CVE Daily
← All years

Uncategorized 2002

Page 6/16.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2002-12-31
Critical

CVE-2002-1854

Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1855

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a requ…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1857

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1856

HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1858

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files an…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2002-1571

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1859

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a reque…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1860

Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WE…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1861

Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, v…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1862

SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1863

Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to…

CVSS: 4.6CWE: N/A
Read more
2002-12-27
Critical

CVE-2002-1584

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CVSS: 10.0CWE: N/A
Read more
2002-12-26
High

CVE-2002-1368

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1385

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for op…

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2002-1383

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-co…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2002-1371

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modifie…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1369

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitra…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2002-1327

Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1367

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activi…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1366

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

CVSS: 6.2CWE: N/A
Read more
High

CVE-2002-1363

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1177

Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Albu…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1176

Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.

CVSS: 7.5CWE: N/A
Read more
2002-12-24
Medium

CVE-2002-1351

Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretDa…

CVSS: 5.0CWE: N/A
Read more
2002-12-23
High

CVE-2002-1382

Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-200…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1381

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2002-1362

mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2002-1380

Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interf…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to ed…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2002-1376

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows r…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL t…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative int…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1364

Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2002-1258

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet w…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2002-1361

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the ema…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1355

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1350

The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1345

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1325

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Expo…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1296

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause p…

CVSS: 7.2CWE: N/A
Read more
High

CVE-2002-1260

The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java a…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1257

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a w…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1256

The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1356

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possi…

CVSS: 7.5CWE: N/A
Read more
2002-12-19
High

CVE-2002-1643

Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIB…

CVSS: 7.5CWE: N/A
Read more
2002-12-18
Medium

CVE-2002-1341

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameter…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2002-1354

Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1349

Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) seque…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1342

Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1340

The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1338

The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1262

Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1255

Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1159

Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

CVSS: 6.4CWE: N/A
Read more
High

CVE-2002-1158

Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2002-1339

The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions,…

CVSS: 5.0CWE: N/A
Read more
2002-12-11
Critical

CVE-2002-1272

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2002-1321

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a lo…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decrypt…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2002-1319

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFL…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1320

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1335

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2002-1322

Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not r…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1334

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1269

Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.

CVSS: 4.6CWE: N/A
Read more
Low

CVE-2002-1270

Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2002-1183

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Fla…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1268

Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1267

Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1266

Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."

CVSS: 4.6CWE: N/A
Read more
High

CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached m…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1188

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag,…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2002-1187

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> elemen…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2002-1186

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-ba…

CVSS: 5.0CWE: N/A
Read more
2002-12-04
Low

CVE-2002-1587

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for…

CVSS: 2.1CWE: N/A
Read more
2002-12-03
Low

CVE-2002-1586

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

CVSS: 2.1CWE: N/A
Read more
2002-11-29
Medium

CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2)…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1292

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.Standard…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1293

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the s…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1307

Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2002-1294

The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTM…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1306

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1315

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2002-1308

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompressio…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1309

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1310

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a lon…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2002-1313

nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail t…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1288

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows rem…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2002-1588

Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1311

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1247

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2002-1286

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the dom…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-0029

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DN…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1204

Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail passwo…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment w…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1219

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG re…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record wit…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1221

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1142

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to e…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1276

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2002-1283

Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1279

Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2002-1284

The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2002-1285

runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2002-1282

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1281

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain…

CVSS: 7.5CWE: N/A
Read more
2002-11-25
High

CVE-2002-1644

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the par…

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2002-1645

Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.

CVSS: 10.0CWE: N/A
Read more
2002-11-20
Medium

CVE-2002-1312

Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remo…

CVSS: 5.0CWE: N/A
Read more
>