High
CVE-2002-1245
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable…
Read moreUncategorized 2002
Page 7/16.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2002-11-12
High
CVE-2002-1278
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a…
Read moreHigh
CVE-2002-1277
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and…
Read moreHigh
CVE-2002-1275
Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input."
Read moreHigh
CVE-2002-1271
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the ma…
Read moreMedium
CVE-2002-1265
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (ha…
Read moreHigh
CVE-2002-1264
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
Read moreHigh
CVE-2002-1253
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute…
Read moreCritical
CVE-2002-1251
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
Read moreHigh
CVE-2002-1250
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
Read moreMedium
CVE-2002-1248
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
Read moreMedium
CVE-2002-1184
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application l…
Read moreHigh
CVE-2002-1244
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in t…
Read moreMedium
CVE-2002-1182
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
Read moreMedium
CVE-2002-0711
Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.
Read moreHigh
CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process ap…
Read moreHigh
CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
Read moreMedium
CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as ot…
Read moreHigh
CVE-2002-1180
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upl…
Read moreHigh
CVE-2002-1211
Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.…
Read moreMedium
CVE-2002-1236
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi w…
Read moreHigh
CVE-2002-1238
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http:/…
Read moreHigh
CVE-2002-1239
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH t…
Read more2002-11-08
Medium
CVE-2002-1585
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop respondi…
Read more2002-11-04
Medium
CVE-2002-1209
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
Read moreCritical
CVE-2002-1235
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1,…
Read moreLow
CVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or mo…
Read moreMedium
CVE-2002-1232
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests f…
Read moreLow
CVE-2002-1231
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
Read moreMedium
CVE-2002-1230
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDA…
Read moreMedium
CVE-2002-0666
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via s…
Read moreMedium
CVE-2002-1169
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version nu…
Read moreMedium
CVE-2002-1167
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
Read moreHigh
CVE-2002-1157
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web sit…
Read moreMedium
CVE-2002-0386
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (d…
Read moreMedium
CVE-2002-1168
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that…
Read more2002-10-29
High
CVE-2002-1590
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with wor…
Read more2002-10-28
High
CVE-2002-1217
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauth…
Read moreMedium
CVE-2002-1212
Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
Read moreMedium
CVE-2002-1213
Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".…
Read moreHigh
CVE-2002-1214
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with…
Read moreCritical
CVE-2002-1215
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 69…
Read moreMedium
CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security che…
Read moreCritical
CVE-2002-1225
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
Read moreHigh
CVE-2002-1223
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScri…
Read moreMedium
CVE-2002-1224
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
Read moreHigh
CVE-2002-1202
Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.
Read moreCritical
CVE-2002-1226
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffe…
Read moreHigh
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
Read moreMedium
CVE-2002-1228
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
Read moreHigh
CVE-2002-1229
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
Read moreMedium
CVE-2002-1203
IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaust…
Read moreHigh
CVE-2002-1198
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
Read moreMedium
CVE-2002-1201
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing t…
Read moreMedium
CVE-2002-1199
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map a…
Read moreHigh
CVE-2002-0836
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involvin…
Read moreMedium
CVE-2002-0990
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of…
Read moreMedium
CVE-2002-1118
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
Read moreCritical
CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLI…
Read moreHigh
CVE-2002-1179
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, wh…
Read moreHigh
CVE-2002-1190
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
Read moreMedium
CVE-2002-1191
The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001.
Read moreMedium
CVE-2002-1192
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game sa…
Read moreLow
CVE-2002-1193
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
Read moreHigh
CVE-2002-1194
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
Read moreMedium
CVE-2002-1195
Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.
Read moreHigh
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values f…
Read moreHigh
CVE-2002-1197
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
Read more2002-10-24
Low
CVE-2002-1589
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
Read more2002-10-22
Medium
CVE-2001-1451
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory c…
Read more2002-10-16
High
CVE-2002-1618
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
Read more2002-10-11
High
CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of serv…
Read moreMedium
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servl…
Read moreMedium
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows…
Read moreMedium
CVE-2002-1189
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international cal…
Read moreMedium
CVE-2002-1178
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request t…
Read moreMedium
CVE-2002-1170
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a…
Read moreHigh
CVE-2002-1166
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.
Read moreMedium
CVE-2002-1165
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by i…
Read moreMedium
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
Read moreMedium
CVE-2002-1154
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the comm…
Read moreMedium
CVE-2002-1153
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
Read moreHigh
CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote…
Read moreHigh
CVE-2002-1151
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execut…
Read moreMedium
CVE-2002-1150
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering ce…
Read moreMedium
CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and…
Read moreHigh
CVE-2002-1147
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, w…
Read moreHigh
CVE-2002-1137
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 20…
Read moreHigh
CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly exec…
Read moreMedium
CVE-2002-0863
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine t…
Read moreMedium
CVE-2002-0864
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet tha…
Read moreHigh
CVE-2002-0865
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remot…
Read moreMedium
CVE-2002-0867
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Hand…
Read moreHigh
CVE-2002-0866
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet tha…
Read moreHigh
CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the…
Read moreMedium
CVE-2002-1139
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows a…
Read moreMedium
CVE-2002-1140
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malfo…
Read moreMedium
CVE-2002-1141
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of ser…
Read moreMedium
CVE-2002-1146
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a D…
Read more2002-10-10
High
CVE-2002-0706
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password us…
Read moreMedium
CVE-2002-0838
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arb…
Read moreHigh
CVE-2002-0709
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and pos…
Read moreMedium
CVE-2002-0708
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequen…
Read moreMedium
CVE-2002-0707
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.
Read moreHigh
CVE-2002-0705
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames a…
Read moreHigh
CVE-2002-0693
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allo…
Read moreHigh
CVE-2002-0692
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitr…
Read moreMedium
CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./..…
Read moreHigh
CVE-2002-0694
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when…
Read moreHigh
CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, includ…
Read more2002-10-04
Medium
CVE-2002-1039
Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Atta…
Read moreHigh
CVE-2002-1047
The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name.
Read moreHigh
CVE-2002-1050
Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
Read moreMedium
CVE-2002-1049
Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.
Read moreHigh
CVE-2002-1048
HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.
Read moreMedium
CVE-2002-1045
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.
Read moreMedium
CVE-2002-1046
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to…
Read moreMedium
CVE-2002-1052
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the ser…
Read moreHigh
CVE-2002-1044
Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field.
Read moreMedium
CVE-2002-1043
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t").
Read more