php?func=detail&aid=507312&group_id=42076&atid=432052
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=507312&group_id=42076&atid=432052
https://exchange.xforce.ibmcloud.com/vulnerabilities/8101
XF:netjuke-section-command-execution(8101)
CVE-2002-2115
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML.
2005-08-05
CVE-2002-2115
http://www.securityfocus.com/bid/4102
BID:4102
http://www.h14m.org/SA/2002/hns-SA-2002-01.txt
CONFIRM:http://www.h14m.org/SA/2002/hns-SA-2002-01.txt
http://www.iss.net/security_center/static/8204.php
XF:hns-cgi-css(8204)
CVE-2002-2116
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.
2005-08-05
CVE-2002-2116
http://www.securityfocus.com/bid/4111
BID:4111
http://archives.neohapsis.com/archives/bugtraq/2002-02/0183.html
BUGTRAQ:20020215 Re: Remote DoS in Netgear RM-356
http://archives.neohapsis.com/archives/bugtraq/2002-02/0162.html
BUGTRAQ:20020215 Remote DoS in Netgear RM-356
http://www.iss.net/security_center/static/8206.php
XF:netgear-udp-portscan-dos(8206)
CVE-2002-2117
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
2005-08-05
CVE-2002-2117
http://www.safehack.com/Advisory/sh_XPDOS500.txt
MISC:http://www.safehack.com/Advisory/sh_XPDOS500.txt
http://www.iss.net/security_center/static/8207.php
XF:winxp-udp-dos(8207)
CVE-2002-2118
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL.
2005-08-05
2016-10-17
CVE-2002-2118
http://www.securityfocus.com/bid/4110
BID:4110
http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html
MISC:http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html
http://marc.info/?l=vuln-dev&m=101372618504099&w=2
VULN-DEV:20020219 RE: Blueworld WebData Engine 1.6.5
http://www.iss.net/security_center/static/8208.php
XF:lasso-webdata-dos(8208)
CVE-2002-2119
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
2005-08-05
CVE-2002-2119
http://www.securityfocus.com/bid/4893
BID:4893
http://archives.neohapsis.com/archives/bugtraq/2002-05/0273.html
BUGTRAQ:20020530 Security Implications of Novell eDirectory.
http://www.iss.net/security_center/static/9229.php
XF:novell-edirectory-insecure-passwords(9229)
CVE-2002-2120
Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10.
2005-08-05
CVE-2002-2120
http://www.securityfocus.com/bid/4905
BID:4905
http://www.securityfocus.com/bid/4906
BID:4906
http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
BUGTRAQ:20020531 Multiple vulnerabilities in QNX
http://archives.neohapsis.com/archives/bugtraq/2002-05/0293.html
BUGTRAQ:20020601 Re: Multiple vulnerabilities in QNX
http://www.iss.net/security_center/static/9236.php
XF:qnx-rtos-int10-bo(9236)
http://www.iss.net/security_center/static/9235.php
XF:qnx-rtos-watcom-bo(9235)
CVE-2002-2121
SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow.
2005-08-05
2016-10-17
CVE-2002-2121
http://www.securityfocus.com/bid/4257
BID:4257
http://marc.info/?l=vuln-dev&m=101569966118410&w=2
VULN-DEV:20020309 DoS in SurfControl's EmailFilter
http://www.iss.net/security_center/static/8424.php
XF:surfcontrol-superscout-helo-dos(8424)
CVE-2002-2122
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
2005-08-05
CVE-2002-2122
http://www.securityfocus.com/bid/4681
BID:4681
http://archives.neohapsis.com/archives/bugtraq/2002-05/0035.html
BUGTRAQ:20020507 KPMG-2002018: Pointsec for PalmOS PIN disclosure
http://www.iss.net/security_center/static/9021.php
XF:pointsec-palmos-plaintext-pin(9021)
CVE-2002-2123
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
2005-08-16
2017-07-10
CVE-2002-2123
http://www.securityfocus.com/bid/6489
BID:6489
http://www.securityfocus.com/archive/1/304611
BUGTRAQ:20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10943
XF:gallery-winxppublishing-command-execution(10943)
CVE-2002-2124
The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing.
2005-10-27
2017-07-10
CVE-2002-2124
http://www.securityfocus.com/bid/5938
BID:5938
http://www.security-express.com/archives/bugtraq/2002-10/0146.html
BUGTRAQ:20021010 nylon 0.2 (0.3?) DoS
http://secunia.com/advisories/7281
SECUNIA:7281
https://exchange.xforce.ibmcloud.com/vulnerabilities/10334
XF:nylon-recv-endless-dos(10334)
CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
2005-11-16
CVE-2002-2125
http://www.securityfocus.com/bid/5778
BID:5778
http://www.securityfocus.com/archive/1/292842
BUGTRAQ:20020923 IE6 SSL Certificate Chain Verification
http://www.iss.net/security_center/static/10180.php
XF:ie-ssl-certificate-expired(10180)
CVE-2002-2126
restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.
2005-11-16
CVE-2002-2126
http://www.securityfocus.com/bid/6295
BID:6295
http://archives.neohapsis.com/archives/bugtraq/2002-12/0021.html
BUGTRAQ:20021202 Bypassing Integrity Protection Driver (time vulnerability)
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0087.html
NTBUGTRAQ:20021203 New Integrity Protection Driver (IPD) Available
http://www.iss.net/security_center/static/10745.php
XF:ipd-change-system-clock(10745)
CVE-2002-2127
Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.
2005-11-16
2017-07-10
CVE-2002-2127
http://www.phrack.org/show.php?p=59&a=16
MISC:http://www.phrack.org/show.php?p=59&a=16
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0087.html
NTBUGTRAQ:20021203 New Integrity Protection Driver (IPD) Available
https://exchange.xforce.ibmcloud.com/vulnerabilities/10747
XF:ipd-ntcreatesymboliclinkobject-symlink(10747)
CVE-2002-2128
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.
2005-11-16
CVE-2002-2128
http://www.securityfocus.com/bid/6463
BID:6463
http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html
BUGTRAQ:20021219 XSS and PHP include bug in W-Agora
http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html
BUGTRAQ:20021220 Re: XSS and PHP include bug in W-Agora
http://www.iss.net/security_center/static/10919.php
XF:wagora-editform-file-include(10919)
CVE-2002-2129
Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.
2005-11-16
2017-07-10
CVE-2002-2129
http://www.securityfocus.com/bid/6464
BID:6464
http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html
BUGTRAQ:20021219 XSS and PHP include bug in W-Agora
http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html
BUGTRAQ:20021220 Re: XSS and PHP include bug in W-Agora
https://exchange.xforce.ibmcloud.com/vulnerabilities/10920
XF:wagora-editform-xss(10920)
CVE-2002-2130
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
2005-11-16
CVE-2002-2130
http://www.securityfocus.com/bid/6489
BID:6489
http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html
BUGTRAQ:20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0
CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0
http://www.iss.net/security_center/static/10943.php
XF:gallery-winxppublishing-command-execution(10943)
CVE-2002-2131
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.
2005-11-16
CVE-2002-2131
http://www.securityfocus.com/bid/6497
BID:6497
http://citrustech.net/~chrisj/perl-httpd/INFO.txt
MISC:http://citrustech.net/~chrisj/perl-httpd/INFO.txt
http://www.iss.net/security_center/static/10992.php
XF:perlhttpd-dotdot-directory-traversal(10992)
CVE-2002-2132
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
2005-11-16
CVE-2002-2132
http://www.securityfocus.com/bid/6483
BID:6483
http://archives.neohapsis.com/archives/bugtraq/2002-12/0250.html
BUGTRAQ:20021226 Full Disclosure: Windows File Protection Old Security Catalog Vulnerability
http://www.iss.net/security_center/static/10957.php
XF:wfp-security-catalogs(10957)
CVE-2002-2133
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
2005-11-16
2008-04-01
CVE-2002-2133
http://www.securityfocus.com/bid/6919
BID:6919
http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html
BUGTRAQ:20021228 Telindus 112x ADSL Router - Weak Password Encryption
http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html
BUGTRAQ:20030223 Weak Encryption Scheme in Telindus 112x
http://www.osvdb.org/4762
OSVDB:4762
http://www.iss.net/security_center/static/10951.php
XF:telindus-adsl-weak-encryption(10951)
CVE-2002-2134
haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file.
2005-11-16
2008-02-12
CVE-2002-2134
http://www.securityfocus.com/bid/6496
BID:6496
http://www.securityfocus.com/archive/1/304779
BUGTRAQ:20021231 PEEL (PHP)
http://www.securitytracker.com/id?1005869
SECTRACK:1005869
http://secunia.com/advisories/7797
SECUNIA:7797
http://www.iss.net/security_center/static/10960.php
XF:peel-haut-file-include(10960)
CVE-2002-2135
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1618. Reason: This candidate is a duplicate of CVE-2002-1618. Notes: All CVE users should reference CVE-2002-1618 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2135
CVE-2002-2136
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1590. Reason: This candidate is a duplicate of CVE-2002-1590. Notes: All CVE users should reference CVE-2002-1590 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2136
CVE-2002-2137
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.
2005-11-16
CVE-2002-2137
http://www.securityfocus.com/bid/6100
BID:6100
http://online.securityfocus.com/archive/1/298432
BUGTRAQ:20021103 Accesspoints disclose wep keys, password and mac filter (fwd)
http://www.iss.net/security_center/static/10536.php
XF:ieee80211b-ap-information-disclosure(10536)
CVE-2002-2138
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139.
2005-11-16
2017-10-11
CVE-2002-2138
http://www.securityfocus.com/bid/5195
BID:5195
http://online.securityfocus.com/advisories/4268
HP:HPSBUX0207-198
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5654
OVAL:oval:org.mitre.oval:def:5654
http://www.iss.net/security_center/static/9536.php
XF:hp-as-rfcnetbios-dos(9536)
CVE-2002-2139
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
2005-11-16
CVE-2002-2139
http://www.securityfocus.com/bid/6211
BID:6211
http://www.ciac.org/ciac/bulletins/n-017.shtml
CIAC:N-017
http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml
CISCO:20021120 Cisco PIX Multiple Vulnerabilities
http://www.iss.net/security_center/static/10660.php
XF:cisco-pix-isakmp-sa-mitm(10660)
CVE-2002-2140
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.
2005-11-16
CVE-2002-2140
http://www.securityfocus.com/bid/6212
BID:6212
http://www.ciac.org/ciac/bulletins/n-017.shtml
CIAC:N-017
http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml
CISCO:20021120 Cisco PIX Multiple Vulnerabilities
http://www.iss.net/security_center/static/10661.php
XF:cisco-pix-http-dos(10661)
CVE-2002-2141
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.
2005-11-16
2006-04-04
CVE-2002-2141
http://dev2dev.bea.com/pub/advisory/39
BEA:BEA02-21.00
http://www.securityfocus.com/bid/5846
BID:5846
http://www.iss.net/security_center/static/10291.php
XF:weblogic-servlet-ejb-security-removal(10291)
CVE-2002-2142
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
2005-11-16
2006-04-04
CVE-2002-2142
http://dev2dev.bea.com/pub/advisory/3
BEA:BEA02-22.00
http://www.securityfocus.com/bid/5971
BID:5971
http://www.iss.net/security_center/static/10392.php
XF:weblogic-security-policy-ignored(10392)
CVE-2002-2143
The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html.
2005-11-16
2016-11-17
CVE-2002-2143
http://www.securityfocus.com/bid/5866
BID:5866
http://www.securityfocus.com/archive/1/293871
BUGTRAQ:20021002 MySimpleNews (PHP)
http://www.iss.net/security_center/static/10298.php
XF:mysimplenews-admin-plaintext-password(10298)
CVE-2002-2144
Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters.
2005-11-16
CVE-2002-2144
http://www.securityfocus.com/bid/5888
BID:5888
http://online.securityfocus.com/archive/1/294078
BUGTRAQ:20021003 BearShare Directory Traversal Issue Resurfaces
http://www.iss.net/security_center/static/10240.php
XF:bearshare-encoded-directory-traversal(10240)
CVE-2002-2145
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
2005-11-16
CVE-2002-2145
http://www.securityfocus.com/bid/5709
BID:5709
http://online.securityfocus.com/archive/1/291791
BUGTRAQ:20020913 Savant 3.1 multiple vulnerabilities
http://www.iss.net/security_center/static/10104.php
XF:savant-protected-folder-access(10104)
CVE-2002-2146
cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request.
2005-11-16
CVE-2002-2146
http://www.securityfocus.com/bid/5706
BID:5706
http://archives.neohapsis.com/archives/bugtraq/2002-09/0151.html
BUGTRAQ:20020913 Savant 3.1 multiple vulnerabilities
http://www.iss.net/security_center/static/10102.php
XF:savant-cgitest-bo(10102)
CVE-2002-2147
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2147
CVE-2002-2148
Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response.
2005-11-16
CVE-2002-2148
http://www.securityfocus.com/bid/5335
BID:5335
http://online.securityfocus.com/archive/1/284650
BUGTRAQ:20020727 Phenoelit ADvisory 0815 ++ ** Ascend
http://www.iss.net/security_center/static/9704.php
XF:lucent-port9-information-disclosure(9704)
CVE-2002-2149
Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface.
2005-11-16
CVE-2002-2149
http://www.securityfocus.com/bid/5333
BID:5333
http://online.securityfocus.com/archive/1/284649
BUGTRAQ:20020727 Phenoelit Advisory 0815 ++ // Xedia
http://www.iss.net/security_center/static/9705.php
XF:lucent-ap-get-dos(9705)
CVE-2002-2150
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.
2005-11-16
CVE-2002-2150
http://www.securityfocus.com/bid/6023
BID:6023
http://www.kb.cert.org/vuls/id/539363
CERT-VN:VU#539363
http://www.iss.net/security_center/static/10449.php
XF:firewall-state-table-dos(10449)
CVE-2002-2151
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1651. Reason: This candidate is a duplicate of CVE-2002-1651. Notes: All CVE users should reference CVE-2002-1651 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2151
CVE-2002-2152
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
2005-11-16
CVE-2002-2152
http://www.securityfocus.com/bid/6006
BID:6006
http://online.securityfocus.com/archive/1/296119
BUGTRAQ:20021018 interSEC security advisory - Multiple bugs in Web602 web server
http://www.iss.net/security_center/static/10408.php
XF:602pro-admin-priviliges(10408)
CVE-2002-2153
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
2005-11-16
2017-07-10
CVE-2002-2153
http://www.securityfocus.com/bid/4844
BID:4844
http://www.kb.cert.org/vuls/id/467555
CERT-VN:VU#467555
http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.nextgenss.com/vna/ora-ias.txt
MISC:http://www.nextgenss.com/vna/ora-ias.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10183
XF:oracle-appserver-plsql-format-string(10183)
CVE-2002-2154
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
2005-11-16
CVE-2002-2154
http://www.securityfocus.com/bid/5792
BID:5792
http://archives.neohapsis.com/archives/bugtraq/2002-09/0298.html
BUGTRAQ:20020925 IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server
http://www.iss.net/security_center/static/10188.php
XF:monkey-dotdot-directory-traversal(10188)
CVE-2002-2155
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
2005-11-16
CVE-2002-2155
http://www.securityfocus.com/bid/5388
BID:5388
http://www.securityfocus.com/archive/1/285695
BUGTRAQ:20020801 Two more exploitable holes in the trillian irc module
http://www.iss.net/security_center/static/9761.php
XF:trillian-irc-format-string(9761)
CVE-2002-2156
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
2005-11-16
CVE-2002-2156
http://www.securityfocus.com/archive/1/285695
BUGTRAQ:20020801 Two more exploitable holes in the trillian irc module
http://www.securityfocus.com/archive/1/285639
BUGTRAQ:20020801 trillian buffer overflow
CVE-2002-2157
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1660. Reason: This candidate is a duplicate of CVE-2002-1660. Notes: All CVE users should reference CVE-2002-1660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2157
CVE-2002-2158
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.
2005-11-16
CVE-2002-2158
http://www.securityfocus.com/bid/4973
BID:4973
http://online.securityfocus.com/archive/1/276121
BUGTRAQ:20020610 [ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability
http://www.iss.net/security_center/static/9312.php
XF:zentrack-ticketid-path-disclosure(9312)
CVE-2002-2159
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access.
2005-11-16
2017-07-11
CVE-2002-2159
http://www.securityfocus.com/bid/4987
BID:4987
http://www.securiteam.com/securitynews/5OP022K7GE.html
MISC:http://www.securiteam.com/securitynews/5OP022K7GE.html
http://www.iss.net/security_center/static/9330.php
XF:linksys-etherfast-admin-enabled(9330)
CVE-2002-2160
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1798. Reason: This candidate is a duplicate of CVE-2002-1798. Notes: All CVE users should reference CVE-2002-1798 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2160
CVE-2002-2161
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood.
2005-11-16
CVE-2002-2161
http://www.securityfocus.com/bid/5570
BID:5570
http://online.securityfocus.com/archive/1/289119
BUGTRAQ:20020826 Kerio Personal Firewall DOS Vulnerability
http://www.iss.net/security_center/static/9963.php
XF:kerio-pf-synflood-dos(9963)
CVE-2002-2162
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
2005-11-16
CVE-2002-2162
http://www.securityfocus.com/bid/5677
BID:5677
http://www.securityfocus.com/archive/1/291071
BUGTRAQ:20020909 Trillian weakly encrypts saved passwords
http://www.iss.net/security_center/static/10092.php
XF:trillian-insecure-password-storage(10092)
CVE-2002-2163
KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.
2005-11-16
CVE-2002-2163
http://www.securityfocus.com/bid/4736
BID:4736
http://www.ifrance.com/kitetoua/tuto/5holes5.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes5.txt
CVE-2002-2164
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
2005-11-16
CVE-2002-2164
http://www.securityfocus.com/bid/5682
BID:5682
http://online.securityfocus.com/archive/1/291058
BUGTRAQ:20020909 Small bug crashes OE
http://archives.neohapsis.com/archives/bugtraq/2002-09/0082.html
BUGTRAQ:20020909 Small correction...
http://www.iss.net/security_center/static/10067.php
XF:outlook-express-href-dos(10067)
CVE-2002-2165
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
2005-11-16
CVE-2002-2165
http://www.securityfocus.com/bid/5238
BID:5238
http://www.securitybugware.org/Other/5537.html
MISC:http://www.securitybugware.org/Other/5537.html
http://www.iss.net/security_center/static/9615.php
XF:imho-roxen-session-hijacking(9615)
CVE-2002-2166
Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script.
2005-11-16
CVE-2002-2166
http://www.securityfocus.com/bid/5236
BID:5236
http://www.iss.net/security_center/static/9637.php
XF:fusetalk-search-xss(9637)
CVE-2002-2167
Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.
2005-11-16
CVE-2002-2167
http://www.securityfocus.com/bid/5243
BID:5243
http://online.securityfocus.com/archive/1/282404
BUGTRAQ:20020715 Again NULL and addslashes() (now in 123tkshop)
http://www.iss.net/security_center/static/9581.php
XF:123tkshop-include-read-files(9581)
CVE-2002-2168
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php.
2005-11-16
CVE-2002-2168
http://www.securityfocus.com/bid/5244
BID:5244
http://online.securityfocus.com/archive/1/282404
BUGTRAQ:20020715 Again NULL and addslashes() (now in 123tkshop)
http://www.123tkshop.org/index.php
CONFIRM:http://www.123tkshop.org/index.php
http://www.iss.net/security_center/static/9582.php
XF:123tkshop-sql-injection(9582)
CVE-2002-2169
Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
2005-11-16
CVE-2002-2169
http://www.securityfocus.com/bid/5246
BID:5246
http://online.securityfocus.com/archive/1/282443
BUGTRAQ:20020716 AIM forced behavior "issue"
http://www.mindflip.org/aim.html
MISC:http://www.mindflip.org/aim.html
http://www.iss.net/security_center/static/9616.php
XF:aim-http-refresh-functions(9616)
CVE-2002-2170
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.
2005-11-16
CVE-2002-2170
http://www.securityfocus.com/bid/5276
BID:5276
http://online.securityfocus.com/archive/1/283418
BUGTRAQ:20020720 BadBlue - Unauthorized Administrative Command Execution
http://www.iss.net/security_center/static/9642.php
XF:badblue-unauth-admin-access(9642)
CVE-2002-2171
Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL.
2005-11-16
2007-10-23
CVE-2002-2171
http://www.securityfocus.com/bid/5793
BID:5793
http://archives.neohapsis.com/archives/bugtraq/2002-09/0304.html
BUGTRAQ:20020925 IIL Advisory: Vulnerabilities in acWEB HTTP server
http://www.iss.net/security_center/static/10191.php
XF:acweb-xss(10191)
CVE-2002-2172
Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information.
2005-11-16
CVE-2002-2172
http://www.securityfocus.com/bid/5795
BID:5795
http://online.securityfocus.com/archive/1/293052
BUGTRAQ:20020925 Shana Informed 3.05 information disclosure
http://www.cirt.net/advisories/shana.shtml
MISC:http://www.cirt.net/advisories/shana.shtml
http://www.iss.net/security_center/static/10192.php
XF:informed-document-information-disclosure(10192)
CVE-2002-2173
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
2005-11-16
CVE-2002-2173
http://www.securityfocus.com/bid/5389
BID:5389
http://www.securityfocus.com/archive/1/285695
BUGTRAQ:20020801 Two more exploitable holes in the trillian irc module
http://www.iss.net/security_center/static/9764.php
XF:trillian-irc-dcc-bo(9764)
CVE-2002-2174
The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.
2005-11-16
CVE-2002-2174
http://archives.neohapsis.com/archives/bugtraq/2002-07/0518.html
BUGTRAQ:20020804 Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
http://www.iss.net/security_center/static/9768.php
XF:602pro-telnet-proxy-dos(9768)
CVE-2002-2175
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
2005-11-16
2016-10-17
CVE-2002-2175
http://www.securityfocus.com/bid/5090
BID:5090
http://marc.info/?l=bugtraq&m=102508071021631&w=2
BUGTRAQ:20020623 phpsquidpass: unauthorized user deleting
http://sourceforge.net/forum/forum.php?forum_id=188359
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=188359
http://www.iss.net/security_center/static/9417.php
XF:phpsquidpass-user-deletion(9417)
CVE-2002-2176
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
2005-11-16
CVE-2002-2176
http://www.securityfocus.com/bid/5342
BID:5342
http://online.securityfocus.com/archive/1/284691
BUGTRAQ:20020727 phpBB/gender mod allows get admin privilege, exploit/patch
http://www.iss.net/security_center/static/9692.php
XF:phpbb-gendermod-admin-privileges(9692)
CVE-2002-2177
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
2005-11-16
2006-04-04
CVE-2002-2177
http://dev2dev.bea.com/pub/advisory/38
BEA:BEA02-20.00
http://www.securityfocus.com/bid/5819
BID:5819
http://www.iss.net/security_center/static/10221.php
XF:weblogic-http-response-information(10221)
CVE-2002-2178
Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag.
2005-11-16
CVE-2002-2178
http://www.securityfocus.com/bid/5864
BID:5864
http://www.securityfocus.com/archive/1/293879
BUGTRAQ:20021002 phpWebSite XSS Vulnerability
http://www.iss.net/security_center/static/10256.php
XF:phpwebsite-img-article-xss(10256)
CVE-2002-2179
The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap.
2005-11-16
CVE-2002-2179
http://www.securityfocus.com/bid/5863
BID:5863
http://www.securityfocus.com/archive/1/293881
BUGTRAQ:20021002 Kill a Unisys Clearpath with nmap port scan
http://www.securityfocus.com/archive/1/295837
BUGTRAQ:20021017 Solution: Kill a Unisys Clearpath with nmap port scan
http://www.iss.net/security_center/static/10260.php
XF:clearpath-port-scan-dos(10260)
CVE-2002-2180
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
2005-11-16
CVE-2002-2180
http://www.securityfocus.com/bid/5861
BID:5861
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch
http://www.openbsd.org/plus32.html
OPENBSD:20021002 Incorrect argument checking in the setitimer(2) system call may allow an attacker to write to kernel memory.
http://www.iss.net/security_center/static/10278.php
XF:openbsd-setitimer-memory-overwrite(10278)
CVE-2002-2181
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.
2005-11-16
CVE-2002-2181
http://www.securityfocus.com/bid/6063
BID:6063
http://www.securityfocus.com/archive/1/297692
BUGTRAQ:20021029 Bypassing website filter in SonicWall
http://www.iss.net/security_center/static/10531.php
XF:sonicwall-content-ip-bypass(10531)
CVE-2002-2182
Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet.
2005-11-16
CVE-2002-2182
http://www.securityfocus.com/bid/5015
BID:5015
http://online.securityfocus.com/archive/1/276943
BUGTRAQ:20020613 +ALERT+ BACKDOOR IN MSN666 SNIFFER FOR SNIFFING MSN +ALERT+
http://online.securityfocus.com/archive/1/276955
BUGTRAQ:20020614 Re: +ALERT+ BACKDOOR IN MSN666 SNIFFER FOR SNIFFING MSN +ALERT+
http://www.securityfocus.com/archive/1/276958
BUGTRAQ:20020614 UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE
CVE-2002-2183
phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to include and execute arbitrary PHP scripts from remote servers.
2005-11-16
CVE-2002-2183
http://www.securityfocus.com/bid/5049
BID:5049
CVE-2002-2184
Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet.
2005-11-16
CVE-2002-2184
http://www.securityfocus.com/bid/5019
BID:5019
CVE-2002-2185
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
2005-11-16
2018-10-19
CVE-2002-2185
http://www.securityfocus.com/bid/5020
BID:5020
http://online.securityfocus.com/archive/1/276968
BUGTRAQ:20020614 IGMP denial of service vulnerability
http://www.securityfocus.com/archive/1/428028/100/0/threaded
FEDORA:FLSA:157459-1
http://www.securityfocus.com/archive/1/428058/100/0/threaded
FEDORA:FLSA:157459-2
http://www.securityfocus.com/archive/1/427980/100/0/threaded
FEDORA:FLSA:157459-3
http://www.securityfocus.com/archive/1/427981/100/0/threaded
FEDORA:FLSA:157459-4
http://www.cs.ucsb.edu/~krishna/igmp_dos/
MISC:http://www.cs.ucsb.edu/~krishna/igmp_dos/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10736
OVAL:oval:org.mitre.oval:def:10736
http://www.redhat.com/support/errata/RHSA-2006-0101.html
REDHAT:RHSA-2006:0101
http://www.redhat.com/support/errata/RHSA-2006-0140.html
REDHAT:RHSA-2006:0140
http://www.redhat.com/support/errata/RHSA-2006-0190.html
REDHAT:RHSA-2006:0190
http://www.redhat.com/support/errata/RHSA-2006-0191.html
REDHAT:RHSA-2006:0191
http://secunia.com/advisories/18510
SECUNIA:18510
http://secunia.com/advisories/18562
SECUNIA:18562
http://secunia.com/advisories/18684
SECUNIA:18684
ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A
SGI:20020901-01-A
https://exchange.xforce.ibmcloud.com/vulnerabilities/9436
XF:igmp-spoofed-report-dos(9436)
CVE-2002-2186
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
2005-11-16
CVE-2002-2186
http://www.securityfocus.com/bid/6126
BID:6126
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500
CONFIRM:http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500
http://www.iss.net/security_center/static/10570.php
XF:jrun-unicode-source-disclosure(10570)
CVE-2002-2187
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
2005-11-16
CVE-2002-2187
http://www.securityfocus.com/bid/6125
BID:6125
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500
CONFIRM:http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500
http://www.iss.net/security_center/static/10571.php
XF:jrun-log-file-disclosure(10571)
CVE-2002-2188
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
2005-11-16
CVE-2002-2188
http://www.securityfocus.com/bid/6124
BID:6124
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch
http://www.openbsd.org/errata30.html#kernresource
CONFIRM:http://www.openbsd.org/errata30.html#kernresource
http://www.openbsd.org/errata31.html#kernresource
CONFIRM:http://www.openbsd.org/errata31.html#kernresource
http://www.iss.net/security_center/static/10572.php
XF:openbsd-getrlimit-dos(10572)
CVE-2002-2189
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
2005-11-16
CVE-2002-2189
http://www.securiteam.com/windowsntfocus/5MP0C0K7PM.html
MISC:http://www.securiteam.com/windowsntfocus/5MP0C0K7PM.html
http://www.iss.net/security_center/static/9540.php
XF:activwebserver-html-xss(9540)
CVE-2002-2190
ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file.
2005-11-16
CVE-2002-2190
http://www.securityfocus.com/bid/6127
BID:6127
http://archives.neohapsis.com/archives/bugtraq/2002-11/0058.html
BUGTRAQ:20021107 Vulnerability in Cutecast Forum v1.2
http://www.iss.net/security_center/static/10556.php
XF:cutecast-forum-plaintext-passwords(10556)
CVE-2002-2191
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
2005-11-16
CVE-2002-2191
http://www.securityfocus.com/bid/6128
BID:6128
http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2
BUGTRAQ:20021107 Lotus Domino HTTP Server security issue
http://www.iss.net/security_center/static/10557.php
XF:lotus-domino-version-disclosure(10557)
CVE-2002-2192
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.
2005-11-16
CVE-2002-2192
http://www.securityfocus.com/bid/6131
BID:6131
http://www.securityfocus.com/bid/6143
BID:6143
http://online.securityfocus.com/archive/1/298987
BUGTRAQ:20021108 LiteServe Directory Index Cross-Site Scripting
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0063.html
VULNWATCH:20021107 LiteServe Directory Index Cross-Site Scripting
http://www.iss.net/security_center/static/10561.php
XF:liteserve-directory-index-xss(10561)
CVE-2002-2193
Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter.
2005-11-16
CVE-2002-2193
http://www.securityfocus.com/bid/6040
BID:6040
http://archives.neohapsis.com/archives/bugtraq/2002-10/0352.html
BUGTRAQ:20021024 XSS vulnerability in Mojo Mail Sign-Up Form
http://www.iss.net/security_center/static/10477.php
XF:mojo-mail-mojo-xss(10477)
CVE-2002-2194
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1589. Reason: This candidate is a duplicate of CVE-2002-1589. Notes: All CVE users should reference CVE-2002-1589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-11-16
2007-10-18
CVE-2002-2194
CVE-2002-2195
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
2005-11-16
CVE-2002-2195
http://www.securityfocus.com/bid/5170
BID:5170
http://online.securityfocus.com/archive/1/280786
BUGTRAQ:20020705 remote winamp 2.x exploit (all current versions)
http://www.iss.net/security_center/static/9488.php
XF:winamp-auto-update-bo(9488)
CVE-2002-2196
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
2005-11-16
2006-03-31
CVE-2002-2196
http://www.securityfocus.com/bid/5587
BID:5587
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://lists.samba.org/archive/samba-technical/2002-June/022075.html
MLIST:[samba-technical] 20020613 struct enum_csc_policy isn't terminated
http://rhn.redhat.com/errata/RHBA-2002-209.html
REDHAT:RHBA-2002:209
http://www.iss.net/security_center/static/10010.php
XF:samba-memory-structure-bo(10010)
CVE-2002-2197
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
2005-11-16
CVE-2002-2197
http://www.securityfocus.com/bid/5171
BID:5171
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45300&zone_32=45300
SUNALERT:45300
http://www.iss.net/security_center/static/9489.php
XF:solaris-poll-dos(9489)
CVE-2002-2198
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
2005-11-16
CVE-2002-2198
http://www.securityfocus.com/bid/5592
BID:5592
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.iss.net/security_center/static/10013.php
XF:zmailer-ipv6-helo-bo(10013)
CVE-2002-2199
The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection.
2005-11-16
CVE-2002-2199
http://www.securityfocus.com/bid/5588
BID:5588
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.iss.net/security_center/static/10015.php
XF:aide-conf-bypass-detection(10015)
CVE-2002-2200
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
2005-11-16
2006-03-20
CVE-2002-2200
http://www.securityfocus.com/bid/6057
BID:6057
http://seclists.org/lists/bugtraq/2002/Oct/0397.html
BUGTRAQ:20021027 dobermann FORUM (php)
http://www.iss.net/security_center/static/10492.php
XF:dobermann-php-file-include(10492)
CVE-2002-2201
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
2005-11-16
CVE-2002-2201
http://www.webmin.com/updates.html
CONFIRM:http://www.webmin.com/updates.html
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.iss.net/security_center/static/10052.php
XF:webmin-printer-shell-commands(10052)
CVE-2002-2202
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
2005-11-16
CVE-2002-2202
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0210&L=ntbugtraq&F=P&S=&P=5732
NTBUGTRAQ:20021027 OE DBX Exposure
http://www.iss.net/security_center/static/10500.php
XF:outlook-express-dbx-messages(10500)
CVE-2002-2203
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
2005-11-16
CVE-2002-2203
http://www.securityfocus.com/bid/5161
BID:5161
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45502
SUNALERT:45502
http://www.iss.net/security_center/static/9492.php
XF:solaris-serial-console-information(9492)
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
2005-11-16
CVE-2002-2204
http://www.securityfocus.com/bid/5594
BID:5594
http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html
FULLDISC:20020829 RPM verification
http://www.iss.net/security_center/static/10011.php
XF:rpm-improper-sig-verification(10011)
CVE-2002-2205
Buffer overflow in Webresolve 0.1.0 and earlier allows remote attackers to execute arbitrary code by connecting to the server from an IP address that resolves to a long hostname.
2005-11-16
CVE-2002-2205
http://www.securityfocus.com/bid/5175
BID:5175
http://siag.nu/webresolve/news-0.2.0.shtml
CONFIRM:http://siag.nu/webresolve/news-0.2.0.shtml
http://www.iss.net/security_center/static/9503.php
XF:webresolve-hostname-bo(9503)
CVE-2002-2206
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
2005-11-16
CVE-2002-2206
http://www.securityfocus.com/bid/5692
BID:5692
http://www.securityfocus.com/archive/1/291358
BUGTRAQ:20020911 Norton AntiVirus 2001 POP3 Proxy local DoS
http://archives.neohapsis.com/archives/bugtraq/2002-09/0240.html
BUGTRAQ:20020919 http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS
http://www.iss.net/security_center/static/10085.php
XF:nav-poproxy-username-dos(10085)
CVE-2002-2207
Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.
2005-11-16
2007-09-28
CVE-2002-2207
http://www.securityfocus.com/bid/5690
BID:5690
http://www.securityfocus.com/archive/1/291329
BUGTRAQ:20020911 Buffer over/underflows in ssldump prior to 0.9b3
http://www.rtfm.com/ssldump/
CONFIRM:http://www.rtfm.com/ssldump/
http://www.iss.net/security_center/static/10086.php
XF:ssldump-rsa-premastersecret-bo(10086)
CVE-2002-2208
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
2005-12-20
2018-10-19
CVE-2002-2208
http://www.securityfocus.com/bid/6443
BID:6443
http://www.securityfocus.com/archive/1/304034
BUGTRAQ:20021219 Cisco IOS EIGRP Network DoS
http://www.securityfocus.com/archive/1/304044
BUGTRAQ:20021219 Re: Cisco IOS EIGRP Network DoS
http://www.securityfocus.com/archive/1/419898/100/0/threaded
BUGTRAQ:20051220 Re: Unauthenticated EIGRP DoS
http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html
CISCO:20021220 Cisco's Response to the EIGRP Issue
http://www.cisco.com/warp/public/707/eigrp_issue.pdf
CONFIRM:http://www.cisco.com/warp/public/707/eigrp_issue.pdf
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html
FULLDISC:20051219 Unauthenticated EIGRP DoS
http://marc.info/?l=full-disclosure&m=113504451523186&w=2
FULLDISC:20051220 RE: Authenticated EIGRP DoS / Information leak
http://www.osvdb.org/18055
OSVDB:18055
http://securitytracker.com/id?1005840
SECTRACK:1005840
http://secunia.com/advisories/7766
SECUNIA:7766
https://exchange.xforce.ibmcloud.com/vulnerabilities/10903
XF:cisco-ios-eigrp-dos(10903)
CVE-2002-2209
Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.
2006-03-24
CVE-2002-2209
http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
CONFIRM:http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
CVE-2002-2210
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
2006-04-04
CVE-2002-2210
http://www.securityfocus.com/bid/5950
BID:5950
http://archives.neohapsis.com/archives/bugtraq/2002-10/0161.html
BUGTRAQ:20021011 OpenOffice 1.0.1 Race condition during installation.
http://www.iss.net/security_center/static/10346.php
XF:openofficeorg-tmpfile-symlink(10346)
CVE-2002-2211
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
2006-05-23
2018-10-19
CVE-2002-2211
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
APPLE:2002-11-21
http://www.kb.cert.org/vuls/id/457875
CERT-VN:VU#457875
http://www.securityfocus.com/archive/1/434523/100/0/threaded
HP:HPSBUX02117
http://www.securityfocus.com/archive/1/434523/100/0/threaded
HP:SSRT2400
http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
MISC:http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
http://www.kb.cert.org/vuls/id/IAFY-5FDPYP
MISC:http://www.kb.cert.org/vuls/id/IAFY-5FDPYP
http://www.kb.cert.org/vuls/id/IAFY-5FDT4U
MISC:http://www.kb.cert.org/vuls/id/IAFY-5FDT4U
http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ
MISC:http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ
http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
MISC:http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
http://secunia.com/advisories/20217
SECUNIA:20217
http://www.vupen.com/english/advisories/2006/1923
VUPEN:ADV-2006-1923
CVE-2002-2212
The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
2006-05-23
CVE-2002-2212
http://www.kb.cert.org/vuls/id/457875
CERT-VN:VU#457875
http://www.kb.cert.org/vuls/id/IAFY-5FDT5K
CONFIRM:http://www.kb.cert.org/vuls/id/IAFY-5FDT5K
http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
MISC:http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
MISC:http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
CVE-2002-2213
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
2006-05-23
CVE-2002-2213
http://www.kb.cert.org/vuls/id/457875
CERT-VN:VU#457875
http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
CONFIRM:http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
MISC:http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
MISC:http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
CVE-2002-2214
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
2006-06-14
2023-02-12
CVE-2002-2214
http://secunia.com/advisories/21202
MISC:21202
http://www.redhat.com/support/errata/RHSA-2006-0567.html
MISC:RHSA-2006:0567
http://bugs.php.net/bug.php?id=15595
MISC:http://bugs.php.net/bug.php?id=15595
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
CVE-2002-2215
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
2006-06-14
2023-02-12
CVE-2002-2215
http://bugs.php.net/bug.php?id=19280
MISC:http://bugs.php.net/bug.php?id=19280
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
CVE-2002-2216
Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information.
2006-08-17
CVE-2002-2216
http://www.soft3304.net/04WebServer/Security.html
CONFIRM:http://www.soft3304.net/04WebServer/Security.html
CVE-2002-2217
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.
2006-09-11
2017-10-18
CVE-2002-2217
http://www.securityfocus.com/bid/19896
BID:19896
http://www.securityfocus.com/bid/6251
BID:6251
http://archives.neohapsis.com/archives/bugtraq/2002-11/0303.html
BUGTRAQ:20021125 Web Server Creator - Web Portal 0.1 (PHP)
https://www.exploit-db.com/exploits/2318
EXPLOIT-DB:2318
http://www.frog-man.org/tutos/WSC-WebPortal.txt
MISC:http://www.frog-man.org/tutos/WSC-WebPortal.txt
http://securitytracker.com/id?1005712
SECTRACK:1005712
https://exchange.xforce.ibmcloud.com/vulnerabilities/28815
XF:webservercreator-customize-file-include(28815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10689
XF:webservercreator-php-file-include(10689)
CVE-2002-2218
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value.
2006-09-13
CVE-2002-2218
http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14
CONFIRM:http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14
http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log
CONFIRM:http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log
CVE-2002-2219
chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.
2006-12-21
2017-07-28
CVE-2002-2219
http://www.securityfocus.com/bid/6472
BID:6472
http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
http://www.securiteam.com/unixfocus/6C00N0K6AO.html
MISC:http://www.securiteam.com/unixfocus/6C00N0K6AO.html
http://securitytracker.com/id?1005847
SECTRACK:1005847
https://exchange.xforce.ibmcloud.com/vulnerabilities/10946
XF:chetcpasswd-shadow-file-disclosure(10946)
CVE-2002-2220
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
2006-12-21
CVE-2002-2220
http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649
CVE-2002-2221
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
2006-12-21
CVE-2002-2221
http://www.securityfocus.com/bid/21644
BID:21644
http://securitytracker.com/id?1005847
SECTRACK:1005847
http://secunia.com/advisories/23024
SECUNIA:23024
CVE-2002-2222
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
2007-02-26
2017-07-28
CVE-2002-2222
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
FREEBSD:FreeBSD-SN-02:05
http://www.openbsd.org/errata31.html#isakmpd
OPENBSD:[3.1] 010: RELIABILITY FIX: July 5, 2002
https://exchange.xforce.ibmcloud.com/vulnerabilities/9850
XF:ike-response-bo(9850)
CVE-2002-2223
Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
2007-02-26
2017-07-28
CVE-2002-2223
http://www.securityfocus.com/bid/5668
BID:5668
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
http://www.netscreen.com/support/alerts/9_6_02.htm
MISC:http://www.netscreen.com/support/alerts/9_6_02.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/9850
XF:ike-response-bo(9850)
CVE-2002-2224
Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
2007-02-26
2017-07-28
CVE-2002-2224
http://www.securityfocus.com/bid/5449
BID:5449
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
http://www.kb.cert.org/vuls/id/AAMN-5A5RXM
MISC:http://www.kb.cert.org/vuls/id/AAMN-5A5RXM
https://exchange.xforce.ibmcloud.com/vulnerabilities/9850
XF:ike-response-bo(9850)
CVE-2002-2225
SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.
2007-02-26
CVE-2002-2225
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
http://www.kb.cert.org/vuls/id/AAMN-59VTUQ
MISC:http://www.kb.cert.org/vuls/id/AAMN-59VTUQ
http://www.safenet-inc.com/knowledgebase/read_item.asp?ID=375
MISC:http://www.safenet-inc.com/knowledgebase/read_item.asp?ID=375
CVE-2002-2226
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
2007-09-23
2017-07-28
CVE-2002-2226
http://www.securityfocus.com/bid/6199
BID:6199
http://www.securityfocus.com/archive/1/300395
BUGTRAQ:20021118 TFTPD32 Buffer Overflow Vulnerability (Long filename)
http://www.kb.cert.org/vuls/id/632633
CERT-VN:VU#632633
http://tftpd32.jounin.net/
MISC:http://tftpd32.jounin.net/
http://www.securiteam.com/windowsntfocus/6C00C2061A.html
MISC:http://www.securiteam.com/windowsntfocus/6C00C2061A.html
http://securityreason.com/securityalert/3160
SREASON:3160
https://exchange.xforce.ibmcloud.com/vulnerabilities/10647
XF:tftp32-filename-bo(10647)
CVE-2002-2227
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
2007-09-25
2017-07-28
CVE-2002-2227
http://www.securityfocus.com/bid/5693
BID:5693
http://www.securityfocus.com/archive/1/291329
BUGTRAQ:20020911 Buffer over/underflows in ssldump prior to 0.9b3
http://www.rtfm.com/ssldump/
CONFIRM:http://www.rtfm.com/ssldump/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10087
XF:ssldump-sslv2-memory-corruption(10087)
CVE-2002-2228
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
2007-10-14
CVE-2002-2228
http://www.securityfocus.com/bid/6148
BID:6148
http://www.iss.net/security_center/static/10609.php
XF:mailscanner-filename-protection-bypass(10609)
CVE-2002-2229
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.
2007-10-14
CVE-2002-2229
http://www.securityfocus.com/bid/6327
BID:6327
http://archives.neohapsis.com/archives/bugtraq/2002-12/0068.html
BUGTRAQ:20021206 WebReflex Directory Traversal Vulnerability
http://www.iss.net/security_center/static/10782.php
XF:webreflex-dotdot-directory-traversal(10782)
CVE-2002-2230
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328.
2007-10-14
CVE-2002-2230
http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html
BUGTRAQ:20021004 SECURITY.NNOV: ikonboard 3.1.1 CSS
http://www.iss.net/security_center/static/10268.php
XF:ikonboard-html-image-xss(10268)
CVE-2002-2231
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header.
2007-10-14
2017-07-28
CVE-2002-2231
http://www.securityfocus.com/bid/6342
BID:6342
http://www.securityfocus.com/bid/6343
BID:6343
http://archives.neohapsis.com/archives/bugtraq/2002-12/0073.html
BUGTRAQ:20021209 SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings
http://www.iss.net/security_center/static/10797.php
XF:ikonboard-html-photo-xss(10797)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10799
XF:ikonboard-xforwardedfor-header-xss(10799)
CVE-2002-2232
Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command.
2007-10-14
CVE-2002-2232
http://www.securityfocus.com/bid/6345
BID:6345
http://archives.neohapsis.com/archives/bugtraq/2002-12/0074.html
BUGTRAQ:20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/303990
BUGTRAQ:20021219 Multiple vulnerability in Enceladus Server
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0097.html
VULNWATCH:20021209 [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/10802.php
XF:enceladus-cd-bo(10802)
CVE-2002-2233
Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..".
2007-10-14
2017-07-28
CVE-2002-2233
http://archives.neohapsis.com/archives/bugtraq/2002-12/0193.html
BUGTRAQ:20021219 Multiple vulnerability in Enceladus Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/11019
XF:enceladus-cd-directory-traversal(11019)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11020
XF:enceladus-cd-dos(11020)
CVE-2002-2234
NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests.
2007-10-14
CVE-2002-2234
http://www.securityfocus.com/bid/6245
BID:6245
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-11/0347.html
BUGTRAQ:20021125 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-11/0338.html
BUGTRAQ:20021125 Netscreen Malicious URL feature can be bypassed by fragmenting the request
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0094.html
VULNWATCH:20021125 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0093.html
VULNWATCH:20021125 Netscreen Malicious URL feature can be bypassed by fragmenting the request
http://www.iss.net/security_center/static/10699.php
XF:netscreen-fragmented-url-bypass(10699)
CVE-2002-2235
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
2007-10-14
2007-11-28
CVE-2002-2235
http://www.securityfocus.com/bid/6246
BID:6246
http://online.securityfocus.com/archive/1/301076
BUGTRAQ:20021123 vBulletin XSS Injection Vulnerability
http://securityreason.com/securityalert/3229
SREASON:3229
http://www.iss.net/security_center/static/10701.php
XF:vbulletin-member2-perpage-xss(10701)
CVE-2002-2236
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
2007-10-14
CVE-2002-2236
http://www.securityfocus.com/bid/6340
BID:6340
http://archives.neohapsis.com/archives/bugtraq/2002-12/0081.html
BUGTRAQ:20021210 Remote multiple vulnerability in apt-www-proxy.
http://www.iss.net/security_center/static/10815.php
XF:apt-www-proxy-format-string(10815)
CVE-2002-2237
tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux.
2007-10-14
2017-07-28
CVE-2002-2237
http://archives.neohapsis.com/archives/bugtraq/2002-12/0084.html
BUGTRAQ:20021210 TFTP32 DOS
http://www.kb.cert.org/vuls/id/632633
CERT-VN:VU#632633
https://exchange.xforce.ibmcloud.com/vulnerabilities/10817
XF:tftp32-dos-device-dos(10817)
CVE-2002-2238
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.
2007-10-14
2017-07-28
CVE-2002-2238
http://www.securityfocus.com/bid/6355
BID:6355
http://archives.neohapsis.com/archives/bugtraq/2002-12/0088.html
BUGTRAQ:20021210 KunaniFTP-Server v.1.0.10 allows dictionary traversal
https://exchange.xforce.ibmcloud.com/vulnerabilities/10819
XF:kunani-dotdot-directory-traversal(10819)
CVE-2002-2239
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
2007-10-14
2017-07-28
CVE-2002-2239
http://www.securityfocus.com/bid/6358
BID:6358
http://www.cisco.com/warp/public/707/osm-lc-ios-pkt-vuln-pub.shtml
CISCO:20021211 OSM Line Card Header Corruption Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10823
XF:cisco-catalyst-osm-dos(10823)
CVE-2002-2240
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
2007-10-14
2017-07-28
CVE-2002-2240
http://www.securityfocus.com/bid/6359
BID:6359
http://archives.neohapsis.com/archives/bugtraq/2002-12/0092.html
BUGTRAQ:20021211 Directory traversing bug in 'myServer' webserver.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10827
XF:myserver-dotdot-directory-traversal(10827)
CVE-2002-2241
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request.
2007-10-14
2017-07-28
CVE-2002-2241
http://www.securityfocus.com/bid/6364
BID:6364
http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html
BUGTRAQ:20021211 Denial of Service vulnerability in VisNetic Website
https://exchange.xforce.ibmcloud.com/vulnerabilities/10840
XF:visnetic-website-url-dos(10840)
CVE-2002-2242
The Apple Package Manager in KisMAC 0.02a and earlier modifies file permissions of sensitive files after installation, which could allow attackers to conduct unauthorized activities on those files.
2007-10-14
2017-07-28
CVE-2002-2242
http://www.securityfocus.com/bid/6336
BID:6336
http://securitytracker.com/id?1005764
SECTRACK:1005764
https://exchange.xforce.ibmcloud.com/vulnerabilities/10813
XF:kismac-installer-overwrite-permissions(10813)
CVE-2002-2243
Akfingerd 0.5 and possibly earlier versions only allows one connection at a time and does not time out connections, which allows remote attackers to cause a denial of service (refused connections) by opening a connection and not closing it.
2007-10-14
2017-07-28
CVE-2002-2243
http://www.securityfocus.com/bid/6323
BID:6323
http://archives.neohapsis.com/archives/bugtraq/2002-12/0049.html
BUGTRAQ:20021205 Multiple vulnerabilities in akfingerd
http://synflood.at/akfingerd
CONFIRM:http://synflood.at/akfingerd
https://exchange.xforce.ibmcloud.com/vulnerabilities/10794
XF:akfingerd-connect-dos(10794)
CVE-2002-2244
Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle.
2007-10-14
2017-07-28
CVE-2002-2244
http://www.securityfocus.com/bid/6324
BID:6324
http://archives.neohapsis.com/archives/bugtraq/2002-12/0049.html
BUGTRAQ:20021205 Multiple vulnerabilities in akfingerd
http://synflood.at/akfingerd/
CONFIRM:http://synflood.at/akfingerd/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10795
XF:akfingerd-plan-symlink-dos(10795)
CVE-2002-2245
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
2007-10-14
CVE-2002-2245
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc
NETBSD:NetBSD-SA2002-027
CVE-2002-2246
Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page.
2007-10-14
2017-07-28
CVE-2002-2246
http://www.securityfocus.com/bid/6369
BID:6369
http://archives.neohapsis.com/archives/bugtraq/2002-12/0113.html
BUGTRAQ:20021212 VisNetic WebSite XSS vulnerability through HTTP referer header
http://www.deerfield.com/products/visnetic_website/
CONFIRM:http://www.deerfield.com/products/visnetic_website/
https://exchange.xforce.ibmcloud.com/vulnerabilities/10852
XF:visnetic-website-referer-xss(10852)
CVE-2002-2247
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
2007-10-14
2017-07-28
CVE-2002-2247
http://www.securityfocus.com/bid/6376
BID:6376
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses
https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
XF:mambo-phpinfo-disclose-path(10853)
CVE-2002-2248
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
2007-10-14
2017-07-28
CVE-2002-2248
http://www.securityfocus.com/bid/6256
BID:6256
http://marc.info/?l=bugtraq&m=103834439321292&w=2
BUGTRAQ:20021126 Netscape 4 Java buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/10706
XF:netscape-applet-canconvert-bo(10706)
CVE-2002-2249
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.
2007-10-14
2017-07-28
CVE-2002-2249
http://www.securityfocus.com/bid/6260
BID:6260
http://marc.info/?l=bugtraq&m=103835200230127&w=2
BUGTRAQ:20021126 FreeNews & News Evolution (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10709
XF:newsevolution-php-file-include(10709)
CVE-2002-2250
Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allow remote attackers to execute arbitrary code via (1) a long parameter to the xp_freedll extended stored procedure or (2) a long database name argument to the DBCC CHECKVERIFY function.
2007-10-14
2017-07-28
CVE-2002-2250
http://www.securityfocus.com/bid/6266
BID:6266
http://www.securityfocus.com/bid/6269
BID:6269
http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00364.html
BUGTRAQ:20021127 ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY
http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00361.html
BUGTRAQ:20021127 ASI Sybase Security Alert: Buffer overflow in xp_freedll
http://www.appsecinc.com/resources/alerts/sybase/02-0001.html
MISC:http://www.appsecinc.com/resources/alerts/sybase/02-0001.html
http://www.appsecinc.com/resources/alerts/sybase/02-0003.html
MISC:http://www.appsecinc.com/resources/alerts/sybase/02-0003.html
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0082.html
NTBUGTRAQ:20021127 ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0080.html
NTBUGTRAQ:20021127 ASI Sybase Security Alert: Buffer overflow in xp_freedll
https://exchange.xforce.ibmcloud.com/vulnerabilities/10721
XF:sybase-dbcc-checkverify-bo(10721)
http://www.iss.net/security_center/static/10719.php
XF:sybase-xpfreedll-dll-bo(10719)
CVE-2002-2251
Buffer overflow in the changevalue function in libcgi.h for Marcos Luiz Onisto Lib CGI 0.1 allows remote attackers to execute arbitrary code via a long argument.
2007-10-14
2017-07-28
CVE-2002-2251
http://www.securityfocus.com/bid/6264
BID:6264
http://archives.neohapsis.com/archives/bugtraq/2002-11/0330.html
BUGTRAQ:20021127 Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10715
XF:libcgi-libcgih-changevalue-bo(10715)
CVE-2002-2252
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
2007-10-14
2017-07-28
CVE-2002-2252
http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html
BUGTRAQ:20021201 Thatware (PHP)
http://securitytracker.com/id?1005733
SECTRACK:1005733
https://exchange.xforce.ibmcloud.com/vulnerabilities/10759
XF:thatware-authinc-sql-injection(10759)
CVE-2002-2253
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.
2007-10-14
2017-07-28
CVE-2002-2253
http://www.securityfocus.com/bid/6294
BID:6294
http://www.securityfocus.com/bid/6299
BID:6299
http://www.securityfocus.com/bid/6300
BID:6300
http://archives.neohapsis.com/archives/bugtraq/2002-12/0019.html
BUGTRAQ:20021202 Cyrus Sieve / libSieve buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/10743
XF:cyrus-sieve-header-bo(10743)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10779
XF:cyrus-sieve-imap-bo(10779)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10780
XF:cyrus-sieve-script-bo(10780)
CVE-2002-2254
The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted.
2007-10-14
2017-07-28
CVE-2002-2254
http://www.securityfocus.com/bid/6305
BID:6305
http://archives.neohapsis.com/archives/bugtraq/2002-12/0025.html
BUGTRAQ:20021203 Local Netfilter / IPTables IP Queue PID Wrap Flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/10756
XF:linux-netfilter-obtain-information(10756)
CVE-2002-2255
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
2007-10-14
2017-07-28
CVE-2002-2255
http://www.securityfocus.com/bid/6311
BID:6311
http://archives.neohapsis.com/archives/bugtraq/2002-12/0053.html
BUGTRAQ:20021203 Cross-site Scripting Vulnerability in phpBB 2.0.3
https://exchange.xforce.ibmcloud.com/vulnerabilities/10773
XF:phpbb-search-username-xss(10773)
CVE-2002-2256
Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters.
2007-10-14
2017-07-28
CVE-2002-2256
http://www.securityfocus.com/bid/6271
BID:6271
http://archives.neohapsis.com/archives/bugtraq/2002-11/0347.html
BUGTRAQ:20021127 pWins Perl Web Server Directory Transversal Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10724
XF:pwins-dotdot-directory-traversal(10724)
CVE-2002-2257
Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.
2007-10-14
2017-07-28
CVE-2002-2257
http://www.securityfocus.com/bid/6270
BID:6270
http://archives.neohapsis.com/archives/bugtraq/2002-11/0346.html
BUGTRAQ:20021128 Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10722
XF:libcgi-cgilibc-parsefield-bo(10722)
CVE-2002-2258
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call.
2007-10-14
2017-07-28
CVE-2002-2258
http://www.securityfocus.com/bid/6277
BID:6277
http://archives.neohapsis.com/archives/bugtraq/2002-11/0364.html
BUGTRAQ:20021128 Moby NetSuite POST Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10725
XF:netsuite-post-contentlength-bo(10725)
CVE-2002-2259
Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
2007-10-18
2017-07-28
CVE-2002-2259
http://www.securityfocus.com/bid/6329
BID:6329
http://www.suse.com/de/security/2002_047_openldap2.html
SUSE:SuSE-SA:2002:047
https://exchange.xforce.ibmcloud.com/vulnerabilities/10801
XF:gnuplot-french-documentation-bo(10801)
CVE-2002-2260
Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page.
2007-10-18
2017-07-28
CVE-2002-2260
http://www.securityfocus.com/bid/6257
BID:6257
http://marc.info/?l=bugtraq&m=103837886416560&w=2
BUGTRAQ:20021126 XSS vulnerability in Bugzilla if upgraded from 2.10 or earlier
http://bugzilla.mozilla.org/show_bug.cgi?id=179329
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=179329
http://www.debian.org/security/2002/dsa-218
DEBIAN:DSA-218
https://exchange.xforce.ibmcloud.com/vulnerabilities/10707
XF:bugzilla-quips-xss(10707)
CVE-2002-2261
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
2007-10-18
2017-10-09
CVE-2002-2261
http://www.securityfocus.com/bid/6548
BID:6548
http://www.sendmail.org/8.12.7.html
CONFIRM:http://www.sendmail.org/8.12.7.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6892
OVAL:oval:org.mitre.oval:def:6892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8512
OVAL:oval:org.mitre.oval:def:8512
http://securitytracker.com/id?1005748
SECTRACK:1005748
http://secunia.com/advisories/7826
SECUNIA:7826
ftp://patches.sgi.com/support/free/security/advisories/20030101-01-P
SGI:20030101-01-P
http://www.vupen.com/english/advisories/2009/3539
VUPEN:ADV-2009-3539
https://exchange.xforce.ibmcloud.com/vulnerabilities/10775
XF:sendmail-check-relay-bypass(10775)
CVE-2002-2262
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
2007-10-18
2017-10-09
CVE-2002-2262
http://www.securityfocus.com/bid/6356
BID:6356
http://www.securityfocus.com/advisories/4764
HP:HPSBUX0212-232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4959
OVAL:oval:org.mitre.oval:def:4959
https://exchange.xforce.ibmcloud.com/vulnerabilities/10836
XF:hp-xnptd-dos(10836)
CVE-2002-2263
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
2007-10-18
2017-07-28
CVE-2002-2263
http://www.securityfocus.com/bid/6357
BID:6357
http://www.securityfocus.com/advisories/4766
HP:HPSBUX0212-232
https://exchange.xforce.ibmcloud.com/vulnerabilities/10838
XF:hp-vizualizeconf-insecure-permissions(10838)
CVE-2002-2264
Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.
2007-10-18
CVE-2002-2264
http://archives.neohapsis.com/archives/compaq/2002-q4/0013.html
HP:SSRT2266
CVE-2002-2265
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
2007-10-18
2017-07-28
CVE-2002-2265
http://www.securityfocus.com/bid/6174
BID:6174
http://archives.neohapsis.com/archives/compaq/2002-q4/0014.html
HP:SSRT2385
https://exchange.xforce.ibmcloud.com/vulnerabilities/10703
XF:tru64-osis-ldap-file-access(10703)
CVE-2002-2266
NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service (firewall session table consumption) by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours.
2007-10-18
2017-07-28
CVE-2002-2266
http://www.securityfocus.com/bid/6250
BID:6250
http://marc.info/?l=bugtraq&m=103827647621729&w=2
BUGTRAQ:20021125 Potential H.323 Denial of Service
https://exchange.xforce.ibmcloud.com/vulnerabilities/10700
XF:netscreen-h323-dos(10700)
CVE-2002-2267
bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.
2007-10-18
2017-07-28
CVE-2002-2267
http://www.securityfocus.com/bid/6278
BID:6278
http://archives.neohapsis.com/archives/bugtraq/2002-11/0367.html
BUGTRAQ:20021129 bogofilter contrib/bogopass temp file vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10726
XF:bogofilter-bogopass-symlink(10726)
CVE-2002-2268
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
2007-10-18
2017-07-28
CVE-2002-2268
http://www.securityfocus.com/bid/6289
BID:6289
http://seclists.org/lists/bugtraq/2002/Dec/0013.html
BUGTRAQ:20021201 Advisory: Webster HTTP Server
http://www.securiteam.com/windowsntfocus/6R0030A6AY.html
MISC:http://www.securiteam.com/windowsntfocus/6R0030A6AY.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10727
XF:webster-url-bo(10727)
CVE-2002-2269
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
2007-10-18
2017-07-28
CVE-2002-2269
http://www.securityfocus.com/bid/6291
BID:6291
http://www.securityfocus.com/archive/1/301893
BUGTRAQ:20021201 Advisory: Webster HTTP Server
http://securityreason.com/securityalert/3262
SREASON:3262
https://exchange.xforce.ibmcloud.com/vulnerabilities/10728
XF:webster-dotdot-directory-traversal(10728)
CVE-2002-2270
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
2007-10-18
2017-10-09
CVE-2002-2270
http://www.securityfocus.com/bid/6317
BID:6317
http://www.securityfocus.com/advisories/4742
HP:HPSBUX0212-227
http://www.securityfocus.com/advisories/4742
HP:SSRT2421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5311
OVAL:oval:org.mitre.oval:def:5311
https://exchange.xforce.ibmcloud.com/vulnerabilities/10777
XF:hp-ied-information-disclosure(10777)
CVE-2002-2271
Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string.
2007-10-18
2017-07-28
CVE-2002-2271
http://www.securiteam.com/exploits/6G003156AE.html
MISC:http://www.securiteam.com/exploits/6G003156AE.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10757
XF:bigfun-irc-dcc-dos(10757)
CVE-2002-2272
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
2007-10-18
2017-07-28
CVE-2002-2272
http://www.securityfocus.com/bid/6320
BID:6320
http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
BUGTRAQ:20021204 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
XF:tomcat-modjk-get-bo(10771)
CVE-2002-2273
Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.
2007-10-18
2017-07-28
CVE-2002-2273
http://www.securityfocus.com/bid/6292
BID:6292
http://www.securityfocus.com/archive/1/301893
BUGTRAQ:20021201 Advisory: Webster HTTP Server
http://securityreason.com/securityalert/3262
SREASON:3262
https://exchange.xforce.ibmcloud.com/vulnerabilities/10729
XF:webster-path-name-xss(10729)
CVE-2002-2274
akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file.
2007-10-18
2017-07-28
CVE-2002-2274
http://www.securityfocus.com/bid/6325
BID:6325
http://archives.neohapsis.com/archives/bugtraq/2002-12/0049.html
BUGTRAQ:20021205 Multiple vulnerabilities in akfingerd
http://synflood.at/akfingerd
CONFIRM:http://synflood.at/akfingerd
https://exchange.xforce.ibmcloud.com/vulnerabilities/10796
XF:akfingerd-read-files(10796)
CVE-2002-2275
Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe.
2007-10-18
2017-07-28
CVE-2002-2275
http://www.securityfocus.com/bid/6332
BID:6332
http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0093.html
NTBUGTRAQ:20021204 How to disable Fortres 4.1
http://securitytracker.com/id?1005766
SECTRACK:1005766
https://exchange.xforce.ibmcloud.com/vulnerabilities/10807
XF:fortres-101-bypass-restrictions(10807)
CVE-2002-2276
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
2007-10-18
2017-07-28
CVE-2002-2276
http://www.securityfocus.com/bid/6333
BID:6333
http://archives.neohapsis.com/archives/bugtraq/2002-12/0071.html
BUGTRAQ:20021207 XSS and Path Disclosure in UPB
https://exchange.xforce.ibmcloud.com/vulnerabilities/10788
XF:upb-add-path-disclosure(10788)
CVE-2002-2277
SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables.
2007-10-18
2017-07-28
CVE-2002-2277
http://www.securityfocus.com/bid/6273
BID:6273
http://archives.neohapsis.com/archives/bugtraq/2002-11/0359.html
BUGTRAQ:20021128 Security Patch for PortailPHP 0.99
https://exchange.xforce.ibmcloud.com/vulnerabilities/10735
XF:portailphp-modsearch-sql-injection(10735)
CVE-2002-2278
Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq variables.
2007-10-18
2017-07-28
CVE-2002-2278
http://archives.neohapsis.com/archives/bugtraq/2002-11/0359.html
BUGTRAQ:20021128 Security Patch for PortailPHP 0.99
https://exchange.xforce.ibmcloud.com/vulnerabilities/10738
XF:portailphp-modsearch-index-xss(10738)
CVE-2002-2279
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
2007-10-18
2017-07-28
CVE-2002-2279
http://www.securityfocus.com/bid/6310
BID:6310
http://alcastle.com/index.php?id=6&subject=%2Faldap%2F&view=CHANGE.LOG.txt
CONFIRM:http://alcastle.com/index.php?id=6&subject=%2Faldap%2F&view=CHANGE.LOG.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/10733
XF:aldap-bind-manager-access(10733)
CVE-2002-2280
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
2007-10-18
2017-07-28
CVE-2002-2280
http://www.securityfocus.com/bid/6219
BID:6219
http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html
BUGTRAQ:20021120 [OpenBSD] [syslogd] false src-IP when logging to remote syslogd
https://exchange.xforce.ibmcloud.com/vulnerabilities/10702
XF:openbsd-syslogd-incorrect-reporting(10702)
CVE-2002-2281
Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.
2007-10-18
2017-07-28
CVE-2002-2281
http://www.securityfocus.com/bid/6222
BID:6222
http://marc.info/?l=bugtraq&m=103798147613151&w=2
BUGTRAQ:20021121 [LSD] Java and JVM security vulnerabilities
http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
MISC:http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10711
XF:symantec-jit-bypass-security(10711)
CVE-2002-2282
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
2007-10-18
2017-07-28
CVE-2002-2282
http://www.securityfocus.com/bid/6288
BID:6288
http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html
BUGTRAQ:20021129 Potential Vuln in McAfee VirusScan 451
https://exchange.xforce.ibmcloud.com/vulnerabilities/10741
XF:virusscan-webscanx-dll-execution(10741)
CVE-2002-2283
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
2007-10-18
2017-08-16
CVE-2002-2283
http://www.securityfocus.com/bid/6280
BID:6280
http://archives.neohapsis.com/archives/bugtraq/2002-11/0361.html
BUGTRAQ:20021129 User downgraded from Administrator to User retains the ability to list other user
https://exchange.xforce.ibmcloud.com/vulnerabilities/10736
XF:winxp-fus-processes-disclosure(10736)
CVE-2002-2284
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
2007-10-18
2017-07-28
CVE-2002-2284
http://www.securityfocus.com/bid/6223
BID:6223
http://marc.info/?l=bugtraq&m=103798147613151&w=2
BUGTRAQ:20021121 [LSD] Java and JVM security vulnerabilities
http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
MISC:http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10714
XF:netscape-java-insecure-classes(10714)
CVE-2002-2285
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection.
2007-10-18
2017-07-28
CVE-2002-2285
http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-12/0003.html
NTBUGTRAQ:20021129 CA InoculateIT 6.0 Realtime Scanner may fail to detect vira
http://securitytracker.com/id?1005740
SECTRACK:1005740
https://exchange.xforce.ibmcloud.com/vulnerabilities/10770
XF:etrust-inoculateit-protection-bypass(10770)
CVE-2002-2286
The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null dereference.
2007-10-18
2017-07-28
CVE-2002-2286
http://www.securityfocus.com/bid/6339
BID:6339
http://archives.neohapsis.com/archives/bugtraq/2002-12/0081.html
BUGTRAQ:20021210 Remote multiple vulnerability in apt-www-proxy.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10816
XF:apt-www-proxy-dos(10816)
CVE-2002-2287
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
2007-10-18
2017-07-28
CVE-2002-2287
http://www.securityfocus.com/bid/6173
BID:6173
http://archives.neohapsis.com/archives/bugtraq/2002-11/0188.html
BUGTRAQ:20021113 Code Injection in phpBB Advanced Quick Reply Mod
https://exchange.xforce.ibmcloud.com/vulnerabilities/10617
XF:phpbb-quickreply-file-include(10617)
CVE-2002-2288
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
2007-10-18
2017-07-28
CVE-2002-2288
http://www.securityfocus.com/bid/6387
BID:6387
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses
https://exchange.xforce.ibmcloud.com/vulnerabilities/10856
XF:mambo-index-path-disclosure(10856)
CVE-2002-2289
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.
2007-10-18
2017-07-28
CVE-2002-2289
http://www.securityfocus.com/bid/6243
BID:6243
http://online.securityfocus.com/archive/1/300992
BUGTRAQ:20021124 BadBlue XSS/Information Disclosure Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html
FULLDISC:20021124 BadBlue XSS/Information Disclosure Vulnerabilities
http://securityreason.com/securityalert/3243
SREASON:3243
https://exchange.xforce.ibmcloud.com/vulnerabilities/10690
XF:badblue-soinfo-odbc-passwords(10690)
CVE-2002-2290
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
2007-10-18
2017-07-28
CVE-2002-2290
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html
BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses
https://exchange.xforce.ibmcloud.com/vulnerabilities/10857
XF:mambo-default-admin-password(10857)
CVE-2002-2291
Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow.
2007-10-18
2017-07-28
CVE-2002-2291
http://www.securityfocus.com/bid/6238
BID:6238
http://online.securityfocus.com/archive/1/300986
BUGTRAQ:20021125 SFAD02-002: Calisto Internet Talker Remote DOS
http://securityreason.com/securityalert/3241
SREASON:3241
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0090.html
VULNWATCH:20021125 SFAD02-002: Calisto Internet Talker Remote DOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/10694
XF:calisto-dos(10694)
CVE-2002-2292
Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095.
2007-10-18
2017-07-28
CVE-2002-2292
http://www.securityfocus.com/bid/6394
BID:6394
http://archives.neohapsis.com/archives/bugtraq/2002-12/0126.html
BUGTRAQ:20021213 Advisory Title: iASP Remote Console Applet Allows Remote
https://exchange.xforce.ibmcloud.com/vulnerabilities/10860
XF:iasp-dotdot-directory-traversal(10860)
CVE-2002-2293
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager.
2007-10-18
2017-07-28
CVE-2002-2293
http://www.securityfocus.com/bid/6385
BID:6385
http://archives.neohapsis.com/archives/bugtraq/2002-12/0117.html
BUGTRAQ:20021212 Password Hole Found In Webshots
https://exchange.xforce.ibmcloud.com/vulnerabilities/10863
XF:webshots-desktop-screenlock-bypass(10863)
CVE-2002-2294
Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd).
2007-10-18
2017-07-28
CVE-2002-2294
http://www.securityfocus.com/bid/6389
BID:6389
http://www.symantec.com/avcenter/security/Content/2002.12.12.html
CONFIRM:http://www.symantec.com/avcenter/security/Content/2002.12.12.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10862
XF:sef-realaudio-proxy-bo(10862)
CVE-2002-2295
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.
2007-10-18
2017-07-28
CVE-2002-2295
http://www.securityfocus.com/bid/6283
BID:6283
http://www.securityfocus.com/bid/6284
BID:6284
http://www.securityfocus.com/bid/6285
BID:6285
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0005.html
BUGTRAQ:20021201 Multiple pServ Remote Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0457.html
FULLDISC:20021130 Multiple pServ Remote Buffer Overflow Vulnerabilities
http://www.securiteam.com/securitynews/6Q0020A6AS.html
MISC:http://www.securiteam.com/securitynews/6Q0020A6AS.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10783
XF:pserv-data-stream-bo(10783)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10734
XF:pserv-http-bo(10734)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10789
XF:pserv-version-specifier-bo(10789)
CVE-2002-2296
Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.
2007-10-18
2017-07-28
CVE-2002-2296
http://www.securityfocus.com/bid/6272
BID:6272
http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html
BUGTRAQ:20021201 Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!
https://exchange.xforce.ibmcloud.com/vulnerabilities/10737
XF:yabb-xphp-xss(10737)
CVE-2002-2297
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
2007-10-18
2017-07-28
CVE-2002-2297
http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html
BUGTRAQ:20021201 Thatware (PHP)
http://securitytracker.com/id?1005733
SECTRACK:1005733
https://exchange.xforce.ibmcloud.com/vulnerabilities/10758
XF:thatware-php-file-include(10758)
CVE-2002-2298
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
2007-10-18
2017-07-28
CVE-2002-2298
http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html
BUGTRAQ:20021201 Thatware (PHP)
http://securitytracker.com/id?1005733
SECTRACK:1005733
https://exchange.xforce.ibmcloud.com/vulnerabilities/10758
XF:thatware-php-file-include(10758)
CVE-2002-2299
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
2007-10-18
2017-07-28
CVE-2002-2299
http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html
BUGTRAQ:20021201 Thatware (PHP)
http://securitytracker.com/id?1005733
SECTRACK:1005733
https://exchange.xforce.ibmcloud.com/vulnerabilities/10758
XF:thatware-php-file-include(10758)
CVE-2002-2300
Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
2007-10-18
2017-07-28
CVE-2002-2300
http://www.securityfocus.com/bid/6297
BID:6297
http://marc.info/?l=bugtraq&m=103886644126011&w=2
BUGTRAQ:20021202 [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx
http://seclists.org/lists/bugtraq/2003/Apr/0344.html
BUGTRAQ:20030427 3com NBX IP Phone Call manager Denial of Service - Update
http://www.kb.cert.org/vuls/id/317417
CERT-VN:VU#317417
http://www.secnap.com/alerts.php?pg=6
MISC:http://www.secnap.com/alerts.php?pg=6
http://securitytracker.com/id?1005732
SECTRACK:1005732
http://securitytracker.com/id?1006760
SECTRACK:1006760
https://exchange.xforce.ibmcloud.com/vulnerabilities/10739
XF:3com-nbx-cel-bo(10739)
CVE-2002-2301
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.
2007-10-18
2017-07-28
CVE-2002-2301
http://www.securityfocus.com/bid/6293
BID:6293
http://seclists.org/lists/bugtraq/2002/Dec/0012.html
BUGTRAQ:20021202 Advisory: Lawson Financials RDBMS Insecurity
https://exchange.xforce.ibmcloud.com/vulnerabilities/10742
XF:lawson-financials-insecure-authentication(10742)
CVE-2002-2302
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
2007-10-18
2017-07-28
CVE-2002-2302
http://www.securityfocus.com/bid/6296
BID:6296
http://archives.neohapsis.com/archives/bugtraq/2002-12/0018.html
BUGTRAQ:20021202 ShopFactory shopping cart price manipulation
http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html
BUGTRAQ:20030305 shopfactory shopping cart
http://www.trust-factory.com/TF20021004.html
MISC:http://www.trust-factory.com/TF20021004.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10746
XF:shopfactory-price-modification(10746)
CVE-2002-2303
3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.
2007-10-18
2017-07-28
CVE-2002-2303
http://www.securityfocus.com/bid/6296
BID:6296
http://www.securityfocus.com/archive/1/301863
BUGTRAQ:20021202 ShopFactory shopping cart price manipulation
http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html
BUGTRAQ:20030305 shopfactory shopping cart
http://securityreason.com/securityalert/3263
SREASON:3263
https://exchange.xforce.ibmcloud.com/vulnerabilities/10746
XF:shopfactory-price-modification(10746)
CVE-2002-2304
SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter.
2007-10-18
2017-07-28
CVE-2002-2304
http://www.securityfocus.com/bid/6395
BID:6395
http://archives.neohapsis.com/archives/bugtraq/2002-12/0134.html
BUGTRAQ:20021214 MyPHPLinks (PHP) : SQL Injection
https://exchange.xforce.ibmcloud.com/vulnerabilities/10864
XF:myphplinks-index-sql-injection(10864)
CVE-2002-2305
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter.
2007-10-18
2017-07-28
CVE-2002-2305
http://archives.neohapsis.com/archives/bugtraq/2002-11/0307.html
BUGTRAQ:20021125 Immobilier 1 (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10705
XF:immobilier-agentadmin-sql-injection(10705)
CVE-2002-2306
Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to cause a denial of service (CPU consumption) by sending several large messages.
2007-10-19
2017-07-28
CVE-2002-2306
http://www.securityfocus.com/bid/5317
BID:5317
http://online.securityfocus.com/archive/1/284315
BUGTRAQ:20020725 KaZaa v1.7.1 Denial of Service Attack
https://exchange.xforce.ibmcloud.com/vulnerabilities/9672
XF:kazaa-large-msg-dos(9672)
CVE-2002-2307
The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20.
2007-10-26
CVE-2002-2307
http://www.securityfocus.com/bid/5279
BID:5279
http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt
MISC:http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt
http://www.iss.net/security_center/static/9644.php
XF:benhur-protected-port-scan(9644)
CVE-2002-2308
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.
2007-10-26
CVE-2002-2308
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000600.html
FULLDISC:20020720 Netscape Communicator META Refresh Denial of Service
http://www.iss.net/security_center/static/9645.php
XF:netscape-meta-refresh-dos(9645)
CVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
2007-10-26
CVE-2002-2309
http://www.securityfocus.com/bid/5280
BID:5280
http://online.securityfocus.com/archive/1/283586
BUGTRAQ:20020721 PHP Resource Exhaustion Denial of Service
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000605.html
FULLDISC:20020720 PHP Resource Exhaustion Denial of Service
http://www.iss.net/security_center/static/9646.php
XF:php-no-argument-dos(9646)
CVE-2002-2310
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
2007-10-26
CVE-2002-2310
http://www.securiteam.com/securitynews/5DP0T0K7PY.html
MISC:http://www.securiteam.com/securitynews/5DP0T0K7PY.html
http://securitytracker.com/id?1004825
SECTRACK:1004825
http://www.iss.net/security_center/static/9648.php
XF:clickcartpro-unauth-database-access-access(9648)
CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
2007-10-26
CVE-2002-2311
http://www.securityfocus.com/bid/5290
BID:5290
http://online.securityfocus.com/archive/1/283866
BUGTRAQ:20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8
http://online.securityfocus.com/archive/1/284068
BUGTRAQ:20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8
http://www.iss.net/security_center/static/9653.php
XF:ie-ctrl-file-upload(9653)
CVE-2002-2312
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.
2007-10-26
CVE-2002-2312
http://www.securityfocus.com/bid/5290
BID:5290
http://online.securityfocus.com/archive/1/283866
BUGTRAQ:20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8
http://online.securityfocus.com/archive/1/284096
BUGTRAQ:20020724 Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8
CVE-2002-2313
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer.
2007-10-26
CVE-2002-2313
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000644.html
FULLDISC:20020724 REFRESH: EUDORA MAIL 5.1.1
http://www.iss.net/security_center/static/9654.php
XF:eudora-mhtml-execute-files(9654)
CVE-2002-2314
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
2007-10-26
CVE-2002-2314
http://www.securityfocus.com/bid/5293
BID:5293
http://seclists.org/bugtraq/2002/Jul/0260.html
BUGTRAQ:20020724 Mozilla cookie stealing - Sandblad advisory #9
http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html
BUGTRAQ:20020918 Mozilla vulnerabilities, an update
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
CONFIRM:http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074
MANDRAKE:MDKSA-2002:074
http://bugzilla.mozilla.org/show_bug.cgi?id=152725
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=152725
http://www.iss.net/security_center/static/9656.php
XF:mozilla-javascript-steal-cookies(9656)
CVE-2002-2315
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
2007-10-26
CVE-2002-2315
http://www.securityfocus.com/bid/4786
BID:4786
http://online.securityfocus.com/archive/1/273421
BUGTRAQ:20020521 Cisco IOS ICMP redirect DoS
http://online.securityfocus.com/archive/1/273488
BUGTRAQ:20020521 Cisco IOS ICMP redirect DoS - Cisco's response
http://www.iss.net/security_center/static/9129.php
XF:cisco-ios-icmp-redirect-dos(9129)
CVE-2002-2316
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing.
2007-10-26
CVE-2002-2316
http://www.securityfocus.com/bid/4790
BID:4790
http://archives.neohapsis.com/archives/bugtraq/2002-05/0190.html
BUGTRAQ:20020520 Catalyst 4000
http://archives.neohapsis.com/archives/bugtraq/2002-06/0209.html
BUGTRAQ:20020618 Re: Catalyst 4000 - Cisco's Response
http://www.iss.net/security_center/static/9148.php
XF:cisco-catalyst-unicast-traffic(9148)
CVE-2002-2317
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
2007-10-26
CVE-2002-2317
http://www.securityfocus.com/bid/5909
BID:5909
http://www.symantec.com/techsupp/enterprise/products/sym_velociraptor/sym_velociraptor_1/files.html
CONFIRM:http://www.symantec.com/techsupp/enterprise/products/sym_velociraptor/sym_velociraptor_1/files.html
http://www.iss.net/security_center/static/10317.php
XF:velociraptor-memory-leak(10317)
CVE-2002-2318
Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.
2007-10-26
CVE-2002-2318
http://www.securityfocus.com/bid/5435
BID:5435
http://seclists.org/lists/bugtraq/2002/Aug/0158.html
BUGTRAQ:20020808 Cross-Site Scripting Issues in Falcon Web Server
http://lists.grok.org.uk/pipermail/full-disclosure/2002-August/000934.html
FULLDISC:20020808 Cross-Site Scripting Issues in Falcon Web Server
http://www.iss.net/security_center/static/9812.php
XF:falcon-error-msg-xss(9812)
CVE-2002-2319
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.
2007-10-26
CVE-2002-2319
http://www.securityfocus.com/bid/5865
BID:5865
http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html
BUGTRAQ:20021002 MySimpleNews (PHP)
http://www.iss.net/security_center/static/10296.php
XF:mysimplenews-users-news-php(10296)
CVE-2002-2320
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3.
2007-10-26
CVE-2002-2320
http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html
BUGTRAQ:20021002 MySimpleNews (PHP)
http://www.iss.net/security_center/static/10299.php
XF:mysimplenews-vider-delete-news(10299)
CVE-2002-2321
Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
2007-10-26
CVE-2002-2321
http://www.securityfocus.com/bid/5890
BID:5890
http://archives.neohapsis.com/archives/bugtraq/2002-10/0065.html
BUGTRAQ:20021003 phpLinkat XSS Security Bug
http://www.iss.net/security_center/static/10269.php
XF:phplinkat-url-showcat-xss(10269)
CVE-2002-2322
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
2007-10-26
CVE-2002-2322
http://www.securityfocus.com/bid/5858
BID:5858
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
BUGTRAQ:20021002 Multiple Web Security Holes
http://www.iss.net/security_center/static/10300.php
XF:upb-url-view-php(10300)
CVE-2002-2323
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
2007-10-26
CVE-2002-2323
http://www.securityfocus.com/bid/5281
BID:5281
http://sunsolve.sun.com/search/document.do?assetkey=1-26-27807-1
SUNALERT:27807
http://www.iss.net/security_center/static/9665.php
XF:sun-pcnetlink-acl-permissions(9665)
CVE-2002-2324
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
2007-10-26
CVE-2002-2324
http://www.securityfocus.com/bid/5894
BID:5894
http://archives.neohapsis.com/archives/bugtraq/2002-10/0070.html
BUGTRAQ:20021004 WinXP Pro(Gold) Insecure System Restore File Permissions
http://www.iss.net/security_center/static/10279.php
XF:winxp-systemrestore-directory-access(10279)
CVE-2002-2325
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
2007-10-26
CVE-2002-2325
http://www.securityfocus.com/bid/5301
BID:5301
http://online.securityfocus.com/archive/1/284086
BUGTRAQ:20020724 Denial of Service bug in Pine 4.44
http://www.iss.net/security_center/static/9668.php
XF:pine-blank-boundary-dos(9668)
CVE-2002-2326
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
2007-10-26
CVE-2002-2326
http://www.securityfocus.com/bid/5303
BID:5303
http://archives.neohapsis.com/archives/bugtraq/2002-07/0276.html
BUGTRAQ:20020724 Apple OSX and iDisk and Mail.app
http://archives.neohapsis.com/archives/bugtraq/2002-07/0281.html
BUGTRAQ:20020724 Re: Apple OSX and iDisk and Mail.app
http://www.iss.net/security_center/static/9670.php
XF:macos-idisk-insecure-password(9670)
CVE-2002-2327
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
2007-10-26
CVE-2002-2327
http://www.securityfocus.com/bid/5288
BID:5288
http://sunsolve.sun.com/search/document.do?assetkey=1-26-43908-1
SUNALERT:43908
http://www.iss.net/security_center/static/9675.php
XF:sun-fire-subsystem-dos(9675)
CVE-2002-2328
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
2007-10-26
CVE-2002-2328
http://www.securityfocus.com/bid/4804
BID:4804
http://online.securityfocus.com/archive/1/273771
BUGTRAQ:20020523 Microsoft Active Directory security vulnerability
http://www.iss.net/security_center/static/9159.php
XF:ms-active-directory-dos(9159)
CVE-2002-2329
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
2007-10-26
CVE-2002-2329
http://www.securityfocus.com/bid/5295
BID:5295
http://online.securityfocus.com/archive/1/284036
BUGTRAQ:20020724 Icq 2001&2002 vulnerability
http://www.iss.net/security_center/static/9677.php
XF:icq-emoticons-dos(9677)
CVE-2002-2330
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.
2007-10-26
CVE-2002-2330
http://www.securityfocus.com/bid/5316
BID:5316
http://online.securityfocus.com/archive/1/284254
BUGTRAQ:20020725 Uninets StatsPlus 1.25 script injection vulnerabilities
http://www.iss.net/security_center/static/9678.php
XF:statsplus-stat-script-injection(9678)
CVE-2002-2331
W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
2007-10-26
CVE-2002-2331
http://www.securityfocus.com/bid/5314
BID:5314
http://online.securityfocus.com/archive/1/284232
BUGTRAQ:20020725 Medium security hole affecting W3Mail
http://www.iss.net/security_center/static/9680.php
XF:w3mail-mime-attachment-execution(9680)
CVE-2002-2332
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
2007-10-26
CVE-2002-2332
http://www.securityfocus.com/bid/5717
BID:5717
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html
BUGTRAQ:20020915 Bug in Opera and Konqueror
http://www.iss.net/security_center/static/10126.php
XF:opera-konqueror-image-dos(10126)
CVE-2002-2333
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
2007-10-26
CVE-2002-2333
http://www.securityfocus.com/bid/5721
BID:5721
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html
BUGTRAQ:20020915 Bug in Opera and Konqueror
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0177.html
BUGTRAQ:20020917 Re: Bug in Opera and Konqueror
http://www.iss.net/security_center/static/10126.php
XF:opera-konqueror-image-dos(10126)
CVE-2002-2334
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.
2007-10-26
CVE-2002-2334
http://www.securityfocus.com/bid/5732
BID:5732
http://online.securityfocus.com/archive/1/292138
BUGTRAQ:20020917 joe editor backup problem
http://www.iss.net/security_center/static/10125.php
XF:joe-backup-suid-files(10125)
CVE-2002-2335
Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.
2007-10-26
CVE-2002-2335
http://www.securityfocus.com/bid/5905
BID:5905
http://online.securityfocus.com/archive/1/294208
BUGTRAQ:20021006 phpSecurePages & Killer Protection ( PHP )
http://www.iss.net/security_center/static/10315.php
XF:killer-protection-vars-password(10315)
CVE-2002-2336
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
2007-10-29
CVE-2002-2336
http://www.securityfocus.com/bid/5917
BID:5917
http://online.securityfocus.com/archive/1/294411
BUGTRAQ:20021008 Multiple Vendor PC firewall remote denial of services Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-10/0156.html
BUGTRAQ:20021008 Re: Multiple Vendor PC firewall remote denial of services Vulnerability
http://www.iss.net/security_center/static/10314.php
XF:firewall-autoblock-spoofing-dos(10314)
CVE-2002-2337
Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
2007-10-29
CVE-2002-2337
http://www.securityfocus.com/bid/5917
BID:5917
http://online.securityfocus.com/archive/1/294411
BUGTRAQ:20021008 Multiple Vendor PC firewall remote denial of services Vulnerability
http://www.securityfocus.com/archive/1/315631
BUGTRAQ:20030319 Easy DoS on Kaspersky Anti-Hacker v1.0
CVE-2002-2338
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
2007-10-29
CVE-2002-2338
http://www.securityfocus.com/bid/5002
BID:5002
http://online.securityfocus.com/archive/1/276628
BUGTRAQ:20020612 Another small DoS on Mozilla <= 1.0 through pop3
http://www.securityfocus.com/archive/1/276946
BUGTRAQ:20020614 Another small DoS on Mozilla <= 1.0 through pop3
http://bugzilla.mozilla.org/show_bug.cgi?id=144228
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=144228
http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
CONFIRM:http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074
MANDRAKE:MDKSA-2002:074
http://www.iss.net/security_center/static/9343.php
XF:mozilla-netscape-pop3-dos(9343)
CVE-2002-2339
Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.
2007-10-29
CVE-2002-2339
http://www.securityfocus.com/bid/5915
BID:5915
http://online.securityfocus.com/archive/1/294299
BUGTRAQ:20021008 SSGbook (ASP)
http://archives.neohapsis.com/archives/bugtraq/2003-10/0009.html
BUGTRAQ:20031001 Re: SSGbook (ASP)
http://www.iss.net/security_center/static/10331.php
XF:ss-guestbook-img-xss(10331)
CVE-2002-2340
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
2007-10-29
2016-10-17
CVE-2002-2340
http://www.securityfocus.com/bid/4739
BID:4739
http://www.ifrance.com/kitetoua/tuto/5holes5.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes5.txt
http://www.phorum.org/changelog.txt
MISC:http://www.phorum.org/changelog.txt
http://marc.info/?l=vuln-dev&m=102121925428844&w=2
VULN-DEV:20020512 Security holes : Pseudo-Frame, PG, KvPoll, Phorum, BanMat
CVE-2002-2341
Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
2007-10-29
CVE-2002-2341
http://www.securityfocus.com/bid/4755
BID:4755
http://online.securityfocus.com/archive/1/272935
BUGTRAQ:20020517 Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service
http://www.iss.net/security_center/static/9103.php
XF:sonicwall-soho3-script-injection(9103)
CVE-2002-2342
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
2007-10-29
2016-10-17
CVE-2002-2342
http://www.securityfocus.com/bid/4738
BID:4738
http://www.ifrance.com/kitetoua/tuto/5holes5.txt
MISC:http://www.ifrance.com/kitetoua/tuto/5holes5.txt
http://marc.info/?l=vuln-dev&m=102121925428844&w=2
VULN-DEV:20020512 Security holes : Pseudo-Frame, PG, KvPoll, Phorum, BanMat
CVE-2002-2343
Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.
2007-10-29
CVE-2002-2343
http://www.securityfocus.com/bid/4740
BID:4740
http://archives.neohapsis.com/archives/bugtraq/2002-05/0107.html
BUGTRAQ:20020514 NOCC: cross-site-scripting bug
http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=555897&group_id=12177&atid=112177
http://www.iss.net/security_center/static/9071.php
XF:nocc-webmail-css(9071)
CVE-2002-2344
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.
2007-10-29
CVE-2002-2344
http://www.securityfocus.com/bid/5418
BID:5418
http://xwss.org/thread.jsp?forum=107&thread=864
MISC:http://xwss.org/thread.jsp?forum=107&thread=864
http://securitytracker.com/id?1004938
SECTRACK:1004938
CVE-2002-2345
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
2007-10-29
CVE-2002-2345
http://www.securityfocus.com/bid/7395
BID:7395
http://otn.oracle.com/deploy/security/pdf/2002alert39rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert39rev1.pdf
http://www.iss.net/security_center/static/9841.php
XF:oracle-appserver-webcachepw-unencrypted(9841)
CVE-2002-2346
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
2007-10-29
CVE-2002-2346
http://www.securityfocus.com/bid/5923
BID:5923
http://online.securityfocus.com/archive/1/294560
BUGTRAQ:20021009 phpBB2 Showing users ip adresses
http://www.iss.net/security_center/static/10323.php
XF:phpbb-avatar-ip-address(10323)
CVE-2002-2347
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
2007-10-29
CVE-2002-2347
http://www.securityfocus.com/bid/5452
BID:5452
http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf
http://www.iss.net/security_center/static/9842.php
XF:oracle-appserver-ojsp-xss(9842)
CVE-2002-2348
Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter.
2007-10-29
CVE-2002-2348
http://www.securityfocus.com/bid/5932
BID:5932
http://www.securityfocus.com/archive/1/294624
BUGTRAQ:20021009 XSS in Authoria HR Suite
http://www.iss.net/security_center/static/10324.php
XF:authoria-hr-athcgi-xss(10324)
CVE-2002-2349
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
2007-10-29
CVE-2002-2349
http://www.securityfocus.com/bid/5942
BID:5942
http://www.securityfocus.com/archive/1/294701
BUGTRAQ:20021010 phpBBmod contains an open phpinfo
http://www.iss.net/security_center/static/10335.php
XF:phpbbmod-phpinfo-information-disclosure(10335)
CVE-2002-2350
Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.
2007-10-29
CVE-2002-2350
http://archives.neohapsis.com/archives/bugtraq/2002-10/0152.html
BUGTRAQ:20021010 XSS bug in Zorum 2.4
http://www.iss.net/security_center/static/10337.php
XF:zorum-zusershow-xss(10337)
CVE-2002-2351
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
2007-10-29
CVE-2002-2351
http://www.securityfocus.com/bid/5432
BID:5432
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00142.html
BUGTRAQ:20020807 Eudora attachment spoof
http://www.eudora.com/download/eudora/windows/5.2/RelNotes.txt
CONFIRM:http://www.eudora.com/download/eudora/windows/5.2/RelNotes.txt
CVE-2002-2352
The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.
2007-10-29
2007-11-28
CVE-2002-2352
http://www.securityfocus.com/bid/6191
BID:6191
http://online.securityfocus.com/archive/1/300073
BUGTRAQ:20021116 NBActiveX Sure ActiveX Big Vulnerability
http://securityreason.com/securityalert/3317
SREASON:3317
http://www.iss.net/security_center/static/10645.php
XF:neobook-nbaactivex-execute-programs(10645)
CVE-2002-2353
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
2007-10-29
2009-11-24
CVE-2002-2353
http://www.securityfocus.com/bid/6198
BID:6198
http://www.kb.cert.org/vuls/id/632633
CERT-VN:VU#632633
http://tftpd32.jounin.net/
CONFIRM:http://tftpd32.jounin.net/
http://www.securiteam.com/windowsntfocus/6D00D2061G.html
MISC:http://www.securiteam.com/windowsntfocus/6D00D2061G.html
http://www.iss.net/security_center/static/10646.php
XF:tftp32-directory-traversal(10646)
CVE-2002-2354
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
2007-10-29
CVE-2002-2354
http://www.securityfocus.com/bid/5940
BID:5940
http://www.securityfocus.com/archive/1/294702
BUGTRAQ:20021010 TCP flood against NetGear FM114P
http://www.iss.net/security_center/static/10340.php
XF:netgear-fm114p-tcp-dos(10340)
CVE-2002-2355
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
2007-10-29
CVE-2002-2355
http://www.securityfocus.com/bid/5943
BID:5943
http://www.securityfocus.com/archive/1/294740
BUGTRAQ:20021010 Plain text DDNS password in NetGear FM114P backups
http://www.iss.net/security_center/static/10341.php
XF:netgear-fm114p-plaintext-ddns(10341)
CVE-2002-2356
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
2007-10-29
CVE-2002-2356
http://www.hamweather.net/hw3/hw2securityalert.shtml
CONFIRM:http://www.hamweather.net/hw3/hw2securityalert.shtml
http://securitytracker.com/id?1005270
SECTRACK:1005270
http://www.iss.net/security_center/static/10182.php
XF:hamweather-hwadmin-web-admin(10182)
CVE-2002-2357
MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.
2007-10-29
CVE-2002-2357
http://www.securityfocus.com/bid/6197
BID:6197
http://archives.neohapsis.com/archives/bugtraq/2002-11/0236.html
BUGTRAQ:20021117 MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-
http://www.iss.net/security_center/static/10652.php
XF:mailenable-pop3-server-dos(10652)
CVE-2002-2358
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
2007-10-29
CVE-2002-2358
http://www.securityfocus.com/bid/5401
BID:5401
http://online.securityfocus.com/archive/1/286151
BUGTRAQ:20020806 Opera FTP View Cross-Site Scripting Vulnerability
http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47
MISC:http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0061.html
VULNWATCH:20020806 Opera FTP View Cross-Site Scripting Vulnerability
http://www.iss.net/security_center/static/9757.php
XF:multiple-ftp-view-xss(9757)
CVE-2002-2359
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
2007-10-29
CVE-2002-2359
http://www.securityfocus.com/bid/5403
BID:5403
http://bugzilla.mozilla.org/show_bug.cgi?id=154030
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=154030
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html
VULNWATCH:20020806 Mozilla FTP View Cross-Site Scripting Vulnerability
http://www.iss.net/security_center/static/9757.php
XF:multiple-ftp-view-xss(9757)
CVE-2002-2360
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
2007-10-29
CVE-2002-2360
http://www.securityfocus.com/bid/5591
BID:5591
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html
BUGTRAQ:20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)
http://www.securiteam.com/unixfocus/5CP0R1P80G.html
MISC:http://www.securiteam.com/unixfocus/5CP0R1P80G.html
http://www.iss.net/security_center/static/9983.php
XF:webmin-cgi-improper-permissions(9983)
CVE-2002-2361
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
2007-10-29
CVE-2002-2361
http://www.securityfocus.com/bid/5579
BID:5579
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html
BUGTRAQ:20020827 Yahoo Messenger Install Secuirty
http://www.iss.net/security_center/static/9984.php
XF:yahoo-installer-insecure-connection(9984)
CVE-2002-2362
Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.
2007-10-29
CVE-2002-2362
http://www.securityfocus.com/bid/6035
BID:6035
http://www.securityfocus.com/archive/1/296861
BUGTRAQ:20021023 XSS bug in MyMarket 1.71
http://www.iss.net/security_center/static/10470.php
XF:mymarket-formheader-xss(10470)
CVE-2002-2363
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
2007-10-29
CVE-2002-2363
http://www.securityfocus.com/bid/5583
BID:5583
http://archives.neohapsis.com/archives/hp/2002-q3/0064.html
HP:HPSBUX0208-214
http://www.iss.net/security_center/static/9993.php
XF:hp-vje-gain-privileges(9993)
CVE-2002-2364
Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.
2007-10-29
CVE-2002-2364
http://www.securityfocus.com/bid/5124
BID:5124
http://www.iss.net/security_center/static/9452.php
XF:phpticket-html-xss(9452)
CVE-2002-2365
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
2007-10-31
CVE-2002-2365
http://www.securityfocus.com/bid/5127
BID:5127
http://archives.neohapsis.com/archives/bugtraq/2002-06/0390.html
BUGTRAQ:20020630 Simple Wais 1.11 allows users to execute commands as SWAIS deamon.
http://www.iss.net/security_center/static/9453.php
XF:swais-command-execution(9453)
CVE-2002-2366
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
2007-10-31
CVE-2002-2366
http://www.securityfocus.com/bid/5601
BID:5601
http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html
BUGTRAQ:20020831 Trillian XML parser buffer overflow
http://www.iss.net/security_center/static/9999.php
XF:trillian-xml-parser-bo(9999)
CVE-2002-2367
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.
2007-10-31
CVE-2002-2367
http://www.securityfocus.com/bid/5149
BID:5149
http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.html
BUGTRAQ:20020703 NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))
http://www.iss.net/security_center/static/9484.php
XF:socks5-hostname-offbyone-bo(9484)
CVE-2002-2368
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
2007-10-31
CVE-2002-2368
http://www.securityfocus.com/bid/5145
BID:5145
http://www.securityfocus.com/bid/5147
BID:5147
http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.html
BUGTRAQ:20020703 NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))
http://www.iss.net/security_center/static/9485.php
XF:socks-username-bo(9485)
CVE-2002-2369
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
2007-10-31
CVE-2002-2369
http://www.securityfocus.com/bid/6042
BID:6042
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/0372.html
BUGTRAQ:20021024 [SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability
http://www.securityoffice.net/articles/liteserve/
MISC:http://www.securityoffice.net/articles/liteserve/
http://www.iss.net/security_center/static/10468.php
XF:perception-liteserve-file-access(10468)
CVE-2002-2370
SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline.
2007-10-31
CVE-2002-2370
http://www.securityfocus.com/bid/5664
BID:5664
http://archives.neohapsis.com/archives/bugtraq/2002-09/0011.html
BUGTRAQ:20020902 SWS Web Server v0.1.0 Exploit
http://www.iss.net/security_center/static/10005.php
XF:sws-webserver-newline-dos(10005)
CVE-2002-2371
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
2007-10-31
CVE-2002-2371
http://www.securityfocus.com/bid/6046
BID:6046
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00375.html
BUGTRAQ:20021025 Linksys WET11 crashes when sent an ethernet frame from its own MAC address
http://www.linksys.com/download/vertxt/WET11_fw_ver.TXT
CONFIRM:http://www.linksys.com/download/vertxt/WET11_fw_ver.TXT
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0045.html
VULNWATCH:20021025 Linksys WET11 crashes when sent an ethernet frame from its own MAC address
http://www.iss.net/security_center/static/10472.php
XF:linksys-wet11-ethernet-dos(10472)
CVE-2002-2372
The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.
2007-10-31
CVE-2002-2372
http://www.securityfocus.com/bid/6047
BID:6047
http://archives.neohapsis.com/archives/bugtraq/2002-10/0364.html
BUGTRAQ:20021025 IBM Infoprint Remote Management Simple DoS
http://www.iss.net/security_center/static/10474.php
XF:ibm-infoprint-telnet-dos(10474)
CVE-2002-2373
The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.
2007-10-31
CVE-2002-2373
http://www.securityfocus.com/bid/6052
BID:6052
http://www.securityfocus.com/archive/1/297250
BUGTRAQ:20021026 TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem
http://www.iss.net/security_center/static/10476.php
XF:apple-laserwriter-telnet-access(10476)
CVE-2002-2374
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
2007-10-31
CVE-2002-2374
http://www.securityfocus.com/bid/5540
BID:5540
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113176-01-1&searchclause=113176
CONFIRM:http://sunsolve.sun.com/search/document.do?assetkey=1-21-113176-01-1&searchclause=113176
CVE-2002-2375
Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information.
2007-10-31
CVE-2002-2375
http://archives.neohapsis.com/archives/bugtraq/2002-07/0016.html
BUGTRAQ:20020702 CommuniGate Pro directory listings
http://www.iss.net/security_center/static/9463.php
XF:communigatepro-view-dir-listings(9463)
CVE-2002-2376
Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605.
2007-10-31
CVE-2002-2376
http://www.securityfocus.com/bid/5128
BID:5128
http://www.securityfocus.com/bid/5129
BID:5129
http://archives.neohapsis.com/archives/bugtraq/2002-06/0388.html
BUGTRAQ:20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)
http://www.iss.net/security_center/static/9469.php
XF:eguest-html-xss(9469)
http://www.iss.net/security_center/static/9470.php
XF:eguest-ssi-command-execution(9470)
CVE-2002-2377
Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field.
2007-10-31
CVE-2002-2377
http://www.securityfocus.com/bid/5130
BID:5130
http://www.securityfocus.com/bid/5131
BID:5131
http://online.securityfocus.com/archive/1/279707
BUGTRAQ:20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)
http://www.iss.net/security_center/static/9471.php
XF:zapbook-entry-xss(9471)
http://www.iss.net/security_center/static/9472.php
XF:zapbook-ssi-command-execution(9472)
CVE-2002-2378
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
2007-10-31
CVE-2002-2378
http://www.securityfocus.com/bid/6054
BID:6054
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00387.html
BUGTRAQ:20021028 [SNS Advisory No.57] AN HTTPD Cross-site Scripting Vulnerability
http://www.iss.net/security_center/static/10487.php
XF:an-http-colon-xss(10487)
CVE-2002-2379
** DISPUTED **
Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor.
2007-10-31
CVE-2002-2379
http://www.securityfocus.com/bid/6059
BID:6059
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00397.html
BUGTRAQ:20021028 CISCO as5350 crashes with nmap connect scan
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00411.html
BUGTRAQ:20021029 Re: CISCO as5350 crashes with nmap connect scan
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00413.html
BUGTRAQ:20021029 Re: CISCO as5350 crashes with nmap connect scan
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00420.html
BUGTRAQ:20021029 Re: CISCO as5350 crashes with nmap connect scan
http://www.cisco.com/en/US/products/hw/univgate/ps501/products_security_notice09186a008024dba2.html
CISCO:20021029 Response to BugTraq - Cisco AS5350 Crashes with nmap Connect Scan
http://www.iss.net/security_center/static/10522.php
XF:cisco-as5350-portscan-dos(10522)
CVE-2002-2380
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
2007-10-31
CVE-2002-2380
http://www.securityfocus.com/bid/6064
BID:6064
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00416.html
BUGTRAQ:20021029 Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up
http://www.iss.net/security_center/static/10498.php
XF:netdsl-msn-default-account(10498)
CVE-2002-2381
Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.
2007-10-31
CVE-2002-2381
http://www.securityfocus.com/bid/6062
BID:6062
http://gtetrinet.sourceforge.net/
CONFIRM:http://gtetrinet.sourceforge.net/
http://www.debian.org/security/2002/dsa-205
DEBIAN:DSA-205
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-11/0303.html
GENTOO:200211-006
http://securitytracker.com/id?1005497
SECTRACK:1005497
http://www.iss.net/security_center/static/10511.php
XF:gtetrinet-multiple-functions-bo(10511)
CVE-2002-2382
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
2007-10-31
CVE-2002-2382
http://www.securityfocus.com/bid/6150
BID:6150
http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html
MLIST:[freebsd-security] 20021109 Security issue in net/cvsup-mirror port
http://www.iss.net/security_center/static/10610.php
XF:cvsup-cvsupd-out-symlink(10610)
CVE-2002-2383
SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names.
2007-10-31
2017-07-28
CVE-2002-2383
http://www.securityfocus.com/bid/5123
BID:5123
https://exchange.xforce.ibmcloud.com/vulnerabilities/9596
XF:f2html-sql-injection(9596)
CVE-2002-2384
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
2007-10-31
CVE-2002-2384
http://www.securityfocus.com/bid/6155
BID:6155
http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html
BUGTRAQ:20021110 Multiple Vuln. in Hotfoon.com
http://www.iss.net/security_center/static/10591.php
XF:hotfoon-plaintext-passwords(10591)
CVE-2002-2385
Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.
2007-10-31
CVE-2002-2385
http://www.securityfocus.com/bid/6156
BID:6156
http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html
BUGTRAQ:20021110 Multiple Vuln. in Hotfoon.com
http://www.iss.net/security_center/static/10593.php
XF:hotfoon-phone-number-bo(10593)
CVE-2002-2386
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
2007-10-31
CVE-2002-2386
http://archives.neohapsis.com/archives/bugtraq/2002-11/0131.html
BUGTRAQ:20021110 xoops Quizz Module IMG bug
http://www.blocus-zone.com/modules/news/article.php?storyid=180
MISC:http://www.blocus-zone.com/modules/news/article.php?storyid=180
http://www.iss.net/security_center/static/10594.php
XF:xoops-quiz-module-xss(10594)
CVE-2002-2387
Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command.
2007-10-31
CVE-2002-2387
http://www.mollensoft.com/news.htm
CONFIRM:http://www.mollensoft.com/news.htm
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0069.html
VULNWATCH:20021112 [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability
http://www.iss.net/security_center/static/10599.php
XF:hyperion-dotdot-directory-traversal(10599)
CVE-2002-2388
Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.
2007-10-31
CVE-2002-2388
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0070.html
VULNWATCH:20021112 [SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability
http://www.iss.net/security_center/static/10601.php
XF:inweb-helo-command-bo(10601)
CVE-2002-2389
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
2007-10-31
CVE-2002-2389
http://www.securityfocus.com/bid/5250
BID:5250
http://www.securityfocus.com/archive/1/295325
BUGTRAQ:20021014 TheServer log file access password in cleartext w/vendor resolution.
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html
FULLDISC:20020717 TheServer cleartext password sillyness.
http://securitytracker.com/id?1004799
SECTRACK:1004799
http://www.iss.net/security_center/static/9624.php
XF:fastlink-theserver-plaintext-passwords(9624)
CVE-2002-2390
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
2007-10-31
CVE-2002-2390
http://www.securityfocus.com/bid/5733
BID:5733
http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html
BUGTRAQ:20020918 Trillian .74 and below, ident flaw.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html
BUGTRAQ:20020918 trillian DoS: trillian 1.0 pro also vulnerable
http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html
FULLDISC:20020917 Trillian .74 and below, ident flaw.
http://www.iss.net/security_center/static/10118.php
XF:trillian-identd-bo(10118)
CVE-2002-2391
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
2007-10-31
CVE-2002-2391
http://www.securityfocus.com/bid/6165
BID:6165
http://archives.neohapsis.com/archives/bugtraq/2002-11/0136.html
BUGTRAQ:20021112 WebChat for XOOPS RC3 SQL INJECTION
http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00258.html
BUGTRAQ:20021116 XOOPS WebChat module - patch UPDATE
http://www.iss.net/security_center/static/10606.php
XF:xoops-webchat-sql-injection(10606)
CVE-2002-2392
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
2007-10-31
CVE-2002-2392
http://www.securityfocus.com/bid/5266
BID:5266
http://seclists.org/bugtraq/2002/Jul/0205.html
BUGTRAQ:20020717 WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)
http://www.iss.net/security_center/static/9630.php
XF:winamp-wsz-code-execution(9630)
CVE-2002-2393
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
2007-10-31
CVE-2002-2393
http://www.securityfocus.com/bid/6112
BID:6112
http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html
BUGTRAQ:20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability
http://www.iss.net/security_center/static/10573.php
XF:servu-mkd-command-dos(10573)
CVE-2002-2394
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
2007-11-01
CVE-2002-2394
http://www.securityfocus.com/bid/5697
BID:5697
http://www.securityfocus.com/archive/1/291538
BUGTRAQ:20020912 Bypassing TrendMicro InterScan VirusWall
http://www.iss.net/security_center/static/10106.php
XF:interscan-chunked-transfer-bypass(10106)
CVE-2002-2395
InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.
2007-11-01
CVE-2002-2395
http://www.securityfocus.com/bid/5701
BID:5701
http://www.securityfocus.com/archive/1/291538
BUGTRAQ:20020912 Bypassing TrendMicro InterScan VirusWall
http://www.iss.net/security_center/static/10107.php
XF:interscan-gzip-content-bypass(10107)
CVE-2002-2396
Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.
2007-11-01
CVE-2002-2396
http://www.securityfocus.com/bid/5760
BID:5760
http://www.netric.org/advisories/netric-adv010.txt
MISC:http://www.netric.org/advisories/netric-adv010.txt
http://www.iss.net/security_center/static/10142.php
XF:atftp-strcpy-bo(10142)
CVE-2002-2397
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
2007-11-01
CVE-2002-2397
http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html
MISC:http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html
http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html
MISC:http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html
http://www.derkeiler.com/Mailing-Lists/VulnWatch/2002-09/0015.html
VULNWATCH:20020916 NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability
http://www.iss.net/security_center/static/10108.php
XF:sygate-firewall-ip-spoofing(10108)
CVE-2002-2398
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.
2007-11-01
2007-11-28
CVE-2002-2398
http://www.securityfocus.com/bid/6167
BID:6167
http://online.securityfocus.com/archive/1/299536
BUGTRAQ:20021112 APBoard - post threads to protected forums and possibility to hijack forum-password
http://securityreason.com/securityalert/3332
SREASON:3332
http://www.iss.net/security_center/static/10611.php
XF:apboard-protected-forum-bypass(10611)
CVE-2002-2399
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
2007-11-01
CVE-2002-2399
http://www.securityfocus.com/bid/6170
BID:6170
http://archives.neohapsis.com/archives/bugtraq/2002-11/0150.html
BUGTRAQ:20021112 Fresh hole in W3Mail (fwd)
http://www.iss.net/security_center/static/10612.php
XF:w3mail-argument-read-files(10612)
CVE-2002-2400
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
2007-11-01
2016-10-17
CVE-2002-2400
http://www.securityfocus.com/bid/6172
BID:6172
http://marc.info/?l=bugtraq&m=103720432411860&w=2
BUGTRAQ:20021113 Remote Buffer Overflow vulnerability in Lib HTTPd.
http://archives.neohapsis.com/archives/bugtraq/2002-11/0305.html
BUGTRAQ:20021124 LibHTTPD Vulnerability and fix
http://www.securiteam.com/unixfocus/6H00I2060I.html
MISC:http://www.securiteam.com/unixfocus/6H00I2060I.html
http://www.iss.net/security_center/static/10615.php
XF:libhttpd-httpdprocessrequest-bo(10615)
CVE-2002-2401
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
2007-11-01
CVE-2002-2401
http://www.securityfocus.com/bid/5740
BID:5740
http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html
BUGTRAQ:20020918 Execution Rights Not Checked Correctly For 16-bit Applications
http://www.abtrusion.com/msexe16.asp
MISC:http://www.abtrusion.com/msexe16.asp
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;319458
MSKB:319458
http://www.iss.net/security_center/static/10132.php
XF:win-execute-permissions-16bit(10132)
CVE-2002-2402
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
2007-11-01
2016-10-17
CVE-2002-2402
http://www.securityfocus.com/bid/6176
BID:6176
http://marc.info/?l=bugtraq&m=103722782812519&w=2
BUGTRAQ:20021113 Default SNMP community in Surecom Broadband Router
http://www.iss.net/security_center/static/10621.php
XF:surecom-default-snmp-string(10621)
CVE-2002-2403
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
2007-11-01
2007-11-28
CVE-2002-2403
http://www.securityfocus.com/bid/6180
BID:6180
http://www.securityfocus.com/archive/1/299742
BUGTRAQ:20021113 KeyFocus KF Web Server File Disclosure Vulnerability
http://www.keyfocus.net/kfws/support/
CONFIRM:http://www.keyfocus.net/kfws/support/
http://securityreason.com/securityalert/3331
SREASON:3331
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
VULNWATCH:20021113 KeyFocus KF Web Server File Disclosure Vulnerability
http://www.iss.net/security_center/static/10622.php
XF:keyfocus-get-directory-traversal(10622)
CVE-2002-2404
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
2007-11-01
2016-10-17
CVE-2002-2404
http://www.securityfocus.com/bid/6183
BID:6183
http://marc.info/?l=bugtraq&m=103729432602720&w=2
BUGTRAQ:20021114 IISPop remote DOS
http://www.iss.net/security_center/static/10632.php
XF:iispop-email-server-bo(10632)
CVE-2002-2405
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
2007-11-01
CVE-2002-2405
http://www.securityfocus.com/bid/5744
BID:5744
http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html
BUGTRAQ:20020918 Firewall-1 –HTTP Security Server - Proxy vulnerability
http://www.iss.net/security_center/static/10139.php
XF:fw1-http-proxy-bypass(10139)
CVE-2002-2406
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
2007-11-01
CVE-2002-2406
http://www.securityfocus.com/bid/6192
BID:6192
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0075.html
VULNWATCH:20021117 LiteServe URL Decoding DoS
http://www.iss.net/security_center/static/10644.php
XF:liteserve-percent-character-dos(10644)
CVE-2002-2407
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
2007-11-01
CVE-2002-2407
http://www.securityfocus.com/bid/6206
BID:6206
http://archives.neohapsis.com/archives/bugtraq/2002-11/0255.html
BUGTRAQ:20021119 Multiple incorrect permissions in QNX.
http://www.iss.net/security_center/static/10656.php
XF:qnx-rtos-improper-permissions(10656)
CVE-2002-2408
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.
2007-11-01
CVE-2002-2408
http://www.securityfocus.com/bid/6209
BID:6209
http://www.gordano.com/kb.htm?q=1709
CONFIRM:http://www.gordano.com/kb.htm?q=1709
http://securitytracker.com/id?1005650
SECTRACK:1005650
http://www.iss.net/security_center/static/10657.php
XF:gmsmail-juce-filter-bypass(10657)
CVE-2002-2409
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
2007-11-01
CVE-2002-2409
http://www.securityfocus.com/bid/6207
BID:6207
http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html
BUGTRAQ:20021119 Clipboard in QNX Photon
http://www.iss.net/security_center/static/10658.php
XF:qnx-photon-view-clipboard(10658)
CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
2007-11-01
CVE-2002-2410
http://www.securityfocus.com/bid/6232
BID:6232
http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html
BUGTRAQ:20021119 Open WebMail 1.71 "background" magic info
http://www.iss.net/security_center/static/10684.php
XF:open-webmail-information-disclosure(10684)
CVE-2002-2411
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
2007-11-01
2017-07-28
CVE-2002-2411
http://www.securityfocus.com/bid/4782
BID:4782
http://seclists.org/lists/bugtraq/2002/May/0183.html
BUGTRAQ:20020520 CAPZLOCK SECURITY ADVISORY NO. 1
https://exchange.xforce.ibmcloud.com/vulnerabilities/9115
XF:bannerwheel-badmin-cgi-bo(9115)
CVE-2002-2412
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
2007-11-01
CVE-2002-2412
http://www.securityfocus.com/bid/4781
BID:4781
http://online.securityfocus.com/archive/1/273257
BUGTRAQ:20020519 Plain Text Password Vulnerability in Winamp 2.80
http://www.iss.net/security_center/static/9114.php
XF:winamp-plaintext-password(9114)
CVE-2002-2413
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
2007-11-01
CVE-2002-2413
http://www.securityfocus.com/bid/4783
BID:4783
http://archives.neohapsis.com/archives/bugtraq/2002-05/0178.html
BUGTRAQ:20020519 Multiple vendors web server source code disclosure (8.3 name format vulnerability - take II)
http://www.iss.net/security_center/static/9147.php
XF:website-pro-source-disclosure(9147)
CVE-2002-2414
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
2007-11-01
2016-10-17
CVE-2002-2414
http://www.securityfocus.com/bid/6218
BID:6218
http://marc.info/?l=full-disclosure&m=103783186608438&w=2
FULLDISC:20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
http://www.iss.net/security_center/static/10673.php
XF:opera-squid-https-dos(10673)
CVE-2002-2415
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
2007-11-01
CVE-2002-2415
http://www.securityfocus.com/bid/6233
BID:6233
http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html
BUGTRAQ:20021120 Allied Telesyn switches & routers vulnerability
http://www.iss.net/security_center/static/10680.php
XF:telesyn-zero-stream-dos(10680)
CVE-2002-2416
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
2007-11-01
CVE-2002-2416
http://www.securityfocus.com/bid/6308
BID:6308
http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00306.html
BUGTRAQ:20021122 Zeroo Folder Traversal Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0083.html
VULNWATCH:20021121 Zeroo Folder Traversal Vulnerability
http://www.iss.net/security_center/static/10672.php
XF:zeroo-dotdot-directory-traversal(10672)
CVE-2002-2417
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
2007-11-01
2007-11-28
CVE-2002-2417
http://www.securityfocus.com/bid/6235
BID:6235
http://www.securityfocus.com/archive/1/300929
BUGTRAQ:20021124 acFTP Authentication Issue
http://securityreason.com/securityalert/3334
SREASON:3334
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
VULNWATCH:20021123 acFTP Authentication Issue
http://www.iss.net/security_center/static/10681.php
XF:acftp-authentication-bypass(10681)
CVE-2002-2418
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
2007-11-01
2007-11-28
CVE-2002-2418
http://www.securityfocus.com/bid/6236
BID:6236
http://online.securityfocus.com/archive/1/300925
BUGTRAQ:20021124 acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS
http://securityreason.com/securityalert/3327
SREASON:3327
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0089.html
VULNWATCH:20021123 acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS
http://www.iss.net/security_center/static/10682.php
XF:acfp-error-page-xss(10682)
CVE-2002-2419
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.
2007-11-01
CVE-2002-2419
http://www.securityfocus.com/bid/5781
BID:5781
http://ac2i.tzo.com/dctc/ChangeLog
CONFIRM:http://ac2i.tzo.com/dctc/ChangeLog
http://www.iss.net/security_center/static/10181.php
XF:dctc-null-byte-dos(10181)
CVE-2002-2420
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
2007-11-01
CVE-2002-2420
http://www.securityfocus.com/bid/5605
BID:5605
http://securitytracker.com/id?1005190
SECTRACK:1005190
CVE-2002-2421
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
2007-11-01
CVE-2002-2421
http://archives.neohapsis.com/archives/bugtraq/2002-09/0304.html
BUGTRAQ:20020925 IIL Advisory: Vulnerabilities in acWEB HTTP server
http://www.iss.net/security_center/static/10190.php
XF:acweb-device-name-dos(10190)
CVE-2002-2422
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
2007-11-01
CVE-2002-2422
http://www.securityfocus.com/bid/5780
BID:5780
http://online.securityfocus.com/archive/1/294020
BUGTRAQ:20021001 Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server
http://www.securityfocus.com/archive/1/293715
BUGTRAQ:20021001 XSS bug in Compaq Insight Manager Http server
http://online.securityfocus.com/archive/1/294160
BUGTRAQ:20021004 RE: XSS bug in Compaq Insight Manager Http server
http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html
MISC:http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html
CVE-2002-2423
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
2007-11-01
CVE-2002-2423
http://www.securityfocus.com/bid/5770
BID:5770
http://archive.cert.uni-stuttgart.de/bugtraq/2002/09/msg00267.html
BUGTRAQ:20020921 Sendmail logging and short string precision allows anonymous commands/relay
http://www.iss.net/security_center/static/10153.php
XF:sendmail-ident-logging-bypass(10153)
CVE-2002-2424
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
2007-11-01
CVE-2002-2424
http://www.securityfocus.com/bid/5569
BID:5569
http://archives.neohapsis.com/archives/bugtraq/2002-08/0262.html
BUGTRAQ:20020824 phpReactor - Cross-Site Scripting via STYLE
http://www.iss.net/security_center/static/9958.php
XF:phpreactor-style-xss(9958)
CVE-2002-2425
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
2007-11-01
CVE-2002-2425
http://www.securityfocus.com/bid/5383
BID:5383
http://archives.neohapsis.com/archives/bugtraq/2002-07/0486.html
BUGTRAQ:20020801 Sun AnswerBook2 format string and other vulnerabilities
http://www.iss.net/security_center/static/9756.php
XF:answerbook2-admin-scripts-access(9756)
CVE-2002-2426
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
2007-11-19
2009-02-26
CVE-2002-2426
http://www.securityfocus.com/bid/26451
BID:26451
http://support.citrix.com/article/CTX115245
CONFIRM:http://support.citrix.com/article/CTX115245
http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
MISC:http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt
http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
MISC:http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
http://www.securitytracker.com/id?1018962
SECTRACK:1018962
http://secunia.com/advisories/27633
SECUNIA:27633
http://www.vupen.com/english/advisories/2007/3870
VUPEN:ADV-2007-3870
CVE-2002-2427
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
2009-02-06
CVE-2002-2427
http://www.kb.cert.org/vuls/id/124059
CERT-VN:VU#124059
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
CVE-2002-2428
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
2009-02-06
CVE-2002-2428
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c
CVE-2002-2429
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
2009-02-06
CVE-2002-2429
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c
CVE-2002-2430
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
2009-02-06
CVE-2002-2430
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865
CVE-2002-2431
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
2009-02-06
CVE-2002-2431
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c
CVE-2002-2432
Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.
2010-04-05
CVE-2002-2432
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2002-2433
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.
2010-04-05
CVE-2002-2433
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2002-2434
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.
2010-04-05
CVE-2002-2434
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2002-2435
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
2011-12-07
2017-08-28
CVE-2002-2435
http://bugzilla.mozilla.org/show_bug.cgi?id=147777
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=147777
http://w2spconf.com/2010/papers/p26.pdf
MISC:http://w2spconf.com/2010/papers/p26.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71817
XF:ms-ie-css-info-disc(71817)
CVE-2002-2436
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
2011-12-07
2017-08-28
CVE-2002-2436
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
CONFIRM:http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
http://bugzilla.mozilla.org/show_bug.cgi?id=147777
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=147777
https://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector
CONFIRM:https://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector
http://w2spconf.com/2010/papers/p26.pdf
MISC:http://w2spconf.com/2010/papers/p26.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71816
XF:firefox-css-info-disclosure(71816)
CVE-2002-2437
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
2011-12-07
CVE-2002-2437
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
CONFIRM:http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
http://bugzilla.mozilla.org/show_bug.cgi?id=147777
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=147777
https://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector
CONFIRM:https://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector
http://w2spconf.com/2010/papers/p26.pdf
MISC:http://w2spconf.com/2010/papers/p26.pdf
CVE-2002-2438
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.
2021-05-18
2023-02-12
CVE-2002-2438
https://www.kb.cert.org/vuls/id/464113
MISC:VU#464113
http://www.openwall.com/lists/oss-security/2012/02/03/7
MISC:[oss-security] 20120203 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations
http://www.openwall.com/lists/oss-security/2012/05/29/8
MISC:[oss-security] 20120529 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations
http://www.openwall.com/lists/oss-security/2012/05/30/2
MISC:[oss-security] 20120530 CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/11
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/12
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/13
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/4
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/8
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/30/9
MISC:[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2012/05/31/3
MISC:[oss-security] 20120531 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
http://www.openwall.com/lists/oss-security/2014/02/12/8
MISC:[oss-security] 20140212 Re: Old CVE ids, public, but still "RESERVED"
https://bugzilla.suse.com/show_bug.cgi?id=744994%2C
MISC:https://bugzilla.suse.com/show_bug.cgi?id=744994%2C
https://security.netapp.com/advisory/ntap-20210727-0003/
MISC:https://security.netapp.com/advisory/ntap-20210727-0003/
https://www.kb.cert.org/vuls/id/464113%2C
MISC:https://www.kb.cert.org/vuls/id/464113%2C
https://www.openwall.com/lists/oss-security/2012/02/03/7
MISC:https://www.openwall.com/lists/oss-security/2012/02/03/7
CVE-2002-2439
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
2019-10-23
2019-10-23
CVE-2002-2439
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351
CONFIRM:https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351
https://access.redhat.com/security/cve/cve-2002-2439
MISC:https://access.redhat.com/security/cve/cve-2002-2439
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
https://security-tracker.debian.org/tracker/CVE-2002-2439
MISC:https://security-tracker.debian.org/tracker/CVE-2002-2439
CVE-2002-2440
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2002-2440
CVE-2002-2441
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2002-2441
CVE-2002-2442
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2002-2442
CVE-2002-2443
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
2013-05-29
2016-12-05
CVE-2002-2443
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
CONFIRM:http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
https://bugzilla.redhat.com/show_bug.cgi?id=962531
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=962531
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
CONFIRM:https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
http://www.debian.org/security/2013/dsa-2701
DEBIAN:DSA-2701
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html
FEDORA:FEDORA-2013-8113
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html
FEDORA:FEDORA-2013-8212
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html
FEDORA:FEDORA-2013-8219
http://www.mandriva.com/security/advisories?name=MDVSA-2013:166
MANDRIVA:MDVSA-2013:166
http://rhn.redhat.com/errata/RHSA-2013-0942.html
REDHAT:RHSA-2013:0942
http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html
SUSE:openSUSE-SU-2013:1119
http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html
SUSE:openSUSE-SU-2013:1122
http://www.ubuntu.com/usn/USN-2810-1
UBUNTU:USN-2810-1
CVE-2002-2444
Snoopy before 2.0.0 has a security hole in exec cURL
2019-10-28
2019-11-01
CVE-2002-2444
https://security-tracker.debian.org/tracker/CVE-2002-2444
DEBIAN:Debian
http://www.openwall.com/lists/oss-security/2014/07/18/2
MISC:http://www.openwall.com/lists/oss-security/2014/07/18/2
https://sourceforge.net/p/snoopy/bugs/13/
MISC:https://sourceforge.net/p/snoopy/bugs/13/
CVE-2002-2445
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors.
2015-08-04
2015-08-31
CVE-2002-2445
http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1
http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
MISC:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://twitter.com/digitalbond/status/619250429751222277
MISC:https://twitter.com/digitalbond/status/619250429751222277
CVE-2002-2446
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.
2015-08-04
2018-03-27
CVE-2002-2446
http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1
http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
MISC:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
https://twitter.com/digitalbond/status/619250429751222277
MISC:https://twitter.com/digitalbond/status/619250429751222277
CVE-2002-2447
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2002-2447