CVE-2002-0xxx

There are 980 CVE in this subgroup.
Last updated: 
← Back to 2002
ID Summary Flags Max Score
CVE-2002-0001 Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows re...
S
CVE-2002-0002 Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, o...
S
CVE-2002-0003 Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privil...
S
CVE-2002-0004 Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a...
E S
CVE-2002-0005 Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote ...
E S
CVE-2002-0006 XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attacker...
S
CVE-2002-0007 CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bi...
S
CVE-2002-0008 Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to pr...
CVE-2002-0009 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other prod...
S
CVE-2002-0010 Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain...
S
CVE-2002-0011 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more eas...
S
CVE-2002-0012 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial o...
S
CVE-2002-0013 Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remot...
S
CVE-2002-0014 URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via...
S
CVE-2002-0017 Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to ex...
S
CVE-2002-0018 In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information ...
CVE-2002-0020 Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute ...
S
CVE-2002-0021 Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attacker...
CVE-2002-0022 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 an...
S
CVE-2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed re...
E S
CVE-2002-0024 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Dispo...
S
CVE-2002-0025 Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, whi...
CVE-2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts v...
CVE-2002-0027 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the...
E S
CVE-2002-0028 Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitr...
S
CVE-2002-0029 Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derive...
S
CVE-2002-0030 The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of exec...
S
CVE-2002-0031 Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbit...
S
CVE-2002-0032 Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other...
S
CVE-2002-0033 Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to ex...
S
CVE-2002-0034 The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply ...
S
CVE-2002-0035 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2002-0036 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers ...
S
CVE-2002-0037 Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author a...
CVE-2002-0038 Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 ...
S
CVE-2002-0039 rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to c...
S
CVE-2002-0040 Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications...
S
CVE-2002-0041 Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when ...
S
CVE-2002-0042 Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial...
S
CVE-2002-0043 sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, ...
S
CVE-2002-0044 GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user ...
CVE-2002-0045 slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduc...
CVE-2002-0046 Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memo...
E S
CVE-2002-0047 CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a s...
S
CVE-2002-0048 Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, ...
S
CVE-2002-0049 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key,...
S
CVE-2002-0050 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers...
CVE-2002-0051 Windows 2000 allows local users to prevent the application of new group policy settings by opening G...
S
CVE-2002-0052 Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security check...
CVE-2002-0053 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windo...
S
CVE-2002-0054 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server ...
S
CVE-2002-0055 SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote att...
S
CVE-2002-0056 Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a l...
CVE-2002-0057 XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zo...
CVE-2002-0058 Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff...
CVE-2002-0059 The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packa...
S
CVE-2002-0060 IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier d...
S
CVE-2002-0061 Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arb...
CVE-2002-0062 Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, all...
S
CVE-2002-0063 Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary c...
S
CVE-2002-0064 Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file sy...
S
CVE-2002-0065 Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local us...
S
CVE-2002-0066 Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication ...
S
CVE-2002-0067 Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified i...
S
CVE-2002-0068 Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and p...
E S
CVE-2002-0069 Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of se...
S
CVE-2002-0070 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote atta...
CVE-2002-0071 Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information...
CVE-2002-0072 The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Serv...
CVE-2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have esta...
CVE-2002-0074 Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS...
CVE-2002-0075 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows rem...
CVE-2002-0076 Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox ...
CVE-2002-0077 Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codeba...
CVE-2002-0078 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers t...
CVE-2002-0079 Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 ...
CVE-2002-0080 rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, whi...
S
CVE-2002-0081 Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime...
S
CVE-2002-0082 The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46...
S
CVE-2002-0083 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malic...
S
CVE-2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local user...
S
CVE-2002-0085 cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via a...
S
CVE-2002-0086 Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root...
S
CVE-2002-0087 bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink ...
CVE-2002-0088 Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via...
S
CVE-2002-0089 Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via...
S
CVE-2002-0090 Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbit...
S
CVE-2002-0091 Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary comman...
CVE-2002-0092 CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to c...
S
CVE-2002-0093 Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary...
S
CVE-2002-0094 config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allow...
S
CVE-2002-0095 The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 en...
E
CVE-2002-0096 The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly dele...
S
CVE-2002-0097 Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by...
S
CVE-2002-0098 Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users t...
E S
CVE-2002-0099 Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of...
CVE-2002-0100 AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protect...
CVE-2002-0101 Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an i...
CVE-2002-0102 Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request ...
S
CVE-2002-0103 An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files wit...
S
CVE-2002-0104 AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, ...
CVE-2002-0105 CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to g...
CVE-2002-0106 BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of...
S
CVE-2002-0107 Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obta...
E S
CVE-2002-0108 Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof me...
CVE-2002-0109 Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote ...
CVE-2002-0110 Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames an...
S
CVE-2002-0111 Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attacker...
CVE-2002-0112 Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL....
S
CVE-2002-0113 EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory wi...
CVE-2002-0114 EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log...
CVE-2002-0115 Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to ...
E S
CVE-2002-0116 Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows re...
CVE-2002-0117 Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allo...
E S
CVE-2002-0118 Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 a...
E S
CVE-2002-0119 Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) vi...
CVE-2002-0120 Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync ...
CVE-2002-0121 PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, whic...
S
CVE-2002-0122 Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an ...
E S
CVE-2002-0123 MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remot...
CVE-2002-0124 MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory tra...
CVE-2002-0125 Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that...
CVE-2002-0126 Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary...
S
CVE-2002-0127 Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1...
CVE-2002-0128 cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service,...
E S
CVE-2002-0129 efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the...
CVE-2002-0130 Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute a...
CVE-2002-0131 ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, doe...
CVE-2002-0132 Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environm...
E
CVE-2002-0133 Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and ...
CVE-2002-0134 Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy ...
CVE-2002-0135 Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) ...
E
CVE-2002-0136 Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (...
CVE-2002-0137 CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $...
CVE-2002-0138 CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command....
CVE-2002-0139 Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP...
S
CVE-2002-0140 Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial...
CVE-2002-0141 Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a s...
S
CVE-2002-0142 CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denia...
CVE-2002-0143 Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arb...
CVE-2002-0144 Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the own...
S
CVE-2002-0145 chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which al...
CVE-2002-0146 fetchmail email client before 5.9.10 does not properly limit the maximum number of messages availabl...
S
CVE-2002-0147 Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, an...
CVE-2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remo...
CVE-2002-0149 Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers ...
CVE-2002-0150 Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to sp...
CVE-2002-0151 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local u...
CVE-2002-0152 Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a d...
CVE-2002-0153 Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke loc...
CVE-2002-0154 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote at...
CVE-2002-0155 Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exc...
CVE-2002-0157 Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on t...
S
CVE-2002-0158 Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a lo...
E S
CVE-2002-0159 Format string vulnerability in the administration function in Cisco Secure Access Control Server (AC...
S
CVE-2002-0160 The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earli...
S
CVE-2002-0162 LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatc...
CVE-2002-0163 Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 d...
CVE-2002-0164 Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows l...
CVE-2002-0165 LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerabil...
CVE-2002-0166 Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascri...
S
CVE-2002-0167 Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow atta...
S
CVE-2002-0168 Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possi...
S
CVE-2002-0169 The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure op...
S
CVE-2002-0170 Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which cou...
S
CVE-2002-0171 IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some c...
S
CVE-2002-0172 /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), ...
S
CVE-2002-0173 Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10...
S
CVE-2002-0174 nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileg...
CVE-2002-0175 libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabiliti...
E S
CVE-2002-0176 The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifier...
E S
CVE-2002-0177 Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via...
S
CVE-2002-0178 uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of...
S
CVE-2002-0179 Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arb...
S
CVE-2002-0180 Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote atta...
CVE-2002-0181 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attack...
S
CVE-2002-0184 Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that ...
S
CVE-2002-0185 mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to th...
CVE-2002-0186 Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers t...
S
CVE-2002-0187 Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an at...
S
CVE-2002-0188 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malfor...
CVE-2002-0189 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scrip...
CVE-2002-0190 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code unde...
CVE-2002-0191 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that c...
S
CVE-2002-0192 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reaso...
R
CVE-2002-0193 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malfor...
CVE-2002-0196 GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within ...
S
CVE-2002-0197 psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending ...
S
CVE-2002-0198 Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and...
S
CVE-2002-0199 Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a ...
CVE-2002-0200 Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTT...
CVE-2002-0201 Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) an...
CVE-2002-0202 PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local us...
S
CVE-2002-0203 ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including ...
S
CVE-2002-0204 Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacit...
S
CVE-2002-0205 Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 ...
S
CVE-2002-0206 index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, all...
CVE-2002-0207 Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbit...
CVE-2002-0208 PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP e...
CVE-2002-0209 Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persisten...
S
CVE-2002-0210 setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arb...
E
CVE-2002-0211 Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a wo...
E S
CVE-2002-0212 The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or ...
S
CVE-2002-0213 xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink at...
S
CVE-2002-0214 Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit W...
CVE-2002-0215 Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathnam...
S
CVE-2002-0216 userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL inje...
CVE-2002-0217 Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow rem...
E
CVE-2002-0218 Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integratio...
S
CVE-2002-0219 Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologi...
S
CVE-2002-0220 phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS me...
CVE-2002-0221 Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a la...
S
CVE-2002-0222 Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the...
S
CVE-2002-0223 Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote atta...
E S
CVE-2002-0224 The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Micros...
CVE-2002-0225 tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the account...
CVE-2002-0226 retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionI...
S
CVE-2002-0227 KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message....
CVE-2002-0228 Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object ...
S
CVE-2002-0229 Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL dat...
CVE-2002-0230 Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execut...
S
CVE-2002-0231 Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the cli...
S
CVE-2002-0232 Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to ...
CVE-2002-0233 Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read...
CVE-2002-0234 NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a syste...
S
CVE-2002-0235 Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, ...
S
CVE-2002-0236 Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allo...
E S
CVE-2002-0237 Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure...
S
CVE-2002-0238 Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gatew...
S
CVE-2002-0239 Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long...
S
CVE-2002-0240 PHP, when installed with Apache and configured to search for index.php as a default web page, allows...
CVE-2002-0241 NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or ...
S
CVE-2002-0242 Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute...
CVE-2002-0243 Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbit...
CVE-2002-0244 Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the ...
E
CVE-2002-0245 Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physica...
S
CVE-2002-0246 Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local ...
E S
CVE-2002-0247 Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges....
S
CVE-2002-0248 wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a config...
S
CVE-2002-0249 PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote atta...
CVE-2002-0250 Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.0...
E S
CVE-2002-0251 Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (cras...
CVE-2002-0252 Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitra...
E S
CVE-2002-0253 PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers...
CVE-2002-0254 ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed pi...
CVE-2002-0255 The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote...
CVE-2002-0256 The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service v...
CVE-2002-0257 Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attack...
S
CVE-2002-0258 Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change acros...
CVE-2002-0259 InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in ...
S
CVE-2002-0260 Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute ar...
S
CVE-2002-0261 Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authe...
S
CVE-2002-0262 Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers t...
CVE-2002-0263 Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary co...
E S
CVE-2002-0264 PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in ...
CVE-2002-0265 Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permission...
E S
CVE-2002-0266 Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a ...
CVE-2002-0267 preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to ...
S
CVE-2002-0268 Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges...
CVE-2002-0269 Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type...
CVE-2002-0270 Opera, when configured with the "Determine action by MIME type" option disabled, interprets an objec...
CVE-2002-0271 Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of...
CVE-2002-0272 Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitr...
CVE-2002-0273 Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arb...
CVE-2002-0274 Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (con...
CVE-2002-0275 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read r...
CVE-2002-0276 Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with a...
CVE-2002-0277 Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell...
S
CVE-2002-0278 Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to...
S
CVE-2002-0279 The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local...
CVE-2002-0280 Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to e...
S
CVE-2002-0281 Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain pri...
CVE-2002-0282 DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1)...
S
CVE-2002-0283 Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption)...
CVE-2002-0284 Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Te...
CVE-2002-0285 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it ...
CVE-2002-0286 The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain p...
CVE-2002-0287 pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers t...
S
CVE-2002-0288 Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrar...
CVE-2002-0289 Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and e...
CVE-2002-0290 Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute a...
S
CVE-2002-0291 Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and poss...
CVE-2002-0292 Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows...
CVE-2002-0293 FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root...
CVE-2002-0294 Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many differen...
CVE-2002-0295 Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to rec...
CVE-2002-0296 The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a sy...
E
CVE-2002-0297 Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of servi...
CVE-2002-0298 ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via cert...
CVE-2002-0299 CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a ...
CVE-2002-0300 gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scri...
S
CVE-2002-0301 Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information b...
CVE-2002-0302 The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used ...
S
CVE-2002-0303 GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, ...
CVE-2002-0304 Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP r...
CVE-2002-0305 Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the defa...
CVE-2002-0306 ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary ...
CVE-2002-0307 Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows r...
CVE-2002-0308 admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via ...
CVE-2002-0309 SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface na...
CVE-2002-0310 Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cann...
CVE-2002-0311 Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attac...
E S
CVE-2002-0312 Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitra...
S
CVE-2002-0313 Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and...
S
CVE-2002-0314 fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attacke...
S
CVE-2002-0315 fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof...
E S
CVE-2002-0316 Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote att...
E S
CVE-2002-0317 Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software ...
S
CVE-2002-0318 FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via ...
CVE-2002-0319 Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attacke...
E S
CVE-2002-0320 Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and pos...
S
CVE-2002-0321 Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and usin...
S
CVE-2002-0322 Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain p...
CVE-2002-0323 comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying t...
CVE-2002-0324 Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a ...
E
CVE-2002-0325 Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary ...
E S
CVE-2002-0326 Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute a...
S
CVE-2002-0327 Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty a...
E
CVE-2002-0328 Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary s...
CVE-2002-0329 Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers t...
E S
CVE-2002-0330 Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows rem...
E S
CVE-2002-0331 Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers ...
E
CVE-2002-0332 Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers t...
S
CVE-2002-0333 Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows r...
E S
CVE-2002-0334 xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a syml...
S
CVE-2002-0335 Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cau...
E
CVE-2002-0336 Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cau...
E
CVE-2002-0337 RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .m...
CVE-2002-0338 The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial ...
E S
CVE-2002-0339 Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previ...
S
CVE-2002-0340 Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and exec...
CVE-2002-0341 GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to deter...
CVE-2002-0342 Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email mes...
E S
CVE-2002-0343 Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the boo...
E
CVE-2002-0344 Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local L...
E S
CVE-2002-0345 Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, ...
E S
CVE-2002-0346 Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary scri...
S
CVE-2002-0347 Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected...
S
CVE-2002-0348 service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execu...
E S
CVE-2002-0349 Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the syste...
S
CVE-2002-0350 HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a den...
CVE-2002-0351 Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attack...
S
CVE-2002-0352 Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users vi...
CVE-2002-0353 The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service ...
CVE-2002-0354 The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to rea...
CVE-2002-0355 netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the syst...
S
CVE-2002-0356 Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local us...
S
CVE-2002-0357 Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allow...
S
CVE-2002-0358 MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program t...
S
CVE-2002-0359 xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call da...
S
CVE-2002-0360 Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary co...
CVE-2002-0362 Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbi...
E
CVE-2002-0363 ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsaf...
S
CVE-2002-0364 Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to ex...
CVE-2002-0366 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing a...
S
CVE-2002-0367 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs ...
KEV E S
CVE-2002-0368 The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (C...
S
CVE-2002-0369 Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (rest...
CVE-2002-0370 Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denia...
S
CVE-2002-0371 Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, ...
CVE-2002-0372 Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote att...
CVE-2002-0373 The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 200...
CVE-2002-0374 Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version ...
CVE-2002-0375 Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute a...
E
CVE-2002-0376 Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrar...
E S
CVE-2002-0377 Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp direct...
CVE-2002-0378 The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and ...
S
CVE-2002-0379 Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and im...
CVE-2002-0380 Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service an...
CVE-2002-0381 The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connec...
E S
CVE-2002-0382 XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host ...
CVE-2002-0384 Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arb...
S
CVE-2002-0385 Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a requ...
E S
CVE-2002-0386 The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows rem...
E S
CVE-2002-0387 Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server ...
S
CVE-2002-0388 Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute scri...
S
CVE-2002-0389 Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable d...
CVE-2002-0390 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate...
R
CVE-2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or...
E S
CVE-2002-0392 Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial ...
S
CVE-2002-0393 Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attack...
E S
CVE-2002-0394 Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attac...
E S
CVE-2002-0395 The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for ...
E S
CVE-2002-0396 The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credent...
E S
CVE-2002-0397 Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP pa...
E S
CVE-2002-0398 Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and ...
E S
CVE-2002-0399 Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, a...
CVE-2002-0400 ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malfor...
S
CVE-2002-0401 SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (cr...
S
CVE-2002-0402 Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a de...
S
CVE-2002-0403 DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU con...
S
CVE-2002-0404 Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial o...
S
CVE-2002-0405 Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a den...
CVE-2002-0406 Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establ...
E
CVE-2002-0407 htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the phys...
E S
CVE-2002-0408 htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, a...
E S
CVE-2002-0409 orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated o...
CVE-2002-0410 send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the serv...
E S
CVE-2002-0411 Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers t...
E S
CVE-2002-0412 Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to ex...
S
CVE-2002-0413 Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript a...
E
CVE-2002-0414 KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, doe...
S
CVE-2002-0415 Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other ver...
CVE-2002-0416 Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of ser...
S
CVE-2002-0417 Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arb...
E S
CVE-2002-0418 Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endy...
E
CVE-2002-0419 Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive inform...
E
CVE-2002-0420 Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remot...
S
CVE-2002-0421 IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by dire...
S
CVE-2002-0422 IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address...
CVE-2002-0423 Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cau...
S
CVE-2002-0424 efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the ef...
S
CVE-2002-0425 mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC...
CVE-2002-0426 VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key le...
S
CVE-2002-0427 Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges...
S
CVE-2002-0428 Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authenticatio...
E S
CVE-2002-0429 The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems al...
CVE-2002-0430 MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to ...
E
CVE-2002-0431 XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the...
E
CVE-2002-0432 Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows rem...
S
CVE-2002-0433 Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (...
CVE-2002-0434 Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via she...
CVE-2002-0435 Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities ...
S
CVE-2002-0436 sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitra...
CVE-2002-0437 Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary comman...
S
CVE-2002-0438 ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet w...
E S
CVE-2002-0439 Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows...
S
CVE-2002-0440 Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" o...
S
CVE-2002-0441 Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbi...
S
CVE-2002-0442 Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root...
S
CVE-2002-0443 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords ...
E
CVE-2002-0444 Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions...
CVE-2002-0445 article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the s...
CVE-2002-0446 categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the...
E S
CVE-2002-0447 Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers...
E S
CVE-2002-0448 Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash)...
E S
CVE-2002-0449 Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execut...
S
CVE-2002-0450 Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code...
S
CVE-2002-0451 filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP cod...
E S
CVE-2002-0452 Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could m...
E S
CVE-2002-0453 The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the s...
E S
CVE-2002-0454 Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of se...
CVE-2002-0455 IncrediMail stores attachments in a directory with a fixed name, which could make it easier for atta...
E
CVE-2002-0456 Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could mak...
CVE-2002-0457 Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to ...
S
CVE-2002-0458 Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute ...
S
CVE-2002-0459 Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute...
S
CVE-2002-0460 Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exh...
E S
CVE-2002-0461 Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application c...
E S
CVE-2002-0462 bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows r...
E S
CVE-2002-0463 home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the ful...
S
CVE-2002-0464 Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to...
CVE-2002-0465 Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows...
E
CVE-2002-0466 Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a f...
E
CVE-2002-0467 Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers...
S
CVE-2002-0468 Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local use...
CVE-2002-0469 Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges w...
E
CVE-2002-0470 PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, whic...
CVE-2002-0471 PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the...
E
CVE-2002-0472 MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging mes...
CVE-2002-0473 db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code ...
S
CVE-2002-0474 Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascr...
CVE-2002-0475 Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arb...
CVE-2002-0476 Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs ...
S
CVE-2002-0477 Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary ...
S
CVE-2002-0478 The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensi...
E S
CVE-2002-0479 Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, wh...
E S
CVE-2002-0480 ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skan...
CVE-2002-0481 An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass...
S
CVE-2002-0482 Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web exten...
S
CVE-2002-0483 index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of...
E
CVE-2002-0484 move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could...
CVE-2002-0485 Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Co...
CVE-2002-0486 Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which coul...
E
CVE-2002-0487 Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authenticati...
E
CVE-2002-0488 Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary co...
S
CVE-2002-0489 Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arb...
CVE-2002-0490 Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers...
S
CVE-2002-0491 admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the ...
E
CVE-2002-0492 dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null c...
CVE-2002-0493 Apache Tomcat may be started without proper security settings if errors are encountered while readin...
CVE-2002-0494 Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execu...
S
CVE-2002-0495 csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via ...
E S
CVE-2002-0496 The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of servi...
E
CVE-2002-0497 Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a ...
E S
CVE-2002-0498 Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local use...
S
CVE-2002-0499 The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathn...
E
CVE-2002-0500 Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the...
E S
CVE-2002-0501 Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allo...
S
CVE-2002-0502 Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing...
CVE-2002-0503 Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticate...
S
CVE-2002-0504 Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the g...
E
CVE-2002-0505 Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3...
S
CVE-2002-0506 Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attacker...
CVE-2002-0507 An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to byp...
CVE-2002-0508 wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via th...
S
CVE-2002-0509 Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a...
CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fra...
CVE-2002-0511 The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 use...
S
CVE-2002-0512 startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variabl...
S
CVE-2002-0513 The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authenticat...
S
CVE-2002-0514 PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remot...
E
CVE-2002-0515 IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not b...
E
CVE-2002-0516 SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands...
E S
CVE-2002-0517 Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly oth...
S
CVE-2002-0518 The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remo...
S
CVE-2002-0520 Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to ...
S
CVE-2002-0521 Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute s...
S
CVE-2002-0522 ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by mod...
S
CVE-2002-0523 ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invali...
S
CVE-2002-0524 ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1)...
S
CVE-2002-0525 Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users ...
E S
CVE-2002-0526 Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls....
E
CVE-2002-0527 Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash a...
S
CVE-2002-0528 Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized servic...
E S
CVE-2002-0529 HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_im...
CVE-2002-0530 Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arb...
CVE-2002-0531 Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attack...
S
CVE-2002-0532 EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host hea...
CVE-2002-0533 phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consum...
S
CVE-2002-0534 PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU co...
E S
CVE-2002-0535 Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execu...
E S
CVE-2002-0536 PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows rem...
E S
CVE-2002-0537 The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, whic...
E S
CVE-2002-0538 FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" r...
S
CVE-2002-0539 Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection...
E S
CVE-2002-0540 Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers...
E S
CVE-2002-0541 Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) ...
S
CVE-2002-0542 mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not ...
E S
CVE-2002-0543 Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remot...
E S
CVE-2002-0544 Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plain...
CVE-2002-0545 Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service ...
S
CVE-2002-0546 Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attack...
E
CVE-2002-0547 Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a d...
S
CVE-2002-0548 Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing ...
CVE-2002-0549 Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other An...
CVE-2002-0550 Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in ...
CVE-2002-0551 Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code ...
CVE-2002-0552 Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a den...
E S
CVE-2002-0553 Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain admini...
E S
CVE-2002-0554 webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or...
E
CVE-2002-0555 IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which co...
CVE-2002-0556 Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbi...
E
CVE-2002-0557 Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexe...
S
CVE-2002-0558 Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authentic...
S
CVE-2002-0559 Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote att...
S
CVE-2002-0560 PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain se...
S
CVE-2002-0561 The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Applicatio...
S
CVE-2002-0562 The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP store...
S
CVE-2002-0563 The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to a...
S
CVE-2002-0564 PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass au...
S
CVE-2002-0565 Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under...
S
CVE-2002-0566 PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a d...
S
CVE-2002-0567 Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to by...
S
CVE-2002-0568 Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local...
S
CVE-2002-0569 Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration...
S
CVE-2002-0570 The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that i...
CVE-2002-0571 Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query...
E S
CVE-2002-0572 FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write...
E S
CVE-2002-0573 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remot...
E S
CVE-2002-0574 Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory ...
S
CVE-2002-0575 Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and Kerbero...
E S
CVE-2002-0576 ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute path...
S
CVE-2002-0577 Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file an...
S
CVE-2002-0578 Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possi...
S
CVE-2002-0579 WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a di...
S
CVE-2002-0580 WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to data...
S
CVE-2002-0581 WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, o...
S
CVE-2002-0582 WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /rep...
S
CVE-2002-0583 WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expen...
S
CVE-2002-0584 WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID param...
S
CVE-2002-0585 Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to caus...
S
CVE-2002-0586 Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon libra...
S
CVE-2002-0587 Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd....
S
CVE-2002-0588 PVote before 1.9 does not authenticate users for restricted operations, which allows remote attacker...
E S
CVE-2002-0589 PVote before 1.9 allows remote attackers to change the administrative password and gain privileges b...
E S
CVE-2002-0590 Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arb...
E S
CVE-2002-0591 Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote ...
E S
CVE-2002-0592 AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to oth...
S
CVE-2002-0593 Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a den...
E S
CVE-2002-0594 Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of fil...
E S
CVE-2002-0595 Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote at...
E S
CVE-2002-0596 WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server...
S
CVE-2002-0597 LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/m...
E S
CVE-2002-0598 Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote atta...
S
CVE-2002-0599 Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration ...
E S
CVE-2002-0600 Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute ar...
CVE-2002-0601 ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (...
S
CVE-2002-0602 Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash)...
CVE-2002-0603 Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via...
S
CVE-2002-0604 Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash)...
S
CVE-2002-0605 Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers t...
S
CVE-2002-0606 Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (cra...
E
CVE-2002-0607 members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbit...
E S
CVE-2002-0608 Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a lo...
E
CVE-2002-0609 Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system fai...
S
CVE-2002-0610 Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP command...
S
CVE-2002-0611 Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files vi...
E S
CVE-2002-0612 FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (...
E S
CVE-2002-0613 dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication an...
E S
CVE-2002-0614 PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote a...
S
CVE-2002-0615 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well...
CVE-2002-0616 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to exe...
CVE-2002-0617 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to exe...
CVE-2002-0618 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to exe...
CVE-2002-0619 The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system...
CVE-2002-0620 Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to ...
CVE-2002-0621 Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Serv...
CVE-2002-0622 The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote a...
CVE-2002-0623 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote ...
CVE-2002-0624 Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsof...
CVE-2002-0626 Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which al...
S
CVE-2002-0627 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication...
S
CVE-2002-0628 The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login...
S
CVE-2002-0629 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of...
S
CVE-2002-0630 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of...
S
CVE-2002-0631 Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users...
S
CVE-2002-0632 Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary...
CVE-2002-0633 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2002-0634 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2002-0635 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2002-0637 InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail me...
S
CVE-2002-0638 setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operat...
S
CVE-2002-0639 Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary c...
E
CVE-2002-0640 Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary...
CVE-2002-0641 Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Serve...
CVE-2002-0642 The registry key containing the SQL Server service account information in Microsoft SQL Server 2000,...
CVE-2002-0643 The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setu...
CVE-2002-0644 Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and M...
CVE-2002-0645 SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop...
CVE-2002-0646 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0371. Reason: This candida...
R
CVE-2002-0647 Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft In...
CVE-2002-0648 The legacy