CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2002(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2417 287 +Priv 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
2 CVE-2002-2407 264 +Priv 2002-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
3 CVE-2002-2382 59 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
4 CVE-2002-2363 264 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
5 CVE-2002-2290 255 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
6 CVE-2002-2265 264 +Priv 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
7 CVE-2002-2221 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
8 CVE-2002-2220 Overflow +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
9 CVE-2002-2218 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value.
10 CVE-2002-2210 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
11 CVE-2002-2180 +Priv 2002-12-31 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
12 CVE-2002-2152 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
13 CVE-2002-2099 Exec Code Overflow +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
14 CVE-2002-2092 +Priv 2002-12-31 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
15 CVE-2002-2054 +Priv 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin.
16 CVE-2002-2046 +Priv 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
17 CVE-2002-2020 +Priv 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
18 CVE-2002-2018 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
19 CVE-2002-1844 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
20 CVE-2002-1833 +Priv 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
21 CVE-2002-1821 +Priv 2002-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
22 CVE-2002-1817 +Priv 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.
23 CVE-2002-1749 +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
24 CVE-2002-1735 Overflow +Priv 2002-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors.
25 CVE-2002-1720 +Priv Sql Bypass 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field.
26 CVE-2002-1659 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
27 CVE-2002-1644 +Priv 2002-11-25 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
28 CVE-2002-1637 +Priv 2002-02-26 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
29 CVE-2002-1629 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
30 CVE-2002-1616 Overflow +Priv 2002-08-01 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
31 CVE-2002-1613 Overflow +Priv 2002-09-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
32 CVE-2002-1612 Overflow +Priv 2002-09-13 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
33 CVE-2002-1611 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
34 CVE-2002-1609 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
35 CVE-2002-1606 Overflow +Priv 2002-08-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm.
36 CVE-2002-1601 +Priv 2002-02-09 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.
37 CVE-2002-1594 Overflow +Priv 2002-01-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
38 CVE-2002-1590 264 DoS +Priv 2002-10-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
39 CVE-2002-1584 +Priv 2002-12-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
40 CVE-2002-1448 +Priv 2002-07-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
41 CVE-2002-1447 Overflow +Priv 2002-05-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
42 CVE-2002-1374 +Priv 2002-12-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
43 CVE-2002-1285 +Priv 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
44 CVE-2002-1279 Overflow +Priv 2002-11-29 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
45 CVE-2002-1272 +Priv 2002-12-11 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
46 CVE-2002-1268 +Priv 2002-12-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
47 CVE-2002-1266 +Priv 2002-12-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
48 CVE-2002-1253 Exec Code +Priv 2002-11-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
49 CVE-2002-1250 Overflow +Priv 2002-11-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
50 CVE-2002-1245 +Priv 2002-11-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
Total number of vulnerabilities : 199   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.