CVE-2002-1530

SurfControl SuperScout Email Filter - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1530. PoCs published by ken@FTU.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in SurfControl SuperScout Email Filter. The vulnerability allows unauthorized access to administrative credentials via a publicly accessible file (userlist.asp).

Description

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ken@FTU · textwebappsasp
https://www.exploit-db.com/exploits/21925

This is a writeup describing an information disclosure vulnerability in SurfControl SuperScout Email Filter. The vulnerability allows unauthorized access to administrative credentials via a publicly accessible file (userlist.asp).

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SurfControl SuperScout Email Filter
No auth needed
Prerequisites: Network access to the target web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5929
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10320.php

Scores

EPSS 0.0589
EPSS Percentile 92.3%

Details

Status published
Products (3)
surfcontrol/superscout_email_filter 3.5
surfcontrol/superscout_email_filter 3.5.1
surfcontrol/superscout_email_filter 4.0
Published Mar 31, 2003
Tracked Since Feb 18, 2026