LiveActive security incident?Get immediate response
CVE archive

September 2002

Browse CVE records published in September 2002, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 294 matching CVEs · Page 4 of 6.

Unknown · CVSS Not scored

CVE-2002-1200: Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, do...

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1185: Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it...

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1196: editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" featur...

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1157: Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is...

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1186: Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters...

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1184: The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access...

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1188: Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet F...

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1137: Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0...

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Published Sep 1, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2002-1139: The Compressed Folders feature in Microsoft Windows 98 with Plus!

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

Published Sep 1, 2004 · Updated Aug 8, 2024