Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1744 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
network
low complexity
microsoft
5.0
2002-12-31 CVE-2002-1743 Denial of Service vulnerability in Mirabilis ICQ 2002Abuild3722
AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
network
low complexity
mirabilis
5.0
2002-12-31 CVE-2002-1742 Remote Arbitrary Command Execution vulnerability in SOAP::Lite 0.50/0.51/0.52
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.
network
low complexity
paul-kulchenko
5.0
2002-12-31 CVE-2002-1739 Inadequate Encryption Strength vulnerability in Mdaemon
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
local
low complexity
mdaemon CWE-326
5.5
2002-12-31 CVE-2002-1738 Unspecified vulnerability in Alt-N Mdaemon
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.
network
low complexity
alt-n
5.0
2002-12-31 CVE-2002-1736 Remote Security vulnerability in CGINews
Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input."
network
low complexity
markus-triska
5.0
2002-12-31 CVE-2002-1733 Unspecified vulnerability in Prospero Technologies Prospero Message Board
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.
4.3
2002-12-31 CVE-2002-1732 Cross-Site Scripting vulnerability in Actinic Catalog 4.7
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
network
actinic
4.3
2002-12-31 CVE-2002-1730 HTML Injection vulnerability in Aspjar Guestbook 1.0
ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".
network
low complexity
aspjar
5.0
2002-12-31 CVE-2002-1729 HTML Injection vulnerability in Aspjar Guestbook 1.0
Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.
network
aspjar
6.8