Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1810 | Missing Authentication for Critical Function vulnerability in Dlink Dwl-900Ap+ Firmware 2.1/2.2 D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | 7.5 |
| 2002-12-31 | CVE-2002-1800 | Cleartext Storage of Sensitive Information vulnerability in PHPrank 1.8 phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | 7.5 |
| 2002-12-31 | CVE-2002-1798 | Forced Browsing vulnerability in Midicart PHP, Midicart PHP Maxi and Midicart PHP Plus MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | 9.1 |
| 2002-12-31 | CVE-2002-1796 | Improper Verification of Cryptographic Signature vulnerability in HP Chaivm Ezloader ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | 7.8 |
| 2002-12-31 | CVE-2002-1745 | Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0 Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | 7.5 |
| 2002-12-31 | CVE-2002-1739 | Inadequate Encryption Strength vulnerability in Mdaemon 5.0/5.0.6 Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | 5.5 |
| 2002-12-31 | CVE-2002-1721 | Off-by-one Error vulnerability in Pldaniels Altermime 0.1.10/0.1.11 Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte. | 7.5 |
| 2002-12-31 | CVE-2002-1713 | Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2 The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | 5.5 |
| 2002-12-31 | CVE-2002-1706 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. | 7.5 |
| 2002-12-31 | CVE-2002-1697 | Inadequate Encryption Strength vulnerability in Vtun Project Vtun 2.0/2.5 Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | 7.5 |