CVE

Id
5227  
CVE No.
CVE-2002-0837  
Status
Candidate  
Description
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.  
Phase
Proposed (20030317)  
Votes
ACCEPT(4) Armstrong, Cole, Cox, Green  
Comments
Cox> I believe this to mean "multiple exploit vectors" for the single | vulnerability. The patch to correct this issue was a single line that | would remove any non-alphabetic characters from the "dict" parameter.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
27742 5227 CVE-2002-0837 BUGTRAQ:20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities  View
27743 5227 CVE-2002-0837 URL:http://marc.info/?l=bugtraq&m=103158607631137&w=2  View
27744 5227 CVE-2002-0837 MISC:http://www.guardent.com/comp_news_wordtrans-web.html#  View
27745 5227 CVE-2002-0837 REDHAT:RHSA-2002:188  View
27746 5227 CVE-2002-0837 URL:http://rhn.redhat.com/errata/RHSA-2002-188.html  View
27747 5227 CVE-2002-0837 XF:wordtrans-web-php-xss(10059)  View
27748 5227 CVE-2002-0837 URL:http://www.iss.net/security_center/static/10059.php  View
27749 5227 CVE-2002-0837 XF:wordtrans-web-code-execution(10063)  View
27750 5227 CVE-2002-0837 URL:http://www.iss.net/security_center/static/10063.php  View
27751 5227 CVE-2002-0837 BID:5674  View
27752 5227 CVE-2002-0837 URL:http://www.securityfocus.com/bid/5674  View
27753 5227 CVE-2002-0837 BID:5671  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63888 JVNDB-2002-000215 Red Hat Linux の Wordtrans-web パッケージにおける任意のコードが実行される脆弱性 Red Hat Linux において、Wordtrans-web パッケージには入力パラメータの確認を適切に行わない問題が存在するため、異常なパラメータにより任意のコードを実行される脆弱性が存在します。 CVE-2002-0837 5227 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000215.html  View