Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1068 | 1 D-link | 1 Dp-303 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. | |||||
| CVE-2002-1110 | 1 Mantis | 1 Mantis | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. | |||||
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2016-10-18 | 7.5 HIGH | N/A |
| The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |||||
| CVE-2002-0975 | 1 Microsoft | 1 Directx Files Viewer Control | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. | |||||
| CVE-2002-0968 | 1 Analogx | 1 Simpleserver Www | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. | |||||
| CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2016-10-18 | 4.6 MEDIUM | N/A |
| Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | |||||
| CVE-2002-0972 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | |||||
| CVE-2002-0973 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 4.6 MEDIUM | N/A |
| Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | |||||
| CVE-2002-1020 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. | |||||
| CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. | |||||
| CVE-2002-1018 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times. | |||||
| CVE-2002-0982 | 1 Microsoft | 1 Sql Server | 2016-10-18 | 7.5 HIGH | N/A |
| Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. | |||||
| CVE-2002-1109 | 1 Amavis | 1 Virus Scanner | 2016-10-18 | 2.1 LOW | N/A |
| securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. | |||||
| CVE-2002-0989 | 1 Rob Flynn | 1 Gaim | 2016-10-18 | 7.5 HIGH | N/A |
| The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. | |||||
| CVE-2002-0990 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. | |||||
| CVE-2002-1051 | 1 Ehud Gavron | 1 Tracesroute | 2016-10-18 | 4.6 MEDIUM | N/A |
| Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument. | |||||
| CVE-2002-0979 | 1 Microsoft | 1 Virtual Machine | 2016-10-18 | 7.5 HIGH | N/A |
| The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. | |||||
| CVE-2002-1052 | 1 W3c | 1 Jigsaw | 2016-10-18 | 5.0 MEDIUM | N/A |
| Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. | |||||
| CVE-2002-0842 | 1 Oracle | 1 Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
| CVE-2002-0829 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 4.6 MEDIUM | N/A |
| Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. | |||||
| CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2016-10-18 | 7.5 HIGH | N/A |
| dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||||
| CVE-2002-0837 | 1 Wordtrans | 1 Wordtrans-web | 2016-10-18 | 7.5 HIGH | N/A |
| wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. | |||||
| CVE-2002-0838 | 3 Ggv, Ghostview, Gv | 3 Ggv, Ghostview, Gv | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. | |||||
| CVE-2002-0898 | 1 Opera Software | 1 Opera Web Browser | 2016-10-18 | 5.0 MEDIUM | N/A |
| Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. | |||||
| CVE-2002-0913 | 1 Stephen Hebditch | 1 Slurp | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response. | |||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | |||||
| CVE-2002-0816 | 1 Compaq | 1 Tru64 | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. | |||||
| CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | |||||
| CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2016-10-18 | 7.5 HIGH | N/A |
| The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
| CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | |||||
| CVE-2002-0845 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. | |||||
| CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2016-10-18 | 7.5 HIGH | N/A |
| catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||||
| CVE-2002-0909 | 1 Matsushita Research | 1 Mnews | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER. | |||||
| CVE-2002-0833 | 1 Qualcomm | 1 Eudora | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. | |||||
| CVE-2002-0817 | 1 William Deich | 1 Super | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2002-0818 | 1 Wwwoffle | 1 Wwwoffle | 2016-10-18 | 7.5 HIGH | N/A |
| wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. | |||||
| CVE-2002-0904 | 1 Kismet | 1 Kismet | 2016-10-18 | 7.5 HIGH | N/A |
| SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. | |||||
| CVE-2002-0819 | 1 Artsd | 1 Artsd | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. | |||||
| CVE-2002-0889 | 1 Qualcomm | 1 Qpopper | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file. | |||||
| CVE-2002-0831 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 2.1 LOW | N/A |
| The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. | |||||
| CVE-2002-0887 | 1 Caldera | 1 Openserver | 2016-10-18 | 2.1 LOW | N/A |
| scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. | |||||
| CVE-2002-0820 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 7.2 HIGH | N/A |
| FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. | |||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 7.5 HIGH | N/A |
| The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
| CVE-2002-0713 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated. | |||||
| CVE-2002-0714 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. | |||||
| CVE-2002-0715 | 1 Squid | 1 Squid | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. | |||||
| CVE-2002-0653 | 1 Mod Ssl | 1 Mod Ssl | 2016-10-18 | 4.6 MEDIUM | N/A |
| Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | |||||
| CVE-2002-0702 | 1 Isc | 1 Dhcpd | 2016-10-18 | 10.0 HIGH | N/A |
| Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. | |||||
| CVE-2002-0704 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. | |||||
| CVE-2002-0711 | 1 Hp | 1 Trucluster Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. | |||||