CVE-2002-0705
- EPSS 0.97%
- Veröffentlicht 10.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.
CVE-2002-0706
- EPSS 0.47%
- Veröffentlicht 10.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.
- EPSS 1.28%
- Veröffentlicht 10.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.
- EPSS 3.78%
- Veröffentlicht 10.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences.
CVE-2002-0709
- EPSS 0.78%
- Veröffentlicht 10.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.