Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1420 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 7.2 HIGH | N/A |
| Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. | |||||
| CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | |||||
| CVE-2002-1453 | 1 Mywebserver | 1 Mywebserver | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. | |||||
| CVE-2002-1454 | 1 Mywebserver | 1 Mywebserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. | |||||
| CVE-2002-1568 | 1 Openssl | 1 Openssl | 2016-10-18 | 5.0 MEDIUM | N/A |
| OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. | |||||
| CVE-2002-1647 | 1 Slashcode.com | 1 Slash | 2016-10-18 | 5.0 MEDIUM | N/A |
| The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL. | |||||
| CVE-2002-1664 | 1 Yahoo | 1 Messenger | 2016-10-18 | 6.4 MEDIUM | N/A |
| Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information. | |||||
| CVE-2002-1822 | 1 Ibm | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). | |||||
| CVE-2002-1830 | 1 Openbb | 1 Openbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters. | |||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2016-10-18 | 5.0 MEDIUM | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | |||||
| CVE-2002-1850 | 1 Apache | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | |||||
| CVE-2002-1867 | 1 Bizdesign | 1 Imagefolio | 2016-10-18 | 7.5 HIGH | N/A |
| The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption). | |||||
| CVE-2002-2039 | 1 Qnx | 1 Rtos | 2016-10-18 | 2.1 LOW | N/A |
| /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal. | |||||
| CVE-2002-2048 | 1 Michael Baumer | 1 Pfinger | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability. | |||||
| CVE-2002-2054 | 1 Teekai | 1 Teekai Forum | 2016-10-18 | 7.5 HIGH | N/A |
| TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin. | |||||
| CVE-2002-2055 | 1 Teekai | 1 Teekai Tracking Online | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2002-2056 | 1 Teekai | 1 Teekai Forum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie. | |||||
| CVE-2002-2057 | 1 Teekai | 1 Teekai Forum | 2016-10-18 | 5.0 MEDIUM | N/A |
| TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
| CVE-2002-2073 | 1 Microsoft | 3 Site Server, Site Server Commerce, Windows Nt | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. | |||||
| CVE-2002-2118 | 1 Blue World Communications | 1 Lasso Web Data Engine | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL. | |||||
| CVE-2002-2121 | 1 Surfcontrol | 1 Superscout Email Filter | 2016-10-18 | 5.0 MEDIUM | N/A |
| SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow. | |||||
| CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2016-10-18 | 4.0 MEDIUM | N/A |
| phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | |||||
| CVE-2002-1665 | 1 Yahoo | 1 Messenger | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. | |||||
| CVE-2002-1340 | 1 Microsoft | 1 Office Web Components | 2016-10-18 | 5.0 MEDIUM | N/A |
| The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. | |||||
| CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2016-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||||
| CVE-2002-1393 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. | |||||
| CVE-2002-1398 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." | |||||
| CVE-2002-1383 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun. | |||||
| CVE-2002-1399 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). | |||||
| CVE-2002-1400 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | |||||
| CVE-2002-1414 | 1 Inter7 | 1 Qmailadmin | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. | |||||
| CVE-2002-1402 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1339 | 1 Microsoft | 1 Office Web Components | 2016-10-18 | 5.0 MEDIUM | N/A |
| The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files. | |||||
| CVE-2002-1386 | 1 Ehud Gavron | 1 Tracesroute | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument. | |||||
| CVE-2002-1387 | 1 Ehud Gavron | 1 Tracesroute | 2016-10-18 | 4.6 MEDIUM | N/A |
| The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. | |||||
| CVE-2002-1348 | 1 W3m | 1 W3m | 2016-10-18 | 5.0 MEDIUM | N/A |
| w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. | |||||
| CVE-2002-1316 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-18 | 6.8 MEDIUM | N/A |
| importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). | |||||
| CVE-2002-1306 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | |||||
| CVE-2002-1244 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. | |||||
| CVE-2002-1245 | 1 Frank Mcingvale | 1 Luxman | 2016-10-18 | 7.2 HIGH | N/A |
| Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. | |||||
| CVE-2002-1247 | 2 Kde, Lisa | 3 Kde, Klisa, Lisa | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon. | |||||
| CVE-2002-1294 | 1 Microsoft | 1 Java Virtual Machine | 2016-10-18 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. | |||||
| CVE-2002-1320 | 1 University Of Washington | 1 Pine | 2016-10-18 | 5.0 MEDIUM | N/A |
| Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | |||||
| CVE-2002-1248 | 1 Northern Solutions | 1 Xeneo Web Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. | |||||
| CVE-2002-1233 | 1 Apache | 1 Http Server | 2016-10-18 | 2.6 LOW | N/A |
| A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | |||||
| CVE-2002-1264 | 1 Oracle | 1 Oracle9i | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | |||||
| CVE-2002-1271 | 1 Perl-mailtools | 1 Perl-mailtools | 2016-10-18 | 7.5 HIGH | N/A |
| The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. | |||||
| CVE-2002-1281 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
| CVE-2002-1282 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
| CVE-2002-1315 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). | |||||