Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0524 1 Asp-nuke 1 Asp-nuke 2008-09-05 5.0 MEDIUM N/A
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.
CVE-2002-0738 1 Mhonarc 1 Mhonarc 2008-09-05 7.5 HIGH N/A
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
CVE-2002-0555 1 Ibm 1 Informix Web Datablade 2008-09-05 7.5 HIGH N/A
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
CVE-2002-0578 1 Aci 1 4d Webserver 2008-09-05 7.5 HIGH N/A
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
CVE-2002-0576 1 Allaire 1 Coldfusion Server 2008-09-05 5.0 MEDIUM N/A
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVE-2002-0556 1 Deep Forest Software 1 Quik-serv Webserver 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2002-0557 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
CVE-2002-0574 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.
CVE-2002-0571 1 Oracle 1 Oracle9i 2008-09-05 7.5 HIGH N/A
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0462 1 Big Sam 1 Big Sam 2008-09-05 6.4 MEDIUM N/A
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
CVE-2002-0518 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.
CVE-2002-0734 1 Michel Valdrighi 1 B2 2008-09-05 7.5 HIGH N/A
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
CVE-2002-0539 1 Demarc Security 1 Puresecure 2008-09-05 10.0 HIGH N/A
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
CVE-2002-0549 1 Anthill 1 Anthill 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users.
CVE-2002-0792 1 Cisco 2 Content Services Switch 11000, Webns 2008-09-05 5.0 MEDIUM N/A
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
CVE-2002-0791 1 Novell 1 Netware 2008-09-05 5.0 MEDIUM N/A
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
CVE-2002-0737 1 Sambar 1 Sambar Server 2008-09-05 6.4 MEDIUM N/A
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
CVE-2002-0540 1 Nortel 1 Cvx 1800 Multi-service Access Switch 2008-09-05 7.5 HIGH N/A
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
CVE-2002-0739 1 Postnuke Software Foundation 1 Postcalendar 2008-09-05 7.5 HIGH N/A
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
CVE-2002-0740 1 Slrn Development Team 1 Slrn 2008-09-05 7.2 HIGH N/A
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
CVE-2002-0741 1 Psychoid 1 Psybnc 2008-09-05 5.0 MEDIUM N/A
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
CVE-2002-0742 1 Ibm 1 Aix 2008-09-05 10.0 HIGH N/A
Buffer overflow in pioout on AIX 4.3.3.
CVE-2002-0747 1 Ibm 1 Aix 2008-09-05 10.0 HIGH N/A
Buffer overflow in lsmcode in AIX 4.3.3.
CVE-2002-0789 1 Mnogosearch 1 Mnogosearch 2008-09-05 7.5 HIGH N/A
Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.
CVE-2002-0779 1 Novell 1 Bordermanager 2008-09-05 5.0 MEDIUM N/A
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.
CVE-2002-0748 1 National Instruments 1 Labview 2008-09-05 5.0 MEDIUM N/A
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
CVE-2002-0749 1 Cgiscript.net 1 Csmailto 2008-09-05 7.5 HIGH N/A
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
CVE-2002-0750 1 Cgiscript.net 1 Csmailto 2008-09-05 5.0 MEDIUM N/A
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
CVE-2002-0777 1 Ipswitch 1 Imail 2008-09-05 10.0 HIGH N/A
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
CVE-2002-0751 1 Cgiscript.net 1 Csmailto 2008-09-05 7.5 HIGH N/A
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
CVE-2002-0752 1 Cgiscript.net 1 Csmailto 2008-09-05 5.0 MEDIUM N/A
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
CVE-2002-0753 1 Talentsoft 1 Web\+ Server 2008-09-05 10.0 HIGH N/A
Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.
CVE-2002-0754 2 Freebsd, Kth 3 Freebsd, Heimdal, Heimdal 2008-09-05 7.2 HIGH N/A
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
CVE-2002-0755 1 Freebsd 1 Freebsd 2008-09-05 7.2 HIGH N/A
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
CVE-2002-0756 2 Usermin, Webmin 2 Usermin, Webmin 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
CVE-2002-0757 2 Usermin, Webmin 2 Usermin, Webmin 2008-09-05 7.5 HIGH N/A
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
CVE-2002-0759 1 Bzip 1 Bzip2 2008-09-05 5.0 MEDIUM N/A
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
CVE-2002-0776 1 Hosting Controller 1 Hosting Controller 2008-09-05 7.5 HIGH N/A
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
CVE-2002-0760 1 Bzip 1 Bzip2 2008-09-05 1.2 LOW N/A
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
CVE-2002-0435 1 Gnu 1 Fileutils 2008-09-05 1.2 LOW N/A
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
CVE-2002-0434 1 Marcus S. Xenakis 1 Directory.php 2008-09-05 10.0 HIGH N/A
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
CVE-2002-0433 1 Pi3 1 Pi3web 2008-09-05 5.0 MEDIUM N/A
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
CVE-2002-0541 1 Ibm 1 Tivoli Storage Manager 2008-09-05 7.5 HIGH N/A
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
CVE-2002-0432 1 Citadel 1 Ux 2008-09-05 10.0 HIGH N/A
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
CVE-2002-0455 1 Incredimail 1 Incredimail 2008-09-05 5.0 MEDIUM N/A
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
CVE-2002-0543 1 Aprelium Technologies 1 Abyss Web Server 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
CVE-2002-0544 1 Aprelium Technologies 1 Abyss Web Server 2008-09-05 7.2 HIGH N/A
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.
CVE-2002-0442 1 Caldera 1 Openserver 2008-09-05 7.2 HIGH N/A
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.
CVE-2002-0805 1 Mozilla 1 Bugzilla 2008-09-05 4.6 MEDIUM N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
CVE-2002-0545 1 Cisco 2 Aironet Ap340, Aironet Ap350 2008-09-05 5.0 MEDIUM N/A
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.