Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | |||||
| CVE-2002-0205 | 1 Plumtree | 1 Plumtree Corporate Portal | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter. | |||||
| CVE-2002-0200 | 1 Cyberstop | 1 Cyberstop Web Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. | |||||
| CVE-2002-0238 | 1 Netgear | 1 Rt314 | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. | |||||
| CVE-2002-0232 | 1 Mrtg | 1 Multi Router Traffic Grapher Cgi | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi. | |||||
| CVE-2002-0239 | 1 Hanterm | 1 Hanterm | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. | |||||
| CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2016-10-18 | 5.0 MEDIUM | N/A |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2002-0233 | 1 Eshare Communications Inc. | 1 Eshare Expressions | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2002-0236 | 1 Lucent | 5 Vitalanalysis, Vitalevent, Vitalhelp and 2 more | 2016-10-18 | 7.5 HIGH | N/A |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | |||||
| CVE-2002-0237 | 1 Iss | 3 Blackice Agent, Blackice Defender, Realsecure Server Sensor | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. | |||||
| CVE-2002-0268 | 1 Identix | 1 Biologon | 2016-10-18 | 7.2 HIGH | N/A |
| Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | |||||
| CVE-2002-0267 | 1 Sips | 1 Sips | 2016-10-18 | 10.0 HIGH | N/A |
| preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. | |||||
| CVE-2002-0266 | 1 Thunderstone Software | 1 Texis | 2016-10-18 | 5.0 MEDIUM | N/A |
| Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. | |||||
| CVE-2002-0265 | 1 Sawmill | 1 Sawmill | 2016-10-18 | 4.6 MEDIUM | N/A |
| Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. | |||||
| CVE-2002-0264 | 1 Cooolsoft | 1 Powerftp | 2016-10-18 | 7.5 HIGH | N/A |
| PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges. | |||||
| CVE-2002-0263 | 1 Ezne.net | 1 Ezboard 2000 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi. | |||||
| CVE-2002-0262 | 1 Sybex | 1 E-trainer | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2002-0231 | 1 Khaled Mardam-bey | 1 Mirc | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. | |||||
| CVE-2002-0181 | 1 Horde | 2 Horde, Imp | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | |||||
| CVE-2002-0116 | 1 Palm | 1 Palm Os | 2016-10-18 | 5.0 MEDIUM | N/A |
| Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. | |||||
| CVE-2002-0131 | 1 Activestate | 1 Activepython | 2016-10-18 | 5.0 MEDIUM | N/A |
| ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. | |||||
| CVE-2002-0178 | 1 Gnu | 1 Sharutils | 2016-10-18 | 7.2 HIGH | N/A |
| uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2002-0112 | 1 Etype | 1 Eserv | 2016-10-18 | 5.0 MEDIUM | N/A |
| Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL. | |||||
| CVE-2002-0111 | 1 Funsoft | 1 Dinos Webserver | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. | |||||
| CVE-2002-0104 | 1 Aftpd | 1 Aftpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump. | |||||
| CVE-2002-0130 | 1 Efax | 1 Efax | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument. | |||||
| CVE-2002-0138 | 1 Andreas Mueller | 1 Cdrdao | 2016-10-18 | 2.1 LOW | N/A |
| CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. | |||||
| CVE-2002-0177 | 1 Icecast | 1 Icecast | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. | |||||
| CVE-2002-0099 | 1 Michael Lamont | 1 Savant Webserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters. | |||||
| CVE-2002-0142 | 1 Pi3 | 1 Pi3web | 2016-10-18 | 7.5 HIGH | N/A |
| CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. | |||||
| CVE-2002-0100 | 1 Aol | 1 Aol Server | 2016-10-18 | 7.5 HIGH | N/A |
| AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file. | |||||
| CVE-2002-0105 | 1 Caldera | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable. | |||||
| CVE-2002-0170 | 1 Zope | 1 Zope | 2016-10-18 | 7.5 HIGH | N/A |
| Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. | |||||
| CVE-2002-0137 | 1 Andreas Mueller | 1 Cdrdao | 2016-10-18 | 7.2 HIGH | N/A |
| CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. | |||||
| CVE-2002-0162 | 1 Logwatch | 1 Logwatch | 2016-10-18 | 6.2 MEDIUM | N/A |
| LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | |||||
| CVE-2002-0134 | 1 Avirt | 1 Avirt Gateway Suite | 2016-10-18 | 7.5 HIGH | N/A |
| Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. | |||||
| CVE-2002-0107 | 1 Cacheflow | 1 Cacheos | 2016-10-18 | 5.0 MEDIUM | N/A |
| Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. | |||||
| CVE-2002-0098 | 1 Boozt | 1 Boozt Standard | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. | |||||
| CVE-2002-0106 | 1 Bea | 1 Weblogic Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. | |||||
| CVE-2002-0092 | 1 Cvs | 1 Cvs | 2016-10-18 | 5.0 MEDIUM | N/A |
| CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. | |||||
| CVE-2002-0129 | 1 Efax | 1 Efax | 2016-10-18 | 2.1 LOW | N/A |
| efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | |||||
| CVE-2002-0165 | 1 Logwatch | 1 Logwatch | 2016-10-18 | 7.2 HIGH | N/A |
| LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162. | |||||
| CVE-2002-0109 | 1 Linksys | 3 Befn2ps4, Befsr41, Befsr81 | 2016-10-18 | 6.4 MEDIUM | N/A |
| Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. | |||||
| CVE-2002-0103 | 1 Oracle | 1 Application Server Web Cache | 2016-10-18 | 4.6 MEDIUM | N/A |
| An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | |||||
| CVE-2002-0110 | 1 Nevrona Designs | 1 Miramail | 2016-10-18 | 2.1 LOW | N/A |
| Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file. | |||||
| CVE-2002-0198 | 1 Paul L Daniels | 2 Inflex, Ripmime | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename. | |||||
| CVE-2002-0197 | 1 Psychoid | 1 Psybnc | 2016-10-18 | 7.5 HIGH | N/A |
| psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. | |||||
| CVE-2002-0163 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. | |||||