Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1410 | 2 Ben Chivers, Easy Scripts Archive | 2 Ben Chivers Guestbook, Easy Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi. | |||||
| CVE-2002-1406 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.2 HIGH | N/A |
| Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." | |||||
| CVE-2002-1356 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 7.5 HIGH | N/A |
| Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages. | |||||
| CVE-2002-1355 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. | |||||
| CVE-2002-1277 | 1 Windowmaker | 1 Windowmaker | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. | |||||
| CVE-2002-1276 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 4.3 MEDIUM | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | |||||
| CVE-2002-1269 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem. | |||||
| CVE-2002-1253 | 1 Abuse | 1 Abuse | 2008-09-05 | 7.2 HIGH | N/A |
| Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. | |||||
| CVE-2002-1251 | 1 Log2mail | 1 Log2mail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. | |||||
| CVE-2002-1224 | 1 Kde | 1 Kde | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | |||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2002-1227 | 1 Pam | 1 Pam | 2008-09-05 | 7.5 HIGH | N/A |
| PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | |||||
| CVE-2002-0870 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2008-09-05 | 7.5 HIGH | N/A |
| The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. | |||||
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. | |||||
| CVE-2002-0998 | 1 Care 2002 | 1 Care 2002 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. | |||||
| CVE-2002-0997 | 1 Novell | 2 Netmail, Netmail Xe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. | |||||
| CVE-2002-1002 | 1 Novell | 1 Emframe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
| CVE-2002-1003 | 1 Mywebserver | 1 Mywebserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1004 | 1 Argosoft | 1 Argosoft Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. | |||||
| CVE-2002-1006 | 1 Bbc Education | 1 Betsie | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. | |||||
| CVE-2002-0996 | 1 Novell | 2 Netmail, Netmail Xe | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. | |||||
| CVE-2002-0995 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. | |||||
| CVE-2002-0994 | 1 Sun | 1 Sun Pci Ii Driver | 2008-09-05 | 7.5 HIGH | N/A |
| SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications. | |||||
| CVE-2002-1007 | 1 Blackboard | 1 Blackboard | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. | |||||
| CVE-2002-0992 | 1 Hp | 1 Hp-ux | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data. | |||||
| CVE-2002-0991 | 1 Hp | 1 Cifs-9000 Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters. | |||||
| CVE-2002-1008 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. | |||||
| CVE-2002-1009 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. | |||||
| CVE-2002-1010 | 1 Lotus | 1 Domino R4 | 2008-09-05 | 7.5 HIGH | N/A |
| Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. | |||||
| CVE-2002-1011 | 1 Ibm | 1 Tivoli Management Framework | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1012 | 1 Ibm | 1 Tivoli Management Framework | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1013 | 1 Inktomi | 3 Media-ixt, Traffic Edge, Traffic Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. | |||||
| CVE-2002-1016 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 4.6 MEDIUM | N/A |
| Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. | |||||
| CVE-2002-1017 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 2.1 LOW | N/A |
| Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. | |||||
| CVE-2002-1021 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. | |||||
| CVE-2002-1022 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 7.5 HIGH | N/A |
| BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. | |||||
| CVE-2002-1023 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. | |||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | |||||
| CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||||
| CVE-2002-0967 | 1 Edonkey2000 | 1 Edonkey 2000 Client | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL. | |||||
| CVE-2002-1028 | 1 Oddsock | 1 Song Requester | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments. | |||||
| CVE-2002-0966 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. | |||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | |||||
| CVE-2002-0964 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out. | |||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | |||||
| CVE-2002-0962 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php. | |||||
| CVE-2002-0961 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack. | |||||
| CVE-2002-0960 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users. | |||||
| CVE-2002-0959 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. | |||||