Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0174 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | |||||
| CVE-2002-0167 | 1 Enlightenment | 1 Imlib | 2008-09-11 | 7.5 HIGH | N/A |
| Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. | |||||
| CVE-2002-0121 | 1 Php | 1 Php | 2008-09-11 | 2.1 LOW | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
| CVE-2002-0217 | 1 Xoops | 1 Xoops | 2008-09-11 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. | |||||
| CVE-2002-0218 | 1 Sas | 2 Sas Base, Sas Integration Technologies | 2008-09-11 | 7.2 HIGH | N/A |
| Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | |||||
| CVE-2002-0219 | 1 Sas | 2 Sas Base, Sas Integration Technologies | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. | |||||
| CVE-2002-0220 | 1 Phpsmssend | 1 Phpsmssend | 2008-09-11 | 7.5 HIGH | N/A |
| phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. | |||||
| CVE-2002-0173 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. | |||||
| CVE-2002-0221 | 1 Etype | 1 Eserv | 2008-09-11 | 5.0 MEDIUM | N/A |
| Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV. | |||||
| CVE-2002-0311 | 1 Caldera | 2 Openunix, Unixware | 2008-09-11 | 10.0 HIGH | N/A |
| Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. | |||||
| CVE-2002-0222 | 1 Etype | 1 Eserv | 2008-09-11 | 7.5 HIGH | N/A |
| Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. | |||||
| CVE-2002-0172 | 1 Sgi | 1 Irix | 2008-09-11 | 2.1 LOW | N/A |
| /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). | |||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2008-09-11 | 7.5 HIGH | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | |||||
| CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2008-09-11 | 5.0 MEDIUM | N/A |
| Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. | |||||
| CVE-2002-0126 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2008-09-11 | 7.5 HIGH | N/A |
| Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD. | |||||
| CVE-2002-0166 | 1 Stephen Turner | 1 Analog | 2008-09-11 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. | |||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2008-09-11 | 5.0 MEDIUM | N/A |
| userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. | |||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2008-09-11 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). | |||||
| CVE-2002-0171 | 1 Sgi | 1 Irisconsole | 2008-09-11 | 7.5 HIGH | N/A |
| IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. | |||||
| CVE-2002-0175 | 1 Avaya | 1 Libsafe | 2008-09-11 | 4.6 MEDIUM | N/A |
| libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. | |||||
| CVE-2002-0176 | 1 Avaya | 1 Libsafe | 2008-09-11 | 4.6 MEDIUM | N/A |
| The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. | |||||
| CVE-2002-0246 | 1 Caldera | 1 Unixware | 2008-09-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | |||||
| CVE-2002-0247 | 1 Wliang | 1 Wmtv | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. | |||||
| CVE-2002-0124 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2008-09-11 | 5.0 MEDIUM | N/A |
| MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. | |||||
| CVE-2006-6438 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2008-09-10 | 4.9 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | |||||
| CVE-2006-6439 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2008-09-10 | 7.8 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors. | |||||
| CVE-2006-6441 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2008-09-10 | 4.6 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive. | |||||
| CVE-2006-6435 | 1 Xerox | 1 Workcentre | 2008-09-10 | 7.5 HIGH | N/A |
| The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | |||||
| CVE-2006-6434 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2008-09-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. | |||||
| CVE-2006-6436 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. | |||||
| CVE-2006-6437 | 1 Xerox | 1 Workcentre | 2008-09-10 | 7.8 HIGH | N/A |
| ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | |||||
| CVE-2005-4835 | 1 Madwifi | 1 Madwifi | 2008-09-10 | 7.1 HIGH | N/A |
| The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. | |||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2005-3262 | 1 Rarlab | 1 Winrar | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename. | |||||
| CVE-2005-3263 | 1 Rarlab | 1 Winrar | 2008-09-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name. | |||||
| CVE-2005-3322 | 2 Squid, Suse | 2 Squid, Suse Linux | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL). | |||||
| CVE-2005-3290 | 1 Accelerated Enterprise Solutions | 1 Accelerated Mortgage Manager | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Accelerated Mortgage Manager allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-2927 | 1 Sco | 1 Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command. | |||||
| CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2008-09-10 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). | |||||
| CVE-2005-2659 | 1 Jed Wing | 1 Chm Lib | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | |||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | |||||
| CVE-2005-2502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. | |||||
| CVE-2005-2333 | 1 Seo-board | 1 Seo-board | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter. | |||||
| CVE-2005-2213 | 1 Mms Ripper | 1 Mms Ripper | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | |||||
| CVE-2005-2134 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 2.1 LOW | N/A |
| The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. | |||||
| CVE-2005-2155 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2008-09-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter. | |||||
| CVE-2005-1793 | 1 Microsoft | 1 Windows 98se | 2008-09-10 | 2.6 LOW | N/A |
| User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. | |||||
| CVE-2005-1783 | 1 W.m.r. Simpson | 1 Bookreview | 2008-09-10 | 5.0 MEDIUM | N/A |
| BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. | |||||
| CVE-2005-1800 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. | |||||
| CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2008-09-10 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | |||||