CVE List - 2002 / May
Showing 101 - 200 of 222 CVEs for May 2002 (Page 2 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-0215 | 2002-05-03 | Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname... |
| CVE-2002-0216 | 2002-05-03 | userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. |
| CVE-2002-0217 | 2002-05-03 | Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a... |
| CVE-2002-0218 | 2002-05-03 | Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers... |
| CVE-2002-0219 | 2002-05-03 | Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line... |
| CVE-2002-0220 | 2002-05-03 | phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. |
| CVE-2002-0221 | 2002-05-03 | Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the... |
| CVE-2002-0222 | 2002-05-03 | Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. |
| CVE-2002-0223 | 2002-05-03 | Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in... |
| CVE-2002-0224 | 2002-05-03 | The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of... |
| CVE-2002-0225 | 2002-05-03 | tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. |
| CVE-2002-0227 | 2002-05-03 | KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. |
| CVE-2002-0228 | 2002-05-03 | Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when... |
| CVE-2002-0229 | 2002-05-03 | Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA... |
| CVE-2002-0230 | 2002-05-03 | Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into... |
| CVE-2002-0231 | 2002-05-03 | Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. |
| CVE-2002-0232 | 2002-05-03 | Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi,... |
| CVE-2002-0233 | 2002-05-03 | Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. |
| CVE-2002-0234 | 2002-05-03 | NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service... |
| CVE-2002-0235 | 2002-05-03 | Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes... |
| CVE-2002-0236 | 2002-05-03 | Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie... |
| CVE-2002-0238 | 2002-05-03 | Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the... |
| CVE-2002-0239 | 2002-05-03 | Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. |
| CVE-2002-0240 | 2002-05-03 | PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP... |
| CVE-2002-0242 | 2002-05-03 | Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. |
| CVE-2002-0243 | 2002-05-03 | Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. |
| CVE-2002-0244 | 2002-05-03 | Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. |
| CVE-2002-0245 | 2002-05-03 | Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl)... |
| CVE-2002-0247 | 2002-05-03 | Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. |
| CVE-2002-0248 | 2002-05-03 | wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. |
| CVE-2002-0249 | 2002-05-03 | PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed... |
| CVE-2002-0252 | 2002-05-03 | Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. |
| CVE-2002-0253 | 2002-05-03 | PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a... |
| CVE-2002-0254 | 2002-05-03 | ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when... |
| CVE-2002-0255 | 2002-05-03 | The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. |
| CVE-2002-0256 | 2002-05-03 | The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number... |
| CVE-2002-0257 | 2002-05-03 | Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4)... |
| CVE-2002-0258 | 2002-05-03 | Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID... |
| CVE-2002-0259 | 2002-05-03 | InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to... |
| CVE-2002-0260 | 2002-05-03 | Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility. |
| CVE-2002-0261 | 2002-05-03 | Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command. |
| CVE-2002-0262 | 2002-05-03 | Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2002-0263 | 2002-05-03 | Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi,... |
| CVE-2002-0264 | 2002-05-03 | PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges. |
| CVE-2002-0266 | 2002-05-03 | Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes... |
| CVE-2002-0268 | 2002-05-03 | Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. |
| CVE-2002-0269 | 2002-05-03 | Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents... |
| CVE-2002-0270 | 2002-05-03 | Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote... |
| CVE-2002-0271 | 2002-05-03 | Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files. |
| CVE-2002-0272 | 2002-05-03 | Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request,... |
| CVE-2002-0273 | 2002-05-03 | Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. |
| CVE-2002-0277 | 2002-05-03 | Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter. |
| CVE-2002-0278 | 2002-05-03 | Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter. |
| CVE-2002-0279 | 2002-05-03 | The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges. |
| CVE-2002-0280 | 2002-05-03 | Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply. |
| CVE-2002-0281 | 2002-05-03 | Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. |
| CVE-2002-0282 | 2002-05-03 | DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2)... |
| CVE-2002-0283 | 2002-05-03 | Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. |
| CVE-2002-0284 | 2002-05-03 | Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing... |
| CVE-2002-0285 | 2002-05-03 | Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow... |
| CVE-2002-0286 | 2002-05-03 | The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for... |
| CVE-2002-0288 | 2002-05-03 | Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request. |
| CVE-2002-0289 | 2002-05-03 | Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request. |
| CVE-2002-0291 | 2002-05-03 | Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. |
| CVE-2002-0293 | 2002-05-03 | FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. |
| CVE-2002-0294 | 2002-05-03 | Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system. |
| CVE-2002-0295 | 2002-05-03 | Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. |
| CVE-2002-0296 | 2002-05-03 | The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. |
| CVE-2002-0297 | 2002-05-03 | Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. |
| CVE-2002-0298 | 2002-05-03 | ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot)... |
| CVE-2002-0301 | 2002-05-03 | Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. |
| CVE-2002-0303 | 2002-05-03 | GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. |
| CVE-2002-0304 | 2002-05-03 | Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request. |
| CVE-2002-0305 | 2002-05-03 | Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's... |
| CVE-2002-0306 | 2002-05-03 | ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter. |
| CVE-2002-0307 | 2002-05-03 | Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the... |
| CVE-2002-0308 | 2002-05-03 | admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. |
| CVE-2002-0310 | 2002-05-03 | Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations... |
| CVE-2002-0311 | 2002-05-03 | Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in... |
| CVE-2002-0312 | 2002-05-03 | Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
| CVE-2002-0314 | 2002-05-03 | fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client... |
| CVE-2002-0315 | 2002-05-03 | fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header. |
| CVE-2002-0316 | 2002-05-03 | Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag. |
| CVE-2002-0317 | 2002-05-03 | Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter. |
| CVE-2002-0319 | 2002-05-03 | Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username. |
| CVE-2002-0320 | 2002-05-03 | Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field. |
| CVE-2002-0321 | 2002-05-03 | Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks. |
| CVE-2002-0322 | 2002-05-03 | Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing. |
| CVE-2002-0323 | 2002-05-03 | comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL. |
| CVE-2002-0324 | 2002-05-03 | Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which... |
| CVE-2002-0325 | 2002-05-03 | Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL. |
| CVE-2002-0326 | 2002-05-03 | Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. |
| CVE-2002-0327 | 2002-05-03 | Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program. |
| CVE-2002-0328 | 2002-05-03 | Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag. |
| CVE-2002-0331 | 2002-05-03 | Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. |
| CVE-2002-0332 | 2002-05-03 | Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse... |
| CVE-2002-0333 | 2002-05-03 | Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using... |
| CVE-2002-0334 | 2002-05-03 | xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file. |
| CVE-2002-0335 | 2002-05-03 | Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request. |
| CVE-2002-0336 | 2002-05-03 | Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a... |