CVE-2002-2170

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request...

CVE-2002-2258

Moby NetSuite allows remote attackers to cause a denial of service crash via an HTTP POST request with a 1 large integer or 2 non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call...

CVE-2002-2081

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...

CVE-2002-1077

IPSwitch IMail Web Calendaring service iwebcal allows remote attackers to cause a denial of service crash via an HTTP POST request without a Content-Length field...

CVE-2002-1084

The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests...

CVE-2002-1087

The scripts 1 createdir.php, 2 removedir.php and 3 uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request...

CVE-2002-1068

The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service hang via a large HTTP POST request...

CVE-2002-1087

The scripts 1 createdir.php, 2 removedir.php and 3 uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request...

CVE-2002-1084

The CVE-2002-1084 entry concerns ezContents 1.41 and earlier, where VerifyLogin does not properly halt program execution after an improper login, enabling remote attackers to modify and view restricted information via HTTP POST requests. Affected component: VerifyLogin function in ezContents (ver...

CVE-2002-1077

IMail Web Calendaring service (iwebcal) in IPSwitch IMail is affected by CVE-2002-1077. A remote attacker can cause a denial of service (crash) by sending an HTTP POST request that lacks a Content-Length header. The description and connected records confirm the affected component and the vulnerab...

CVE-2002-1087

The CVE-2002-1087 entry concerns ezContents 1.41 and earlier, where three scripts (createdir.php, removedir.php, uploadfile.php) fail to perform credential checks. This allows remote attackers to create or delete directories and upload files via a direct HTTP POST request. Documented impact is un...

CVE-2002-1077

IPSwitch IMail Web Calendaring service iwebcal allows remote attackers to cause a denial of service crash via an HTTP POST request without a Content-Length field...

CVE-2002-1068

The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service hang via a large HTTP POST request...

CVE-2002-0769

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to 1 obtain the password from the login screen, or 2 reconfigure the adaptor by modifying...

IPSwitch IMail 6.x/7.0.x - Web Calendaring Incomplete Post Denial of Service

source: https://www.securityfocus.com/bid/5365/info IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. When a HTTP POST command is made to the web calendaring service on port 8484, and the...

CVE-2002-0769

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to 1 obtain the password from the login screen, or 2 reconfigure the adaptor by modifying...

CVE-2002-0769

The CVE-2002-0769 entry concerns Cisco ATA-186 Analog Telephone Adaptor. The vulnerability arises in the web-based configuration interface, where an HTTP POST containing a single byte can bypass authentication. This enables (a) extraction of the login password from the login screen and (b) reconf...

CVE-2002-0717

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed...

Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Issued on: July 22, 2002 Software: PHP versions 4.2.0 and 4.2.1 Platforms: All The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with...

PHP fails to properly parse the headers of HTTP POST requests

Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...