Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1912 NULL Pointer Dereference vulnerability in Skystream Emr5000 1.16/1.17/1.18
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
network
low complexity
skystream CWE-476
7.5
2002-12-31 CVE-2002-1910 Inadequate Encryption Strength vulnerability in Click-2 Ingenium Learning Management System 5.1/6.1
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
network
low complexity
click-2 CWE-326
7.5
2002-12-31 CVE-2002-1872 Inadequate Encryption Strength vulnerability in Microsoft SQL Server
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
network
low complexity
microsoft CWE-326
7.5
2002-12-31 CVE-2002-1850 Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
network
low complexity
apache CWE-667
7.5
2002-12-31 CVE-2002-1844 Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
local
low complexity
microsoft CWE-276
7.8
2002-12-31 CVE-2002-1810 Missing Authentication for Critical Function vulnerability in Dlink Dwl-900Ap+ Firmware 2.1/2.2
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
network
low complexity
dlink CWE-306
7.5
2002-12-31 CVE-2002-1800 Cleartext Storage of Sensitive Information vulnerability in PHPrank 1.8
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
network
low complexity
phprank CWE-312
7.5
2002-12-31 CVE-2002-1796 Improper Verification of Cryptographic Signature vulnerability in HP Chaivm Ezloader
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
local
low complexity
hp CWE-347
7.8
2002-12-31 CVE-2002-1745 Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
network
low complexity
microsoft CWE-193
7.5
2002-12-31 CVE-2002-1721 Off-by-one Error vulnerability in Pldaniels Altermime 0.1.10/0.1.11
Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.
network
low complexity
pldaniels CWE-193
7.5