CVE-2002-0667

This is an entry in the Common Vulnerability Index under number CVE-2002-0667. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0667

Description: Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.

Continue Reading …

CVE-2002-0374

This is an entry in the Common Vulnerability Index under number CVE-2002-0374. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0374

Description: Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Continue Reading …

CVE-2002-0045

This is an entry in the Common Vulnerability Index under number CVE-2002-0045. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0045

Description: slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a “replace” action on access controls without any values,

Continue Reading …

CVE-2002-1467

This is an entry in the Common Vulnerability Index under number CVE-2002-1467. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-1467

Description: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a “file://”

Continue Reading …

CVE-2002-1288

This is an entry in the Common Vulnerability Index under number CVE-2002-1288. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-1288

Description: The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.

Continue Reading …

CVE-2002-0437

This is an entry in the Common Vulnerability Index under number CVE-2002-0437. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0437

Description: Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term “string format vulnerability”

Continue Reading …

CVE-2002-1767

This is an entry in the Common Vulnerability Index under number CVE-2002-1767. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-1767

Description: Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.

Continue Reading …

CVE-2002-0520

This is an entry in the Common Vulnerability Index under number CVE-2002-0520. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0520

Description: Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.

Continue Reading …

CVE-2002-0743

This is an entry in the Common Vulnerability Index under number CVE-2002-0743. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2002-0743

Description: mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …