Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1816 Off-by-one Error vulnerability in Redshift Atphttpd 0.4B
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
network
low complexity
redshift CWE-193
critical
9.8
2002-12-31 CVE-2002-1810 Missing Authentication for Critical Function vulnerability in Dlink Dwl-900Ap+ Firmware 2.1/2.2
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
network
low complexity
dlink CWE-306
7.5
2002-12-31 CVE-2002-1800 Cleartext Storage of Sensitive Information vulnerability in PHPrank 1.8
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
network
low complexity
phprank CWE-312
7.5
2002-12-31 CVE-2002-1798 Forced Browsing vulnerability in Midicart PHP, Midicart PHP Maxi and Midicart PHP Plus
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
network
low complexity
midicart CWE-425
critical
9.1
2002-12-31 CVE-2002-1796 Improper Verification of Cryptographic Signature vulnerability in HP Chaivm Ezloader
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
local
low complexity
hp CWE-347
7.8
2002-12-31 CVE-2002-1745 Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
network
low complexity
microsoft CWE-193
7.5
2002-12-31 CVE-2002-1739 Inadequate Encryption Strength vulnerability in Mdaemon 5.0/5.0.6
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
local
low complexity
mdaemon CWE-326
5.5
2002-12-31 CVE-2002-1721 Off-by-one Error vulnerability in Pldaniels Altermime 0.1.10/0.1.11
Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.
network
low complexity
pldaniels CWE-193
7.5
2002-12-31 CVE-2002-1713 Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
local
low complexity
mandrakesoft CWE-276
5.5
2002-12-31 CVE-2002-1706 Improper Verification of Cryptographic Signature vulnerability in Cisco IOS
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
network
low complexity
cisco CWE-347
7.5