Weekly Vulnerabilities Reports > August 12 to 18, 2002
Overview
230 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 94 high severity vulnerabilities. This weekly summary report vulnerabilities in 196 products from 127 vendors including Microsoft, Freebsd, Mozilla, Hosting Controller, and Cisco. Vulnerabilities are notably categorized as "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Link Following", "Off-by-one Error", and "Integer Overflow or Wraparound".
- 181 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 226 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 26 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-08-12 | CVE-2002-0801 | Macromedia | Buffer Overflow vulnerability in Macromedia JRun Host Header Field Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | 10.0 |
2002-08-12 | CVE-2002-0797 | SUN | Remote Buffer Overflow vulnerability in Sun Solaris mibiisa Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | 10.0 |
2002-08-12 | CVE-2002-0796 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | 10.0 |
2002-08-12 | CVE-2002-0777 | Ipswitch | Buffer Overflow vulnerability in Ipswitch IMail Server LDAP Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. | 10.0 |
2002-08-12 | CVE-2002-0774 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. | 10.0 |
2002-08-12 | CVE-2002-0773 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. | 10.0 |
2002-08-12 | CVE-2002-0753 | Talentsoft | Buffer Overflow vulnerability in Talentsoft Web+ Server 4.6/5.0 Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. | 10.0 |
2002-08-12 | CVE-2002-0747 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 Buffer overflow in lsmcode in AIX 4.3.3. | 10.0 |
2002-08-12 | CVE-2002-0746 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument. | 10.0 |
2002-08-12 | CVE-2002-0745 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 Buffer overflow in uucp in AIX 4.3.3. | 10.0 |
2002-08-12 | CVE-2002-0744 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. | 10.0 |
2002-08-12 | CVE-2002-0743 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow. | 10.0 |
2002-08-12 | CVE-2002-0742 | IBM | Remote Security vulnerability in IBM AIX 4.3.3 Buffer overflow in pioout on AIX 4.3.3. | 10.0 |
2002-08-12 | CVE-2002-0736 | Microsoft | Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | 10.0 |
2002-08-12 | CVE-2002-0697 | Microsoft | Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2 Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. | 10.0 |
2002-08-12 | CVE-2002-0528 | Watchguard | Unspecified vulnerability in Watchguard Soho Firewall 5.0.35 Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules. | 10.0 |
2002-08-12 | CVE-2002-0525 | ISC | Local Format String Vulnerabilties in ISC INN Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. | 10.0 |
2002-08-12 | CVE-2002-0516 | Squirrelmail | Remote Command Execution vulnerability in SquirrelMail Theme SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | 10.0 |
2002-08-12 | CVE-2002-0508 | Wwwisis | Remote Command Execution vulnerability in Wwwisis 3.3/3.45 wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog. | 10.0 |
2002-08-12 | CVE-2002-0491 | Alguest | Unspecified vulnerability in Alguest 1.0 admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value. | 10.0 |
2002-08-12 | CVE-2002-0490 | Instant WEB Mail | Unspecified vulnerability in Instant web Mail Instant web Mail Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. | 10.0 |
2002-08-12 | CVE-2002-0489 | Linux Directory Penguin | Unspecified vulnerability in Linux Directory Penguin Nslookup 1.0 Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters. | 10.0 |
2002-08-12 | CVE-2002-0480 | ISS | Unspecified vulnerability in ISS Realsecure Nokia 6.0 ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | 10.0 |
2002-08-12 | CVE-2002-0473 | Phpbb Group | Remote File Include vulnerability in PHPBB2 'phpbb_root_path' db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | 10.0 |
2002-08-12 | CVE-2002-0471 | Phpnettoolpack | Remote Command Execution vulnerability in PHPnettoolpack 0.1 PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. | 10.0 |
2002-08-12 | CVE-2002-0467 | Ecartis Listar | Buffer Overflow vulnerability in Ecartis/Listar Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c. | 10.0 |
2002-08-12 | CVE-2002-0465 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. | 10.0 |
2002-08-12 | CVE-2002-0427 | Christof Pohl | Buffer Overflow vulnerability in Improved mod_frontpage Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges. | 10.0 |
2002-08-12 | CVE-2002-0423 | Efingerd | Buffer Overflow vulnerability in EFingerD Reverse Resolver Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | 10.0 |
2002-08-12 | CVE-2002-0416 | Sh39 | Denial of Service vulnerability in Sh39 Mailserver 1.2.1 Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port. | 10.0 |
2002-08-12 | CVE-2002-0391 | Openbsd SUN Freebsd Microsoft | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | 9.8 |
94 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-08-12 | CVE-2002-0844 | Distrotech | Off-by-one Error vulnerability in Distrotech CVS Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | 7.8 |
2002-08-12 | CVE-2002-0459 | Linux Sottises | Unspecified vulnerability in Linux-Sottises Board-Tnk and News-Tnk Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | 7.6 |
2002-08-12 | CVE-2002-0458 | Linux Sottises | Security vulnerability in News-Tnk 1.2.1/1.2.2 Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | 7.6 |
2002-08-12 | CVE-2002-0457 | BG Guestbook | Unspecified vulnerability in BG Guestbook BG Guestbook 1.0 Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. | 7.6 |
2002-08-14 | CVE-2002-1452 | Mywebserver | Remote Buffer Overflow vulnerability in Mywebserver 1.0.2 Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | 7.5 |
2002-08-12 | CVE-2002-0847 | Tinyproxy | Unspecified vulnerability in Tinyproxy 1.3.2/1.3.3/1.4.3 tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). | 7.5 |
2002-08-12 | CVE-2002-0846 | Macromedia | Buffer Overflow vulnerability in Macromedia Flash Malformed Header The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | 7.5 |
2002-08-12 | CVE-2002-0845 | Iplanet | Unspecified vulnerability in Iplanet web Server 4.1/6.0 Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. | 7.5 |
2002-08-12 | CVE-2002-0833 | Qualcomm | Buffer Overflow vulnerability in Qualcomm Eudora 5.0J/5.1.1 Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. | 7.5 |
2002-08-12 | CVE-2002-0832 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | 7.5 |
2002-08-12 | CVE-2002-0825 | Padl Software | Unspecified vulnerability in Padl Software NSS Ldap Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
2002-08-12 | CVE-2002-0818 | Wwwoffle | Buffer Overflow vulnerability in Andrew Bishop WWWOFFLE Negative Content-Length wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. | 7.5 |
2002-08-12 | CVE-2002-0815 | Mozilla Netscape Microsoft | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | 7.5 |
2002-08-12 | CVE-2002-0814 | Vmware | Buffer Overflow vulnerability in VMWare GSX Server 2.0.0Build2050 Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | 7.5 |
2002-08-12 | CVE-2002-0811 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | 7.5 |
2002-08-12 | CVE-2002-0809 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | 7.5 |
2002-08-12 | CVE-2002-0808 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | 7.5 |
2002-08-12 | CVE-2002-0807 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | 7.5 |
2002-08-12 | CVE-2002-0804 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | 7.5 |
2002-08-12 | CVE-2002-0802 | Postgresql | SQL-Injection vulnerability in Postgresql 6.5.0 The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | 7.5 |
2002-08-12 | CVE-2002-0799 | Youngzsoft | Buffer Overflow vulnerability in Youngzsoft Cmailserver 3.30 Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | 7.5 |
2002-08-12 | CVE-2002-0789 | Mnogosearch | Buffer Overflow vulnerability in Mnogosearch 3.1.19 Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. | 7.5 |
2002-08-12 | CVE-2002-0787 | Critical Path | Cross-Site Scripting vulnerability in Critical Path Injoin Directory Server 4.0 Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters. | 7.5 |
2002-08-12 | CVE-2002-0783 | Opera Software | Unspecified vulnerability in Opera Software Opera web Browser 5.12/6.0/6.0.1 Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. | 7.5 |
2002-08-12 | CVE-2002-0778 | Cisco | Unspecified vulnerability in Cisco products The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. | 7.5 |
2002-08-12 | CVE-2002-0776 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller 2002 getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | 7.5 |
2002-08-12 | CVE-2002-0768 | Luke Mewburn Suse | Remote Security vulnerability in Linux Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command. | 7.5 |
2002-08-12 | CVE-2002-0765 | Openbsd | Authentication Implementation Error vulnerability in Openbsd and Openssh sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. | 7.5 |
2002-08-12 | CVE-2002-0764 | Phorum | Remote Command Execution vulnerability in Phorum 3.3.2A Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. | 7.5 |
2002-08-12 | CVE-2002-0763 | HP | Unspecified vulnerability in HP Virtualvault 4.5 Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. | 7.5 |
2002-08-12 | CVE-2002-0758 | Suse | Remote Arbitrary Command Execution vulnerability in Suse Linux 8.0 ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. | 7.5 |
2002-08-12 | CVE-2002-0757 | Usermin Webmin | Authentication Bypass vulnerability in Webmin / Usermin (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | 7.5 |
2002-08-12 | CVE-2002-0756 | Usermin Webmin | Cross-Site Scripting vulnerability in Webmin / Usermin Login Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | 7.5 |
2002-08-12 | CVE-2002-0751 | Cgiscript NET | Remote Command Execution vulnerability in CGIScript.NET csMailto Hidden Form Field CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters. | 7.5 |
2002-08-12 | CVE-2002-0749 | Cgiscript NET | Remote Command Execution vulnerability in CGIScript.NET csMailto Hidden Form Field CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. | 7.5 |
2002-08-12 | CVE-2002-0739 | Postnuke Software Foundation | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postcalendar 3.0 Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. | 7.5 |
2002-08-12 | CVE-2002-0738 | Mhonarc | Unspecified vulnerability in Mhonarc 2.5/2.5.1/2.5.2 MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. | 7.5 |
2002-08-12 | CVE-2002-0735 | C Note Padl Software | Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | 7.5 |
2002-08-12 | CVE-2002-0734 | Michel Valdrighi | Remote Command Execution vulnerability in Michel Valdrighi B2 0.6Pre b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | 7.5 |
2002-08-12 | CVE-2002-0733 | Acme Labs | Cross-Site Scripting vulnerability in Acme Labs Thttpd 2.20B Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. | 7.5 |
2002-08-12 | CVE-2002-0731 | Vqsoft | Unspecified vulnerability in Vqsoft Vqserver Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. | 7.5 |
2002-08-12 | CVE-2002-0730 | Philip Chinery | Unspecified vulnerability in Philip Chinery Philip Chinerys Guestbook 1.1 Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage. | 7.5 |
2002-08-12 | CVE-2002-0719 | Microsoft | SQL Injection vulnerability in Microsoft Content Management Server 2001 SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. | 7.5 |
2002-08-12 | CVE-2002-0718 | Microsoft | Unspecified vulnerability in Microsoft Content Management Server 2001 Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." | 7.5 |
2002-08-12 | CVE-2002-0700 | Microsoft | Buffer Overflow vulnerability in Microsoft Content Management Server 2001 Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | 7.5 |
2002-08-12 | CVE-2002-0695 | Microsoft | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. | 7.5 |
2002-08-12 | CVE-2002-0684 | GNU ISC | Remote Security vulnerability in glibc Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | 7.5 |
2002-08-12 | CVE-2002-0660 | Greg Roelofs | Unspecified vulnerability in Greg Roelofs Libpng and Libpng3 Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. | 7.5 |
2002-08-12 | CVE-2002-0657 | Openssl | Buffer Overflow vulnerability in Openssl 0.9.7 Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. | 7.5 |
2002-08-12 | CVE-2002-0656 | Openssl Oracle Apple | Buffer Overflow vulnerability in OpenSSL SSLv3 Session ID Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | 7.5 |
2002-08-12 | CVE-2002-0655 | Openssl Oracle Apple | Buffer Overflow vulnerability in OpenSSL ASCII Representation Of Integers OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
2002-08-12 | CVE-2002-0649 | Microsoft | Buffer Errors vulnerability in Microsoft Data Engine and SQL Server Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. | 7.5 |
2002-08-12 | CVE-2002-0645 | Microsoft | Unspecified vulnerability in Microsoft Data Engine and SQL Server SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. | 7.5 |
2002-08-12 | CVE-2002-0644 | Microsoft | Unspecified vulnerability in Microsoft Data Engine and SQL Server Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. | 7.5 |
2002-08-12 | CVE-2002-0619 | Microsoft | Unspecified vulnerability in Microsoft Office 2000/Xp The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | 7.5 |
2002-08-12 | CVE-2002-0522 | ASP Nuke | Authentication Credentials User Account Compromise vulnerability in ASP-Nuke Plaintext Cookie ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. | 7.5 |
2002-08-12 | CVE-2002-0520 | ASP Nuke | Unspecified vulnerability in Asp-Nuke RC1 Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag. | 7.5 |
2002-08-12 | CVE-2002-0511 | Nscd | Unspecified vulnerability in Nscd 2.2.4 The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names. | 7.5 |
2002-08-12 | CVE-2002-0504 | Citrix | Cross-Site Scripting vulnerability in Citrix Nfuse 1.5/1.51/1.6 Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | 7.5 |
2002-08-12 | CVE-2002-0494 | Websight Directory System | Cross-Site Scripting vulnerability in Websight Directory System Websight Directory System 0.1 Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. | 7.5 |
2002-08-12 | CVE-2002-0485 | Symantec | Improper Handling of Case Sensitivity vulnerability in Symantec Norton Antivirus Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | 7.5 |
2002-08-12 | CVE-2002-0477 | Macromedia | Unspecified vulnerability in Macromedia Flash Player 5.0 Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. | 7.5 |
2002-08-12 | CVE-2002-0453 | Oblix | Unspecified vulnerability in Oblix Netpoint 5.2 The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again. | 7.5 |
2002-08-12 | CVE-2002-0452 | Foundrynet | Unspecified vulnerability in Foundrynet Serveriron Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible. | 7.5 |
2002-08-12 | CVE-2002-0451 | Phpprojekt | Remote File Include vulnerability in PHPprojekt 3.1/3.1A filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | 7.5 |
2002-08-12 | CVE-2002-0428 | Checkpoint | Unspecified vulnerability in Checkpoint Check Point Vpn, Firewall-1 and Next Generation Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. | 7.5 |
2002-08-12 | CVE-2002-0426 | Linksys | Unspecified vulnerability in Linksys Befvp41 1.01.04/1.39.64/1.40.1 VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. | 7.5 |
2002-08-12 | CVE-2002-0420 | Claymore Systems INC | Unspecified vulnerability in Claymore Systems INC Puretls 0.9B1 Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions. | 7.5 |
2002-08-12 | CVE-2002-0414 | Freebsd Netbsd Openbsd | KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | 7.5 |
2002-08-12 | CVE-2002-0413 | Rebb | Unspecified vulnerability in Rebb 1.0 Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | 7.5 |
2002-08-12 | CVE-2002-0412 | Luca Deri | Remote Format String vulnerability in Luca Deri Ntop 2.0 Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | 7.5 |
2002-08-12 | CVE-2002-0411 | Aeromail | Unspecified vulnerability in Aeromail Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line. | 7.5 |
2002-08-12 | CVE-2002-0827 | Caldera | Local Privilege Escalation vulnerability in Caldera Openunix and Unixware Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824. | 7.2 |
2002-08-12 | CVE-2002-0820 | Freebsd | Local Security vulnerability in Freebsd 4.6 FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. | 7.2 |
2002-08-12 | CVE-2002-0819 | Artsd | Local Security vulnerability in Artsd Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. | 7.2 |
2002-08-12 | CVE-2002-0817 | William Deich | Unspecified vulnerability in William Deich Super Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. | 7.2 |
2002-08-12 | CVE-2002-0816 | Compaq | Buffer Overflow vulnerability in Tru64 SU Command Line Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. | 7.2 |
2002-08-12 | CVE-2002-0767 | Richard Gooch | Unspecified vulnerability in Richard Gooch Simpleinit 2.0.2 simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges. | 7.2 |
2002-08-12 | CVE-2002-0766 | Openbsd | Unspecified vulnerability in Openbsd 2.9/3.0/3.1 OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. | 7.2 |
2002-08-12 | CVE-2002-0762 | Suse | Unspecified vulnerability in Suse Linux 8.0 shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. | 7.2 |
2002-08-12 | CVE-2002-0755 | Freebsd | Unspecified vulnerability in Freebsd 4.4/4.5 Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | 7.2 |
2002-08-12 | CVE-2002-0754 | Freebsd KTH | Privilege Escalation vulnerability in Kerberos 5 su Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | 7.2 |
2002-08-12 | CVE-2002-0740 | Slrn Development Team | Buffer Overflow vulnerability in SLRNPull Spool Directory Command Line Parameter Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. | 7.2 |
2002-08-12 | CVE-2002-0532 | Emumail | Unspecified vulnerability in Emumail Emumail, Emumail RED HAT Linux and Emumail Unix EMU Webmail allows local users to execute arbitrary programs via a .. | 7.2 |
2002-08-12 | CVE-2002-0526 | INN | Unspecified vulnerability in INN Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | 7.2 |
2002-08-12 | CVE-2002-0517 | Caldera | Buffer Overflow vulnerability in Caldera Openunix and Unixware Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | 7.2 |
2002-08-12 | CVE-2002-0506 | Redhat | Buffer Overflow vulnerability in LibNewt Library Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. | 7.2 |
2002-08-12 | CVE-2002-0501 | Posadis | Unspecified vulnerability in Posadis M5Pre1 Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. | 7.2 |
2002-08-12 | CVE-2002-0486 | Workforceroi | Weak Password Encryption vulnerability in Workforceroi Xpede 4.1/7.0 Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. | 7.2 |
2002-08-12 | CVE-2002-0479 | Gravity Storm Software | Unspecified vulnerability in Gravity Storm Software Service Pack Manager 2000 6.0/6.1/6.3 Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share. | 7.2 |
2002-08-12 | CVE-2002-0470 | Phpnettoolpack | Unspecified vulnerability in PHPnettoolpack 0.1 PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path. | 7.2 |
2002-08-12 | CVE-2002-0469 | Ecartis Listar | Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges. | 7.2 |
2002-08-12 | CVE-2000-1208 | Immunix Netbsd Openbsd Redhat | Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. | 7.2 |
2002-08-12 | CVE-2002-0813 | Cisco | Buffer Errors vulnerability in Cisco IOS 11.1/11.2/11.3 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | 7.1 |
90 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-08-12 | CVE-2002-0824 | Freebsd | Link Following vulnerability in Freebsd Point-To-Point Protocol Daemon BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | 6.9 |
2002-08-12 | CVE-2002-0812 | HPE Proxim | Information Exposure vulnerability in multiple products Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. | 6.4 |
2002-08-12 | CVE-2002-0772 | Hosting Controller | Directory Traversal vulnerability in Hosting Controller DSNManager Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. | 6.4 |
2002-08-12 | CVE-2002-0771 | Viewcvs | Cross-Site Scripting vulnerability in ViewCVS Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters. | 6.4 |
2002-08-12 | CVE-2002-0769 | Cisco | Unspecified vulnerability in Cisco Ata-186 The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. | 6.4 |
2002-08-12 | CVE-2002-0737 | Sambar | Unspecified vulnerability in Sambar Server 5.1 Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. | 6.4 |
2002-08-12 | CVE-2002-0710 | ROD Clark | Unspecified vulnerability in ROD Clark Sendform.Cgi Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. | 6.4 |
2002-08-12 | CVE-2002-0464 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. | 6.4 |
2002-08-12 | CVE-2002-0462 | BIG SAM | Unspecified vulnerability in BIG SAM BIG SAM 1.1.08 bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. | 6.4 |
2002-08-12 | CVE-2002-0658 | Ossp | Privilege Escalation vulnerability in MM Shared Memory Library Temporary File OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. | 6.2 |
2002-08-12 | CVE-2002-0638 | Mandrakesoft HP Redhat | setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | 6.2 |
2002-08-12 | CVE-2002-0529 | HP | Unspecified vulnerability in HP Photosmart Print Driver 1.2.1 HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse. | 6.2 |
2002-08-12 | CVE-2002-0793 | Blackberry | Link Following vulnerability in Blackberry QNX Neutrino Real-Time Operating System 4.25 Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | 5.5 |
2002-08-12 | CVE-2002-0788 | PGP | Incomplete Cleanup vulnerability in PGP Corporate Desktop, Freeware and Personal Security An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. | 5.5 |
2002-08-12 | CVE-2002-0617 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." | 5.1 |
2002-08-12 | CVE-2002-0616 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." | 5.1 |
2002-08-12 | CVE-2002-0530 | Novell | Cross-Site Scripting vulnerability in Novell web Search 2.0.1 Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. | 5.1 |
2002-08-12 | CVE-2002-0521 | ASP Nuke | Cross-Site Scripting vulnerability in ASP-Nuke Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp. | 5.1 |
2002-08-12 | CVE-2002-0481 | Microsoft | Unspecified vulnerability in Microsoft Outlook 2002 An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | 5.1 |
2002-08-12 | CVE-2002-0475 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | 5.1 |
2002-08-12 | CVE-2002-0474 | Zeroforum | Unspecified vulnerability in Zeroforum 1.0 Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag. | 5.1 |
2002-08-12 | CVE-2002-0848 | Cisco | Unspecified vulnerability in Cisco VPN 5000 Concentrator Series Software Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. | 5.0 |
2002-08-12 | CVE-2002-0830 | Freebsd | Denial Of Service vulnerability in Multiple Vendor BSD NFS Zero-Length RPC Message Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | 5.0 |
2002-08-12 | CVE-2002-0810 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | 5.0 |
2002-08-12 | CVE-2002-0803 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | 5.0 |
2002-08-12 | CVE-2002-0800 | Working Resources INC | Unspecified vulnerability in Working Resources Inc. Badblue 1.7.0 BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | 5.0 |
2002-08-12 | CVE-2002-0794 | Freebsd | Denial of Service vulnerability in Freebsd 4.5 The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | 5.0 |
2002-08-12 | CVE-2002-0792 | Cisco | Denial Of Service vulnerability in Cisco Content Service Switch HTTPS Post The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | 5.0 |
2002-08-12 | CVE-2002-0791 | Novell | Denial Of Service vulnerability in Novell Netware 5.1/6.0 Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | 5.0 |
2002-08-12 | CVE-2002-0786 | Critical Path | Unspecified vulnerability in Critical Path Injoin Directory Server 4.0 iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | 5.0 |
2002-08-12 | CVE-2002-0785 | AOL | Unspecified vulnerability in AOL Instant Messenger AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | 5.0 |
2002-08-12 | CVE-2002-0784 | Lysias | Directory Traversal vulnerability in Lysias Lidik Webserver 0.7B Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... | 5.0 |
2002-08-12 | CVE-2002-0782 | Novell | Denial of Service vulnerability in Novell Bordermanager 3.5 Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. | 5.0 |
2002-08-12 | CVE-2002-0781 | Novell | Denial Of Service vulnerability in Novell Bordermanager 3.6 RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | 5.0 |
2002-08-12 | CVE-2002-0780 | Novell | Denial of Service vulnerability in Novell Bordermanager 3.6 IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. | 5.0 |
2002-08-12 | CVE-2002-0779 | Novell | Denial Of Service vulnerability in Novell Bordermanager 3.6 FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. | 5.0 |
2002-08-12 | CVE-2002-0775 | Hosting Controller | Remote Security vulnerability in Hosting Controller browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. | 5.0 |
2002-08-12 | CVE-2002-0770 | ID Software | Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | 5.0 |
2002-08-12 | CVE-2002-0759 | Bzip | Unspecified vulnerability in Bzip Bzip2 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | 5.0 |
2002-08-12 | CVE-2002-0752 | Cgiscript NET | Information Disclosure vulnerability in csMailto CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. | 5.0 |
2002-08-12 | CVE-2002-0750 | Cgiscript NET | Remote Security vulnerability in csMailto CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. | 5.0 |
2002-08-12 | CVE-2002-0748 | National Instruments | Denial of Service vulnerability in National Instruments Labview 5.1.1/6.0/6.1 LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. | 5.0 |
2002-08-12 | CVE-2002-0741 | Psychoid | Denial Of Service vulnerability in Psychoid Psybnc 2.3 psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC. | 5.0 |
2002-08-12 | CVE-2002-0729 | Microsoft | Unspecified vulnerability in Microsoft SQL Server 2000 Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. | 5.0 |
2002-08-12 | CVE-2002-0728 | Greg Roelofs | Unspecified vulnerability in Greg Roelofs Libpng 1.0.14/1.2.4 Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk. | 5.0 |
2002-08-12 | CVE-2002-0659 | Openssl Oracle Apple | Denial Of Service vulnerability in OpenSSL ASN.1 Parsing Error The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | 5.0 |
2002-08-12 | CVE-2002-0650 | Microsoft | Denial of Service vulnerability in Microsoft SQL Server 2000 The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. | 5.0 |
2002-08-12 | CVE-2002-0534 | Postboard | Denial Of Service vulnerability in PostBoard BBCode PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | 5.0 |
2002-08-12 | CVE-2002-0533 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | 5.0 |
2002-08-12 | CVE-2002-0531 | Emumail | Unspecified vulnerability in Emumail Emumail, Emumail RED HAT Linux and Emumail Unix Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. | 5.0 |
2002-08-12 | CVE-2002-0527 | Watchguard | Unspecified vulnerability in Watchguard Soho Firewall 5.0.28/5.0.29/5.0.31 Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. | 5.0 |
2002-08-12 | CVE-2002-0524 | ASP Nuke | Information Disclosure vulnerability in ASP-Nuke Forged Cookie ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. | 5.0 |
2002-08-12 | CVE-2002-0523 | ASP Nuke | Information Disclosure vulnerability in ASP-Nuke Forged Cookie ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | 5.0 |
2002-08-12 | CVE-2002-0518 | Freebsd | Denial Of Service vulnerability in Freebsd 4.5 The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. | 5.0 |
2002-08-12 | CVE-2002-0510 | Linux | Unspecified vulnerability in Linux Kernel The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. | 5.0 |
2002-08-12 | CVE-2002-0509 | Oracle | Denial of Service vulnerability in Oracle 9i TNS Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | 5.0 |
2002-08-12 | CVE-2002-0505 | Cisco | Denial of Service vulnerability in Cisco CallManager CTI Memory Leak Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. | 5.0 |
2002-08-12 | CVE-2002-0503 | Citrix | Unspecified vulnerability in Citrix Nfuse 1.5 Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. | 5.0 |
2002-08-12 | CVE-2002-0502 | Citrix | Unspecified vulnerability in Citrix Nfuse 1.6 Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | 5.0 |
2002-08-12 | CVE-2002-0500 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | 5.0 |
2002-08-12 | CVE-2002-0496 | Southwest | Denial of Service vulnerability in Southwest 1.0.0 The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002. | 5.0 |
2002-08-12 | CVE-2002-0492 | Dcscripts | Remote Security vulnerability in Dcscripts Dcshop 1.002Beta dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter. | 5.0 |
2002-08-12 | CVE-2002-0484 | PHP | Unspecified vulnerability in PHP move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | 5.0 |
2002-08-12 | CVE-2002-0483 | Francisco Burzi | Unspecified vulnerability in Francisco Burzi PHP-Nuke index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. | 5.0 |
2002-08-12 | CVE-2002-0482 | Newlog | Directory Traversal vulnerability in NEWLOG NetSupport Manager 5.5/6.10 Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-08-12 | CVE-2002-0478 | Foundrynet | Unspecified vulnerability in Foundrynet Edgeiron 4802F The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings. | 5.0 |
2002-08-12 | CVE-2002-0476 | Macromedia | Unspecified vulnerability in Macromedia Flash Player 5.0 Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | 5.0 |
2002-08-12 | CVE-2002-0472 | Microsoft | Unspecified vulnerability in Microsoft MSN Messenger 3.6 MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. | 5.0 |
2002-08-12 | CVE-2002-0466 | Hosting Controller | Directory Traversal vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | 5.0 |
2002-08-12 | CVE-2002-0463 | Arsc Really Simple Chat | Path Disclosure vulnerability in ARSC Really Simple Chat 1.0/1.0.1 home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. | 5.0 |
2002-08-12 | CVE-2002-0461 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. | 5.0 |
2002-08-12 | CVE-2002-0460 | Bitvise | Unspecified vulnerability in Bitvise Winsshd 1.1 Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd. | 5.0 |
2002-08-12 | CVE-2002-0456 | Qualcomm | Unspecified vulnerability in Qualcomm Eudora 5.1 Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | 5.0 |
2002-08-12 | CVE-2002-0455 | Incredimail | Unspecified vulnerability in Incredimail Build1400185/Build560/Build618 IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | 5.0 |
2002-08-12 | CVE-2002-0454 | Qualcomm | Remote Denial of Service vulnerability in Qualcomm QPopper Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. | 5.0 |
2002-08-12 | CVE-2002-0425 | Khaled Mardam BEY | Unspecified vulnerability in Khaled Mardam-Bey Mirc 6.0/6.01 mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message. | 5.0 |
2002-08-12 | CVE-2002-0421 | Microsoft | Unspecified vulnerability in Microsoft Windows NT 4.0 IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | 5.0 |
2002-08-12 | CVE-2002-0419 | Microsoft | Information Exposure vulnerability in Microsoft products Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. | 5.0 |
2002-08-12 | CVE-2002-0418 | Endymion | Unspecified vulnerability in Endymion Sake Mail Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-08-12 | CVE-2002-0417 | Endymion | Unspecified vulnerability in Endymion Mailman Webmail Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2002-08-12 | CVE-2002-0849 | Cisco | Information Disclosure vulnerability in iSCSI Insecure Configuration File Permissions Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | 4.6 |
2002-08-12 | CVE-2002-0829 | Freebsd | Unspecified vulnerability in Freebsd Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. | 4.6 |
2002-08-12 | CVE-2002-0805 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | 4.6 |
2002-08-12 | CVE-2002-0512 | Caldera | Unspecified vulnerability in Caldera Openlinux Server and Openlinux Workstation startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. | 4.6 |
2002-08-12 | CVE-2002-0498 | Etnus | Privilege Escalation vulnerability in Etnus Totalview 5.0.04 Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users. | 4.6 |
2002-08-12 | CVE-2002-0487 | Workforceroi | Unspecified vulnerability in Workforceroi Xpede 4.1/7.0 Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. | 4.6 |
2002-08-12 | CVE-2002-0468 | Ecartis Listar | Local Buffer Overflow vulnerability in Ecartis/Listar Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files. | 4.6 |
2002-08-12 | CVE-2002-0424 | Efingerd | Unspecified vulnerability in Efingerd 1.3/1.6.1 efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. | 4.6 |
2002-08-14 | CVE-2002-1453 | Mywebserver | HTML Injection vulnerability in Mywebserver 1.0.2 Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. | 4.3 |
2002-08-12 | CVE-2002-1445 | W3C | Cross-Site Scripting vulnerability in W3C Cern Httpd 3.0 Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. | 4.3 |
15 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-08-12 | CVE-2002-0430 | SUN | Authentication Bypass vulnerability in SUN Cobalt RAQ 2, Cobalt RAQ 3I and Cobalt RAQ 4 MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. | 3.7 |
2002-08-12 | CVE-2002-0429 | Linux | Unspecified vulnerability in Linux Kernel 2.4.18 The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). | 3.6 |
2002-08-15 | CVE-2002-1444 | Microsoft | The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. | 2.6 |
2002-08-12 | CVE-2002-0422 | Microsoft | Information Exposure vulnerability in Microsoft Internet Information Services 5.0 IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | 2.6 |
2002-08-12 | CVE-2002-0831 | Freebsd | Denial Of Service vulnerability in FreeBSD kqueue Kernel Panic The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. | 2.1 |
2002-08-12 | CVE-2002-0806 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | 2.1 |
2002-08-12 | CVE-2002-0798 | HP | Denial Of Service vulnerability in HP-UX SD Data View Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service. | 2.1 |
2002-08-12 | CVE-2002-0795 | Freebsd | Unspecified vulnerability in Freebsd 4.5 The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. | 2.1 |
2002-08-12 | CVE-2002-0790 | IBM | Local Security vulnerability in IBM AIX clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | 2.1 |
2002-08-12 | CVE-2002-0761 | Bzip | Symbolic Link Permissions vulnerability in bzip2 Archive Inherited bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. | 2.1 |
2002-08-12 | CVE-2002-0507 | Microsoft RSA | Improper Authentication vulnerability in multiple products An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | 2.1 |
2002-08-12 | CVE-2002-0499 | Linux | Unspecified vulnerability in Linux Kernel The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories. | 2.1 |
2002-08-12 | CVE-2002-0497 | MTR | Buffer Overflow vulnerability in MTR 0.41 Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. | 2.1 |
2002-08-12 | CVE-2002-0415 | Realnetworks | Directory Traversal vulnerability in Realnetworks Realplayer 6.0 Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. | 1.7 |
2002-08-12 | CVE-2002-0760 | Bzip | Unspecified vulnerability in Bzip Bzip2 Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. | 1.2 |