Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-07-26 | CVE-2002-0410 | Unspecified vulnerability in Aeromail send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded. | 5.0 |
| 2002-07-26 | CVE-2002-0409 | Remote Security vulnerability in Microsoft .Net Framework 1.0 orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. | 5.0 |
| 2002-07-26 | CVE-2002-0408 | Information Disclosure vulnerability in Lotus Domino Banner htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. | 5.0 |
| 2002-07-26 | CVE-2002-0407 | Path Disclosure vulnerability in Lotus Domino MS-DOS Device htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | 5.0 |
| 2002-07-26 | CVE-2002-0406 | Denial of Service vulnerability in Menasoft Sphereserver 0.99F/0.99I Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in. | 5.0 |
| 2002-07-26 | CVE-2002-0397 | Information Disclosure vulnerability in 1050Ap Lan Acess Point Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | 5.0 |
| 2002-07-26 | CVE-2002-0358 | Unspecified vulnerability in SGI Mediamail MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. | 4.6 |
| 2002-07-26 | CVE-2002-0031 | Buffer Overflow vulnerability in Yahoo Messenger 5.0 Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. | 4.6 |
| 2002-07-23 | CVE-2002-0687 | Remote Denial Of Service vulnerability in Zope 2.5.1 The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | 5.0 |
| 2002-07-23 | CVE-2002-0680 | Directory Traversal vulnerability in GoAhead WebServer Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. | 5.0 |