LiveActive security incident?Get immediate response
CVE archive

May 2002

Browse CVE records published in May 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 148 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2002-2212: The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitra...

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Published May 23, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2002-2213: The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbi...

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Published May 23, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2002-2443: schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly vali...

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Published May 29, 2013 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-2211: BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to con...

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Published May 23, 2006 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1664: Yahoo!

Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.

Published May 28, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1665: Buffer overflow in Yahoo!

Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.

Published May 28, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0340: Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .w...

Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0338: The Bat!

The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0322: Yahoo!

Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0310: Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be d...

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0324: Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a clearte...

Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.

Published May 3, 2002 · Updated Aug 8, 2024