LiveActive security incident?Get immediate response
CVE archive

May 2002

Browse CVE records published in May 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 148 matching CVEs · Page 2 of 3.

Unknown · CVSS Not scored

CVE-2002-0321: Yahoo!

Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0320: Buffer overflow in Yahoo!

Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0307: Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote a...

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0286: The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileg...

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0269: Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is tex...

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0285: Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a...

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

Published May 3, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-0245: Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path...

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

Published May 3, 2002 · Updated Aug 8, 2024