Weekly Vulnerabilities Reports > May 27 to June 2, 2002
Overview
99 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 70 vendors including Microsoft, Apache, Netwin, Alcatel Lucent, and SGI. Vulnerabilities are notably categorized as and "Cross-site Scripting".
- 75 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 99 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-05-31 | CVE-2002-0311 | Caldera | Unspecified vulnerability in Caldera Openunix and Unixware Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. | 10.0 |
2002-05-31 | CVE-2002-0308 | Stefan Holmberg | Remote SQL Injection vulnerability in Stefan Holmberg Admentor 2.11 admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. | 10.0 |
2002-05-31 | CVE-2002-0287 | Powie | SQL Injection User Authentication vulnerability in Powie's PForum pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | 10.0 |
2002-05-31 | CVE-2002-0272 | Mpg321 | Buffer Overflow vulnerability in Mpg321 0.2.2/0.2.3/0.2.9 Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request. | 10.0 |
2002-05-29 | CVE-2002-0267 | Sips | Unspecified vulnerability in Sips preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. | 10.0 |
2002-05-29 | CVE-2002-0255 | Arescom | Unspecified vulnerability in Arescom Netdsl 800U The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. | 10.0 |
2002-05-29 | CVE-2002-0033 | SUN | Heap Overflow vulnerability in Solaris cachefsd Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. | 10.0 |
2002-05-27 | CVE-2002-1641 | Oracle | Remotely Exploitable Buffer Overflow vulnerability in Oracle Web Cache Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
47 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-05-31 | CVE-2002-0299 | Cnet | Remote Arbitrary Code Execution vulnerability in CNet CatchUp CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. | 7.6 |
2002-05-31 | CVE-2002-0310 | Netwin | Unspecified vulnerability in Netwin Webnews Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | 7.5 |
2002-05-31 | CVE-2002-0307 | Avengers News System | Directory Traversal vulnerability in Avengers News System Avengers News System 2.01/2.11 Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. | 7.5 |
2002-05-31 | CVE-2002-0306 | Avengers News System | Remote Command Execution vulnerability in Avengers News System Avengers News System 2.01/2.11 ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter. | 7.5 |
2002-05-31 | CVE-2002-0290 | Netwin | Remote Buffer Overflow vulnerability in Netwin Webnews 1.1H/1.1I/1.1J Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. | 7.5 |
2002-05-31 | CVE-2002-0286 | Sitenews | Unspecified vulnerability in Sitenews The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. | 7.5 |
2002-05-31 | CVE-2002-0285 | Microsoft | Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | 7.5 |
2002-05-31 | CVE-2002-0280 | Codeblue | Remote Security vulnerability in Codeblue Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply. | 7.5 |
2002-05-31 | CVE-2002-0278 | Add2It | Directory Traversal vulnerability in Mailman Free Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. | 7.5 |
2002-05-31 | CVE-2002-0277 | Add2It | Remote Arbitrary Command Execution vulnerability in Add2it Mailman Free Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter. | 7.5 |
2002-05-31 | CVE-2002-0276 | Ettercap | Buffer Overflow vulnerability in Ettercap 0.6.3.1 Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets. | 7.5 |
2002-05-29 | CVE-2002-0374 | Padl Software | Unspecified vulnerability in Padl Software PAM Ldap Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name. | 7.5 |
2002-05-29 | CVE-2002-0363 | Aladdin Enterprises | Unspecified vulnerability in Aladdin Enterprises Ghostscript ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | 7.5 |
2002-05-29 | CVE-2002-0362 | AOL | Remote Buffer Overflow vulnerability in AOL Instant Messenger 4.2 Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. | 7.5 |
2002-05-29 | CVE-2002-0269 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | 7.5 |
2002-05-29 | CVE-2002-0264 | Cooolsoft | Unspecified vulnerability in Cooolsoft Powerftp 2.03/2.10 PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges. | 7.5 |
2002-05-29 | CVE-2002-0263 | Ezne NET | Remote Buffer Overflow vulnerability in Ezne.Net Ezboard 2000 1.27 Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi. | 7.5 |
2002-05-29 | CVE-2002-0261 | Instantservers INC | Directory Traversal vulnerability in InstantServers MiniPortal Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... | 7.5 |
2002-05-29 | CVE-2002-0260 | Instantservers INC | Remote Buffer Overlow vulnerability in InstantServers MiniPortal FTP Login Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility. | 7.5 |
2002-05-29 | CVE-2002-0258 | Icewarp Merak | Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. | 7.5 |
2002-05-29 | CVE-2002-0257 | Apache Usanet Creations | Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | 7.5 |
2002-05-29 | CVE-2002-0252 | Apple | Remote Buffer Overflow vulnerability in Apple QuickTime Content-Type Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. | 7.5 |
2002-05-29 | CVE-2002-0251 | Licq | Denial Of Service vulnerability in LICQ Format String Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". | 7.5 |
2002-05-29 | CVE-2002-0250 | HP | Authentication Bypass vulnerability in HP AdvanceStack Switch Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. | 7.5 |
2002-05-29 | CVE-2002-0245 | Lotus | Information Disclosure vulnerability in Lotus Domino Banner Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. | 7.5 |
2002-05-29 | CVE-2002-0244 | Atheos | Unspecified vulnerability in Atheos 0.3.7 Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. | 7.5 |
2002-05-29 | CVE-2002-0243 | Opera Software | Unspecified vulnerability in Opera Software Opera web Browser Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | 7.5 |
2002-05-29 | CVE-2002-0242 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | 7.5 |
2002-05-29 | CVE-2002-0241 | Cisco | Authentication vulnerability in Cisco Secure Access Control Server 3.0.1 NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. | 7.5 |
2002-05-29 | CVE-2002-0238 | Netgear | Cross-Site Scripting vulnerability in Netgear RT314/RT311 Gateway Router Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. | 7.5 |
2002-05-29 | CVE-2002-0237 | ISS | Buffer Overflow vulnerability in ISS products Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. | 7.5 |
2002-05-29 | CVE-2002-0236 | Lucent | Authentication Bypass vulnerability in Lucent VitalNet Password Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | 7.5 |
2002-05-29 | CVE-2002-0235 | Castelle | Unspecified vulnerability in Castelle Faxpress 6.3 Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event. | 7.5 |
2002-05-29 | CVE-2002-0193 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0190 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0189 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0188 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. | 7.5 |
2002-05-29 | CVE-2002-0155 | Microsoft | Remote Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | 7.5 |
2002-05-29 | CVE-2002-0356 | SGI | Unspecified vulnerability in SGI Irix Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. | 7.2 |
2002-05-29 | CVE-2002-0268 | Identix | Authentication Bypass vulnerability in Identix Biologon 3.0 Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | 7.2 |
2002-05-29 | CVE-2002-0248 | Wliang | Unspecified vulnerability in Wliang Wmtv wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. | 7.2 |
2002-05-29 | CVE-2002-0247 | Wliang | Buffer Overflow vulnerability in WMTV Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. | 7.2 |
2002-05-29 | CVE-2002-0246 | Caldera | Unspecified vulnerability in Caldera Unixware 7.1.1 Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | 7.2 |
2002-05-29 | CVE-2002-0239 | Hanterm | Local Buffer Overflow vulnerability in Hanterm 3.3/3.3.1 Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. | 7.2 |
2002-05-29 | CVE-2002-0178 | GNU | Symbolic Link Attack vulnerability in GNU Sharutils 4.2 uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | 7.2 |
2002-05-29 | CVE-2002-0174 | SGI | Symbolic Link vulnerability in SGI Irix nsd nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | 7.2 |
2002-05-28 | CVE-2002-1447 | Cisco | Local Buffer Overflow vulnerability in Cisco VPN Client for Unix Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | 7.2 |
36 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-05-31 | CVE-2002-0293 | Alcatel Lucent | Local Security vulnerability in Alcatel-Lucent Omnipcx 4400 FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | 6.2 |
2002-05-31 | CVE-2002-0281 | Codeworx Technologies | Unspecified vulnerability in Codeworx Technologies Dcp-Portal Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. | 5.1 |
2002-05-31 | CVE-2002-0309 | Symantec | Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2 SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. | 5.0 |
2002-05-31 | CVE-2002-0305 | Zero ONE Tech | Unspecified vulnerability in Zero ONE Tech P100S Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. | 5.0 |
2002-05-31 | CVE-2002-0304 | Summit Computer Networks | Unspecified vulnerability in Summit Computer Networks LIL Http Server 2.1 Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request. | 5.0 |
2002-05-31 | CVE-2002-0302 | Symantec | Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2/7.0 The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | 5.0 |
2002-05-31 | CVE-2002-0301 | Citrix | Information Disclosure vulnerability in Citrix Nfuse 1.6 Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. | 5.0 |
2002-05-31 | CVE-2002-0300 | Gnujsp | Unspecified vulnerability in Gnujsp 1.0.0/1.0.1 gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file. | 5.0 |
2002-05-31 | CVE-2002-0298 | Nombas | Denial of Service vulnerability in Nombas Scriptease Webserver 0.95 ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character. | 5.0 |
2002-05-31 | CVE-2002-0297 | Nombas | Denial of Service vulnerability in Nombas Scriptease Webserver 0.95 Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. | 5.0 |
2002-05-31 | CVE-2002-0291 | Funsoft | Denial of Service vulnerability in Dino's Webserver 1.0/1.2 Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. | 5.0 |
2002-05-31 | CVE-2002-0289 | Bbshareware COM | Denial Of Service vulnerability in Bbshareware.Com Phusion Webserver 1.0 Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request. | 5.0 |
2002-05-31 | CVE-2002-0288 | Bbshareware COM | Directory Traversal vulnerability in Bbshareware.Com Phusion Webserver 1.0 Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... | 5.0 |
2002-05-31 | CVE-2002-0283 | Microsoft | Denial-Of-Service vulnerability in Windows XP Gold Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. | 5.0 |
2002-05-31 | CVE-2002-0282 | Codeworx Technologies | Path Disclosure vulnerability in DCP-Portal System Information DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. | 5.0 |
2002-05-31 | CVE-2002-0275 | Blueface | Authentication Bypass vulnerability in BlueFace Falcon Web Server 2.0.0.1009/2.0.0.1020 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | 5.0 |
2002-05-29 | CVE-2002-0375 | Ecometry | Unspecified vulnerability in Ecometry Sgdynamo 5.32/6.1/7.0 Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | 5.0 |
2002-05-29 | CVE-2002-0266 | Thunderstone Software | Path Disclosure vulnerability in Thunderstone Software Texis 3.0 Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. | 5.0 |
2002-05-29 | CVE-2002-0262 | Sybex | Directory Traversal vulnerability in Sybex E-Trainer Software Relative Path Filtering Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-05-29 | CVE-2002-0256 | Arescom | Denial of Service vulnerability in Arescom Netdsl 1000 The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop. | 5.0 |
2002-05-29 | CVE-2002-0254 | Mirabilis | Denial-Of-Service vulnerability in Mirabilis ICQ 2001Bbuild3659 ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | 5.0 |
2002-05-29 | CVE-2002-0253 | PHP | Information Disclosure vulnerability in PHP Include File Relative Directory PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. | 5.0 |
2002-05-29 | CVE-2002-0249 | Apache | Path Disclosure vulnerability in Apache Http Server 2.0.28 PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | 5.0 |
2002-05-29 | CVE-2002-0240 | Apache | Path Disclosure vulnerability in Apache Http Server 2.0.28 PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | 5.0 |
2002-05-29 | CVE-2002-0233 | Eshare Communications INC | Directory Traversal vulnerability in eshare Expressions 1.0/2.0 Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-05-29 | CVE-2002-0232 | Mrtg | Unspecified vulnerability in Mrtg Multi Router Traffic Grapher CGI 2.9.17 Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. | 5.0 |
2002-05-29 | CVE-2002-0191 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. | 5.0 |
2002-05-31 | CVE-2002-0303 | Novell | Authentication Bypass vulnerability in Novell Groupwise 6.0 GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. | 4.6 |
2002-05-31 | CVE-2002-0295 | Alcatel Lucent | Unspecified vulnerability in Alcatel-Lucent Omnipcx 4400 Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. | 4.6 |
2002-05-31 | CVE-2002-0279 | HP | Unspecified vulnerability in HP Hp-Ux 11.11 The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges. | 4.6 |
2002-05-31 | CVE-2002-0274 | University OF Cambridge | Buffer Overflow vulnerability in Exim Configuration File Argument Command Line Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments. | 4.6 |
2002-05-31 | CVE-2002-0273 | Netwin | Buffer Overflow vulnerability in Netwin CWMail Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. | 4.6 |
2002-05-29 | CVE-2002-0265 | Sawmill | Unspecified vulnerability in Sawmill Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. | 4.6 |
2002-05-29 | CVE-2002-0259 | Instantservers INC | Unspecified vulnerability in Instantservers Inc. Miniportal InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. | 4.6 |
2002-05-29 | CVE-2002-0169 | Redhat | Unspecified vulnerability in Redhat Docbook Stylesheets and Docbook Utils The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. | 4.6 |
2002-05-29 | CVE-2002-0270 | Opera Software | Cross-Site Scripting vulnerability in Opera Software Opera web Browser 9.10 Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | 4.3 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-05-31 | CVE-2002-0292 | Open Source Development Network | Cross-Site Scripting vulnerability in SlashCode Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. | 2.6 |
2002-05-31 | CVE-2002-0284 | Nullsoft | Remote Security vulnerability in Nullsoft Winamp 2.77/2.78 Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. | 2.6 |
2002-05-31 | CVE-2002-0294 | Alcatel Lucent | Denial Of Service vulnerability in Alcatel-Lucent Omnipcx 4400 Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system. | 2.1 |
2002-05-29 | CVE-2002-0377 | ROB Flynn | Unspecified vulnerability in ROB Flynn Gaim 0.57 Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. | 2.1 |
2002-05-29 | CVE-2002-0355 | SGI | Unspecified vulnerability in SGI Irix netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. | 2.1 |
2002-05-29 | CVE-2002-0234 | Juniper | Unspecified vulnerability in Juniper Netscreen Screenos NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections. | 2.1 |
2002-05-31 | CVE-2002-0296 | Tarantella | Symbolic Link vulnerability in Tarantella Enterprise 3 The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | 1.2 |
2002-05-29 | CVE-2002-0271 | ADA Core Technologies | Unspecified vulnerability in ADA Core Technologies Gnat PRO Native 3.12P/3.13P/3.14P Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files. | 1.2 |