CVE List - 2002 / May
Showing 201 - 222 of 222 CVEs for May 2002 (Page 3 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-0337 | 2002-05-03 | RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. |
| CVE-2002-0338 | 2002-05-03 | The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name. |
| CVE-2002-0340 | 2002-05-03 | Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which... |
| CVE-2002-0341 | 2002-05-03 | GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER... |
| CVE-2002-0342 | 2002-05-03 | Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. |
| CVE-2002-0343 | 2002-05-03 | Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by... |
| CVE-2002-0344 | 2002-05-03 | Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the... |
| CVE-2002-0345 | 2002-05-03 | Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. |
| CVE-2002-0346 | 2002-05-03 | Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. |
| CVE-2002-0347 | 2002-05-03 | Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. |
| CVE-2002-0348 | 2002-05-03 | service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. |
| CVE-2002-0349 | 2002-05-03 | Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access... |
| CVE-2002-0350 | 2002-05-03 | HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the... |
| CVE-2002-0351 | 2002-05-03 | Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code. |
| CVE-2002-0352 | 2002-05-03 | Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. |
| CVE-2002-0353 | 2002-05-03 | The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly,... |
| CVE-2002-0354 | 2002-05-03 | The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects... |
| CVE-2002-0375 | 2002-05-09 | Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. |
| CVE-2002-0189 | 2002-05-17 | Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the... |
| CVE-2002-0360 | 2002-05-21 | Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program. |
| CVE-2002-0388 | 2002-05-31 | Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. |
| CVE-2001-1353 | 2002-06-05 | ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. |
| CVE-2001-1354 | 2002-06-11 | NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use... |
| CVE-2001-1355 | 2002-06-11 | Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to... |
| CVE-2001-1356 | 2002-06-11 | NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against... |
| CVE-2001-1357 | 2002-06-11 | Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. |
| CVE-2001-1358 | 2002-06-11 | Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter. |
| CVE-2001-1360 | 2002-06-11 | Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. |
| CVE-2001-1361 | 2002-06-11 | Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. |
| CVE-2001-1362 | 2002-06-11 | Vulnerability in the server for nPULSE before 0.53p4. |
| CVE-2001-1363 | 2002-06-11 | Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. |
| CVE-2001-1364 | 2002-06-11 | Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified. |
| CVE-2001-1365 | 2002-06-11 | Vulnerability in IntraGnat before 1.4. |
| CVE-2001-1366 | 2002-06-11 | netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information. |
| CVE-2001-1368 | 2002-06-11 | Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data. |
| CVE-2001-1376 | 2002-06-11 | Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. |
| CVE-2001-1377 | 2002-06-11 | Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less... |
| CVE-2002-0031 | 2002-06-11 | Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4)... |
| CVE-2002-0393 | 2002-06-11 | Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. |
| CVE-2002-0405 | 2002-06-11 | Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large... |
| CVE-2002-0407 | 2002-06-11 | htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5,... |
| CVE-2002-0408 | 2002-06-11 | htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates... |
| CVE-2002-0409 | 2002-06-11 | orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. |
| CVE-2002-0410 | 2002-06-11 | send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded. |
| CVE-2002-0411 | 2002-06-11 | Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line. |
| CVE-2002-0413 | 2002-06-11 | Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. |
| CVE-2002-0415 | 2002-06-11 | Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a ..... |
| CVE-2002-0416 | 2002-06-11 | Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port. |
| CVE-2002-0417 | 2002-06-11 | Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various... |
| CVE-2002-0418 | 2002-06-11 | Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in... |
| CVE-2002-0419 | 2002-06-11 | Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2)... |
| CVE-2002-0420 | 2002-06-11 | Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions. |
| CVE-2002-0421 | 2002-06-11 | IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr,... |
| CVE-2002-0422 | 2002-06-11 | IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP... |
| CVE-2002-0426 | 2002-06-11 | VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for... |
| CVE-2002-0427 | 2002-06-11 | Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges. |
| CVE-2002-0428 | 2002-06-11 | Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. |
| CVE-2002-0430 | 2002-06-11 | MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a... |
| CVE-2002-0432 | 2002-06-11 | Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code... |
| CVE-2002-0433 | 2002-06-11 | Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character. |
| CVE-2002-0434 | 2002-06-11 | Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. |
| CVE-2002-0436 | 2002-06-11 | sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter. |
| CVE-2002-0438 | 2002-06-11 | ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes... |
| CVE-2002-0439 | 2002-06-11 | Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script... |
| CVE-2002-0440 | 2002-06-11 | Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set... |
| CVE-2002-0446 | 2002-06-11 | categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks... |
| CVE-2002-0447 | 2002-06-11 | Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. |
| CVE-2002-0448 | 2002-06-11 | Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. |
| CVE-2002-0449 | 2002-06-11 | Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. |
| CVE-2002-0450 | 2002-06-11 | Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. |
| CVE-2002-0452 | 2002-06-11 | Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server... |
| CVE-2002-0453 | 2002-06-11 | The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute... |
| CVE-2002-0455 | 2002-06-11 | IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files... |
| CVE-2002-0456 | 2002-06-11 | Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on... |
| CVE-2002-0457 | 2002-06-11 | Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1)... |
| CVE-2002-0458 | 2002-06-11 | Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. |
| CVE-2002-0459 | 2002-06-11 | Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. |
| CVE-2002-0460 | 2002-06-11 | Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not... |
| CVE-2002-0461 | 2002-06-11 | Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. |
| CVE-2002-0465 | 2002-06-11 | Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the... |
| CVE-2002-0466 | 2002-06-11 | Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4)... |
| CVE-2002-0467 | 2002-06-11 | Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c. |
| CVE-2002-0468 | 2002-06-11 | Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled... |
| CVE-2002-0469 | 2002-06-11 | Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's,... |
| CVE-2002-0470 | 2002-06-11 | PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the... |
| CVE-2002-0471 | 2002-06-11 | PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. |
| CVE-2002-0472 | 2002-06-11 | MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. |
| CVE-2002-0474 | 2002-06-11 | Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag. |
| CVE-2002-0475 | 2002-06-11 | Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a... |
| CVE-2002-0476 | 2002-06-11 | Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. |
| CVE-2002-0477 | 2002-06-11 | Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. |
| CVE-2002-0478 | 2002-06-11 | The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings. |
| CVE-2002-0479 | 2002-06-11 | Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the... |
| CVE-2002-0480 | 2002-06-11 | ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection"... |
| CVE-2002-0481 | 2002-06-11 | An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that... |
| CVE-2002-0482 | 2002-06-11 | Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET... |
| CVE-2002-0483 | 2002-06-11 | index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error... |
| CVE-2002-0485 | 2002-06-11 | Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. |
| CVE-2002-0486 | 2002-06-11 | Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. |
| CVE-2002-0487 | 2002-06-11 | Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading... |