Full List

Search

Recent Vulnerabilities

• CVE-2002-0448 • published on June 11, 2002 Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
• CVE-2002-0460 • published on June 11, 2002 Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
• CVE-2002-0468 • published on June 11, 2002 Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
• CVE-2002-0470 • published on June 11, 2002 PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
• CVE-2002-0472 • published on June 11, 2002 MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
• CVE-2002-0474 • published on June 11, 2002 Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
• CVE-2002-0477 • published on June 11, 2002 Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
• CVE-2002-0479 • published on June 11, 2002 Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
• CVE-2002-0486 • published on June 11, 2002 Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
• CVE-2002-0487 • published on June 11, 2002 Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
• CVE-2002-0491 • published on June 11, 2002 admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
• CVE-2002-0496 • published on June 11, 2002 The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
• CVE-2002-0500 • published on June 11, 2002 Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
• CVE-2002-0502 • published on June 11, 2002 Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
• CVE-2002-0510 • published on June 11, 2002 The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
• CVE-2002-0514 • published on June 11, 2002 PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
• CVE-2002-0515 • published on June 11, 2002 IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
• CVE-2002-0521 • published on June 11, 2002 Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
• CVE-2002-0525 • published on June 11, 2002 Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
• CVE-2002-0405 • published on June 11, 2002 Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.