CVE-2002-2268

Public exploit
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
Max CVSS
9.4
EPSS Score
88.65%
Published
2002-12-31
Updated
2017-07-29

CVE-2002-2226

Public exploit
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
Max CVSS
7.5
EPSS Score
38.31%
Published
2002-12-31
Updated
2017-07-29

CVE-2002-1864

Public exploit
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
Max CVSS
5.0
EPSS Score
44.37%
Published
2002-12-31
Updated
2008-09-05

CVE-2002-1643

Public exploit
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
Max CVSS
7.5
EPSS Score
94.55%
Published
2002-12-19
Updated
2017-12-23

CVE-2002-1359

Public exploit
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Max CVSS
10.0
EPSS Score
97.18%
Published
2002-12-23
Updated
2017-10-11

CVE-2002-1318

Public exploit
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
Max CVSS
10.0
EPSS Score
14.54%
Published
2002-12-11
Updated
2018-05-03

CVE-2002-1214

Public exploit
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Max CVSS
7.5
EPSS Score
96.77%
Published
2002-10-28
Updated
2019-04-30

CVE-2002-1142

Public exploit
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
Max CVSS
7.5
EPSS Score
88.31%
Published
2002-11-29
Updated
2021-07-23

CVE-2002-1123

Public exploit
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
Max CVSS
7.5
EPSS Score
96.18%
Published
2002-09-24
Updated
2018-10-12

CVE-2002-1120

Public exploit
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
20.43%
Published
2002-09-24
Updated
2017-10-05

CVE-2002-1059

Public exploit
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
Max CVSS
7.5
EPSS Score
10.71%
Published
2002-10-04
Updated
2016-10-18

CVE-2002-0965

Public exploit
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
Max CVSS
7.5
EPSS Score
95.01%
Published
2002-10-04
Updated
2008-09-05

CVE-2002-0649

Public exploit
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
Max CVSS
7.5
EPSS Score
96.32%
Published
2002-08-12
Updated
2018-10-19

CVE-2002-0422

Public exploit
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
Max CVSS
2.6
EPSS Score
1.55%
Published
2002-08-12
Updated
2020-11-23

CVE-2002-0392

Public exploit
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
Max CVSS
7.5
EPSS Score
75.28%
Published
2002-07-03
Updated
2021-07-15

CVE-2000-1209

Public exploit
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Max CVSS
10.0
EPSS Score
95.73%
Published
2002-08-12
Updated
2018-08-13
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!