Full List

Search

Recent Vulnerabilities

• CVE-2002-0082 • published on June 25, 2002 The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
• CVE-2002-0092 • published on June 25, 2002 CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
• CVE-2002-0097 • published on June 25, 2002 Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
• CVE-2002-0115 • published on June 25, 2002 Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
• CVE-2002-0070 • published on June 25, 2002 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
• CVE-2002-0080 • published on June 25, 2002 rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
• CVE-2002-0096 • published on June 25, 2002 The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
• CVE-2002-0117 • published on June 25, 2002 Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
• CVE-2002-0078 • published on June 25, 2002 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
• CVE-2002-0098 • published on June 25, 2002 Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
• CVE-2002-0111 • published on June 25, 2002 Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.
• CVE-2002-0143 • published on June 25, 2002 Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
• CVE-2002-0151 • published on June 25, 2002 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
• CVE-2002-0153 • published on June 25, 2002 Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
• CVE-2002-0176 • published on June 25, 2002 The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
• CVE-2002-0196 • published on June 25, 2002 GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
• CVE-2002-0166 • published on June 25, 2002 Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
• CVE-2002-0168 • published on June 25, 2002 Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
• CVE-2002-0139 • published on June 25, 2002 Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
• CVE-2002-0159 • published on June 25, 2002 Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.