Full List

Search

Recent Vulnerabilities

• CVE-2002-0315 • published on May 3, 2002 fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.
• CVE-2002-0322 • published on May 3, 2002 Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
• CVE-2002-0327 • published on May 3, 2002 Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.
• CVE-2002-0270 • published on May 3, 2002 Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
• CVE-2002-0271 • published on May 3, 2002 Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
• CVE-2002-0272 • published on May 3, 2002 Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.
• CVE-2002-0273 • published on May 3, 2002 Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.
• CVE-2002-0285 • published on May 3, 2002 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
• CVE-2002-0289 • published on May 3, 2002 Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
• CVE-2002-0293 • published on May 3, 2002 FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
• CVE-2002-0295 • published on May 3, 2002 Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
• CVE-2002-0304 • published on May 3, 2002 Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
• CVE-2002-0308 • published on May 3, 2002 admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
• CVE-2002-0314 • published on May 3, 2002 fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
• CVE-2002-0316 • published on May 3, 2002 Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
• CVE-2002-0317 • published on May 3, 2002 Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.
• CVE-2002-0319 • published on May 3, 2002 Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
• CVE-2002-0321 • published on May 3, 2002 Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
• CVE-2002-0324 • published on May 3, 2002 Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
• CVE-2002-0266 • published on May 3, 2002 Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.