This and other SNMP-related candidates will be updated when more accurate information is available.ĬVE-2002-0013 n/a Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor.
CVE-2002-0001 n/a Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.ĬVE-2002-0002 n/a Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.ĬVE-2002-0003 n/a Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.ĬVE-2002-0004 n/a Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.ĬVE-2002-0005 n/a Buffer overflow in AOL Instant Messenger (AIM), , and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).ĬVE-2002-0006 n/a XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.ĬVE-2002-0007 n/a CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.ĬVE-2002-0008 n/a Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.ĬVE-2002-0009 n/a show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.ĬVE-2002-0010 n/a Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.ĬVE-2002-0011 n/a Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.ĬVE-2002-0012 n/a Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite.