Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1850 | Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40 mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | 7.5 |
| 2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
| 2002-12-31 | CVE-2002-1820 | Improper Handling of Case Sensitivity vulnerability in Ultimate PHP Board Project Ultimate PHP Board 1.0 register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a." | 9.8 |
| 2002-12-31 | CVE-2002-1816 | Off-by-one Error vulnerability in Redshift Atphttpd 0.4B Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | 9.8 |
| 2002-12-31 | CVE-2002-1810 | Missing Authentication for Critical Function vulnerability in Dlink Dwl-900Ap+ Firmware 2.1/2.2 D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | 7.5 |
| 2002-12-31 | CVE-2002-1800 | Cleartext Storage of Sensitive Information vulnerability in PHPrank 1.8 phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | 7.5 |
| 2002-12-31 | CVE-2002-1798 | Forced Browsing vulnerability in Midicart PHP, Midicart PHP Maxi and Midicart PHP Plus MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | 9.1 |
| 2002-12-31 | CVE-2002-1796 | Improper Verification of Cryptographic Signature vulnerability in HP Chaivm Ezloader ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | 7.8 |
| 2002-12-31 | CVE-2002-1745 | Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0 Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | 7.5 |
| 2002-12-31 | CVE-2002-1739 | Inadequate Encryption Strength vulnerability in Mdaemon 5.0/5.0.6 Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | 5.5 |