Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2143 | Remotely Readable Administrator Password vulnerability in Mysimplenews 1.0 The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. | 7.5 |
| 2002-12-31 | CVE-2002-2142 | Unspecified vulnerability in BEA Weblogic Integration and Weblogic Server An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | 7.5 |
| 2002-12-31 | CVE-2002-2141 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | 7.5 |
| 2002-12-31 | CVE-2002-2130 | Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2 publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2002-12-31 | CVE-2002-2123 | Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2 PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | 7.5 |
| 2002-12-31 | CVE-2002-2114 | Remote Command Execution vulnerability in Netjuke Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call. | 7.5 |
| 2002-12-31 | CVE-2002-2113 | Unspecified vulnerability in AGH Htmlsearch 1.0 search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | 7.5 |
| 2002-12-31 | CVE-2002-2109 | Unspecified vulnerability in Matt Wright Formmail Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. | 7.5 |
| 2002-12-31 | CVE-2002-2106 | Remote File Include vulnerability in Wikkitikkitavi 0.10/0.20/0.5 PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php. | 7.5 |
| 2002-12-31 | CVE-2002-2104 | Remote Command Execution vulnerability in Ganglia PHP RRD web Client 1.0.1 graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. | 7.5 |