CVE List - 2002 / January
Showing 1 - 3 of 3 CVEs for January 2002 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-0008 | 2002-01-10 | Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post... |
| CVE-2002-0010 | 2002-01-10 | Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the... |
| CVE-2001-0892 | 2002-02-02 | Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with... |
| CVE-2001-0893 | 2002-02-02 | Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. |
| CVE-2001-0897 | 2002-02-02 | Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror... |
| CVE-2001-0898 | 2002-02-02 | Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a... |
| CVE-2001-0903 | 2002-02-02 | Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by... |
| CVE-2001-0904 | 2002-02-02 | Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites... |
| CVE-2001-0908 | 2002-02-02 | CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public... |
| CVE-2001-0910 | 2002-02-02 | Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to... |
| CVE-2001-0911 | 2002-02-02 | PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. |
| CVE-2001-0913 | 2002-02-02 | Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains... |
| CVE-2001-0915 | 2002-02-02 | Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. |
| CVE-2001-0916 | 2002-02-02 | Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. |
| CVE-2001-0919 | 2002-02-02 | Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. |
| CVE-2001-0922 | 2002-02-02 | ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the... |
| CVE-2001-0923 | 2002-02-02 | RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. |
| CVE-2001-0924 | 2002-02-02 | Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. |
| CVE-2001-0925 | 2002-02-02 | The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many /... |
| CVE-2001-0926 | 2002-02-02 | SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP... |
| CVE-2001-0927 | 2002-02-02 | Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that... |
| CVE-2001-0928 | 2002-02-02 | Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. |
| CVE-2001-0930 | 2002-02-02 | Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters. |
| CVE-2001-0931 | 2002-02-02 | Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. |
| CVE-2001-0932 | 2002-02-02 | Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. |
| CVE-2001-0933 | 2002-02-02 | Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:". |
| CVE-2001-0934 | 2002-02-02 | Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname. |
| CVE-2001-0935 | 2002-02-02 | Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. |
| CVE-2001-0937 | 2002-02-02 | PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. |
| CVE-2001-0938 | 2002-02-02 | Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename... |
| CVE-2001-0941 | 2002-02-02 | Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. |
| CVE-2001-0942 | 2002-02-02 | dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME... |
| CVE-2001-0943 | 2002-02-02 | dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to... |
| CVE-2001-0944 | 2002-02-02 | DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process. |
| CVE-2001-0945 | 2002-02-02 | Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. |
| CVE-2001-0947 | 2002-02-02 | Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces... |
| CVE-2001-0948 | 2002-02-02 | Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in... |
| CVE-2001-0949 | 2002-02-02 | Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters... |
| CVE-2001-0950 | 2002-02-02 | ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates... |
| CVE-2001-0952 | 2002-02-02 | THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. |
| CVE-2001-0953 | 2002-02-02 | Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. |
| CVE-2001-0955 | 2002-02-02 | Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large... |
| CVE-2001-0956 | 2002-02-02 | speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2001-0958 | 2002-02-02 | Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1)... |
| CVE-2001-0964 | 2002-02-02 | Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. |
| CVE-2001-0966 | 2002-02-02 | Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. |
| CVE-2001-0967 | 2002-02-02 | Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force... |
| CVE-2001-0968 | 2002-02-02 | Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. |
| CVE-2001-0970 | 2002-02-02 | Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. |
| CVE-2001-0971 | 2002-02-02 | Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. |
| CVE-2001-0972 | 2002-02-02 | Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID... |
| CVE-2001-0974 | 2002-02-02 | Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| CVE-2001-0975 | 2002-02-02 | Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| CVE-2001-0976 | 2002-02-02 | Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. |
| CVE-2001-0979 | 2002-02-02 | Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. |
| CVE-2001-0983 | 2002-02-02 | UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. |
| CVE-2001-0984 | 2002-02-02 | Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock... |
| CVE-2001-0985 | 2002-02-02 | shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. |
| CVE-2001-0986 | 2002-02-02 | SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling... |
| CVE-2001-0988 | 2002-02-02 | Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. |
| CVE-2001-0989 | 2002-02-02 | Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. |
| CVE-2001-0990 | 2002-02-02 | Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password... |
| CVE-2001-0991 | 2002-02-02 | Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed... |
| CVE-2001-0992 | 2002-02-02 | shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. |
| CVE-2001-0994 | 2002-02-02 | Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents... |
| CVE-2001-0996 | 2002-02-02 | POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email... |
| CVE-2001-0997 | 2002-02-02 | Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. |
| CVE-2001-0999 | 2002-02-02 | Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain... |
| CVE-2001-1000 | 2002-02-02 | rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. |
| CVE-2001-1003 | 2002-02-02 | Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. |
| CVE-2001-1004 | 2002-02-02 | Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. |
| CVE-2001-1005 | 2002-02-02 | Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to... |
| CVE-2001-1006 | 2002-02-02 | Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker... |
| CVE-2001-1007 | 2002-02-02 | Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered,... |
| CVE-2001-1009 | 2002-02-02 | Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as... |
| CVE-2001-1012 | 2002-02-02 | Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. |
| CVE-2001-1013 | 2002-02-02 | Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does... |
| CVE-2001-1014 | 2002-02-02 | eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. |
| CVE-2001-1015 | 2002-02-02 | Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument. |
| CVE-2001-1018 | 2002-02-02 | Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence... |
| CVE-2001-1019 | 2002-02-02 | Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. |
| CVE-2001-1021 | 2002-02-02 | Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO,... |
| CVE-2001-1023 | 2002-02-02 | Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in... |
| CVE-2001-1024 | 2002-02-02 | login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. |
| CVE-2001-1025 | 2002-02-02 | PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including... |
| CVE-2001-1026 | 2002-02-02 | Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash,... |
| CVE-2001-1031 | 2002-02-02 | Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the... |
| CVE-2001-1033 | 2002-02-02 | Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the... |
| CVE-2001-1034 | 2002-02-02 | Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. |
| CVE-2001-1039 | 2002-02-02 | The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to... |
| CVE-2001-1040 | 2002-02-02 | HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. |
| CVE-2001-1041 | 2002-02-02 | oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in... |
| CVE-2001-1042 | 2002-02-02 | Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
| CVE-2001-1044 | 2002-02-02 | Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information... |
| CVE-2001-1045 | 2002-02-02 | Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. |
| CVE-2001-1047 | 2002-02-02 | Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set... |
| CVE-2001-1050 | 2002-02-02 | CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| CVE-2001-1051 | 2002-02-02 | Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| CVE-2001-1052 | 2002-02-02 | Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| CVE-2001-1057 | 2002-02-02 | The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents... |