Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. | |||||
| CVE-2002-1202 | 1 Compaq | 1 Tru64 | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files. | |||||
| CVE-2002-1252 | 1 Peoplesoft | 1 Peopletools | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. | |||||
| CVE-2002-1212 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1231 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 2.1 LOW | N/A |
| SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. | |||||
| CVE-2002-1280 | 1 Iss | 1 Realsecure Event Collector | 2008-09-10 | 5.0 MEDIUM | N/A |
| Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | |||||
| CVE-2002-1279 | 1 Masqmail | 1 Masqmail | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option). | |||||
| CVE-2002-1278 | 1 Jacques Gelinas | 1 Linuxconf | 2008-09-10 | 7.5 HIGH | N/A |
| The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. | |||||
| CVE-2002-1449 | 1 Frederic Tyndiuk | 1 Eupload | 2008-09-10 | 7.5 HIGH | N/A |
| eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. | |||||
| CVE-2002-1213 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. | |||||
| CVE-2002-1509 | 1 Redhat | 1 Linux | 2008-09-10 | 3.6 LOW | N/A |
| A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | |||||
| CVE-2002-1516 | 1 Sgi | 1 Irix | 2008-09-10 | 4.6 MEDIUM | N/A |
| rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-1511 | 2 Att, Tightvnc | 2 Vnc, Tightvnc | 2008-09-10 | 5.0 MEDIUM | N/A |
| The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. | |||||
| CVE-2002-1194 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | |||||
| CVE-2002-1379 | 1 Openldap | 1 Openldap | 2008-09-10 | 7.5 HIGH | N/A |
| OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. | |||||
| CVE-2002-1215 | 1 Linux-ha | 1 Heartbeat | 2008-09-10 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2002-1508 | 1 Openldap | 1 Openldap | 2008-09-10 | 1.2 LOW | N/A |
| slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | |||||
| CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2008-09-10 | 7.2 HIGH | N/A |
| The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
| CVE-2002-1342 | 1 Smb2www | 1 Smb2www | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands. | |||||
| CVE-2002-1352 | 1 Per Magne Knutsen | 1 Cartman | 2008-09-10 | 5.0 MEDIUM | N/A |
| Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter. | |||||
| CVE-2002-1146 | 1 Gnu | 1 Glibc | 2008-09-10 | 5.0 MEDIUM | N/A |
| The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | |||||
| CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. | |||||
| CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 5.0 MEDIUM | N/A |
| Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
| CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2002-1128 | 1 Digital | 2 Osf 1, Ultrix | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. | |||||
| CVE-2002-1122 | 1 Iss | 1 Internet Scanner | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. | |||||
| CVE-2002-0988 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. | |||||
| CVE-2002-0987 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | |||||
| CVE-2002-0984 | 1 Light | 1 Light | 2008-09-10 | 7.5 HIGH | N/A |
| The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | |||||
| CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2008-09-10 | 5.1 MEDIUM | N/A |
| CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | |||||
| CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2002-0874 | 1 Redhat | 1 Interchange | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||||
| CVE-2002-0873 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. | |||||
| CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 7.5 HIGH | N/A |
| l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. | |||||
| CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
| SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
| CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
| CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | |||||
| CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2008-09-10 | 7.5 HIGH | N/A |
| Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
| CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-0924 | 1 Cgiscript.net | 1 Csnews | 2008-09-10 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. | |||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
| CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
| CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
| CVE-2002-0834 | 1 Ethereal Group | 1 Ethereal | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2008-09-10 | 2.1 LOW | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | |||||
| CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | |||||