search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2002-09-20 2002-09-11 2003-02-06 VU#603945 Slash-based bulletin boards contain a "quick login" feature that may disclose username and password
2002-09-23 2001-10-22 2003-04-11 VU#147587 Mac OS X utility gm4 contains format string vulnerability
2002-09-24 2002-05-15 2003-09-18 VU#916795 Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities
2002-09-24 2002-04-08 2002-09-24 VU#156123 Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
2002-09-24 2001-10-22 2002-09-24 VU#222739 Handspring VisorPhone vulnerable to DoS via SMS image transfer
2002-09-24 2001-12-29 2002-09-24 VU#245795 Cherokee Web Server fails to drop privileges after daemon starts
2002-09-24 2001-12-25 2002-09-24 VU#282403 AdCycle does not adequately validate user input thereby allowing for SQL injection
2002-09-24 2001-12-19 2002-09-24 VU#283723 Exim does not adequately validate user input thereby allow execution of arbitrary commands
2002-09-24 2001-12-13 2002-09-24 VU#413875 EFTP does not adequately validate user input thereby allowing directory traversal
2002-09-24 2001-12-29 2002-09-24 VU#464827 Cherokee Web Server does not adequately validate user input thereby allowing directory traversal
2002-09-24 2001-12-01 2002-09-24 VU#597795 Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request
2002-09-24 2001-12-29 2002-09-24 VU#711315 Cherokee Web Server does not adequately validate user input thereby allowing remote command execution
2002-09-24 2001-09-13 2002-09-24 VU#711491 Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed
2002-09-24 2001-03-02 2003-11-05 VU#739211 PHP-Nuke does not adequately authenticate users thereby allowing attackers to change user information
2002-09-24 2001-09-24 2002-09-24 VU#933955 PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis