LiveActive security incident?Get immediate response
CVE archive

March 2002

Browse CVE records published in March 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 210 matching CVEs · Page 1 of 5.

Unknown · CVSS Not scored

CVE-2002-1654: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Published Mar 28, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1633: Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line...

Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip.

Published Mar 26, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1623: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authen...

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

Published Mar 26, 2005 · Updated Aug 8, 2024