Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0764 | 1 Phorum | 1 Phorum | 2008-09-05 | 7.5 HIGH | N/A |
| Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. | |||||
| CVE-2002-0781 | 1 Novell | 1 Bordermanager | 2008-09-05 | 5.0 MEDIUM | N/A |
| RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | |||||
| CVE-2002-0782 | 1 Novell | 1 Bordermanager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. | |||||
| CVE-2002-0783 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 7.5 HIGH | N/A |
| Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. | |||||
| CVE-2002-0784 | 1 Lysias | 1 Lidik Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). | |||||
| CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | |||||
| CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | |||||
| CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | |||||
| CVE-2002-0787 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters. | |||||
| CVE-2002-0733 | 1 Acme Labs | 1 Thttpd | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. | |||||
| CVE-2002-0637 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 7.5 HIGH | N/A |
| InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express. | |||||
| CVE-2002-0630 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | |||||
| CVE-2002-0629 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | |||||
| CVE-2002-0459 | 1 Linux-sottises | 2 Board-tnk, News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0759 | 1 Bzip | 1 Bzip2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | |||||
| CVE-2002-0627 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2008-09-05 | 7.5 HIGH | N/A |
| The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | |||||
| CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0457 | 1 Bg Guestbook | 1 Bg Guestbook | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. | |||||
| CVE-2002-0550 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. | |||||
| CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2008-09-05 | 10.0 HIGH | N/A |
| Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | |||||
| CVE-2002-0732 | 1 Levcgi.com | 1 Myguestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments. | |||||
| CVE-2002-0455 | 1 Incredimail | 1 Incredimail | 2008-09-05 | 5.0 MEDIUM | N/A |
| IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0454 | 1 Qualcomm | 1 Qpopper | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. | |||||
| CVE-2002-0767 | 1 Richard Gooch | 1 Simpleinit | 2008-09-05 | 7.2 HIGH | N/A |
| simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges. | |||||
| CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. | |||||
| CVE-2002-0731 | 1 Vqsoft | 1 Vqserver | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. | |||||
| CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | |||||
| CVE-2002-0453 | 1 Oblix | 1 Netpoint | 2008-09-05 | 7.5 HIGH | N/A |
| The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again. | |||||
| CVE-2002-0614 | 1 Php-survey | 1 Php-survey | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. | |||||
| CVE-2002-0613 | 1 Dnstools Software | 1 Dnstools | 2008-09-05 | 10.0 HIGH | N/A |
| dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. | |||||
| CVE-2002-0612 | 1 Craig Patchett | 1 Fileseek | 2008-09-05 | 7.5 HIGH | N/A |
| FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters. | |||||
| CVE-2002-0611 | 1 Craig Patchett | 1 Fileseek | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered. | |||||
| CVE-2002-0610 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges. | |||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. | |||||
| CVE-2002-0756 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | |||||
| CVE-2002-0609 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets. | |||||
| CVE-2002-0607 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL. | |||||
| CVE-2002-0606 | 1 3com | 1 3cdaemon | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login. | |||||
| CVE-2002-0768 | 2 Luke Mewburn, Suse | 2 Lukemftp, Suse Linux | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command. | |||||
| CVE-2002-0769 | 1 Cisco | 1 Ata-186 | 2008-09-05 | 6.4 MEDIUM | N/A |
| The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. | |||||
| CVE-2002-0770 | 1 Id Software | 1 Quake 2i Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | |||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | |||||
| CVE-2002-0754 | 2 Freebsd, Kth | 3 Freebsd, Heimdal, Heimdal | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | |||||
| CVE-2002-0452 | 1 Foundrynet | 1 Serveriron | 2008-09-05 | 7.5 HIGH | N/A |
| Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible. | |||||
| CVE-2002-0451 | 1 Phpprojekt | 1 Phpprojekt | 2008-09-05 | 7.5 HIGH | N/A |
| filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | |||||
| CVE-2002-0601 | 1 Information Security Systems | 1 Realsecure Network Sensor | 2008-09-05 | 5.0 MEDIUM | N/A |
| ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. | |||||
| CVE-2002-0552 | 1 Melange | 1 Melange Chat System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. | |||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | |||||
| CVE-2002-0753 | 1 Talentsoft | 1 Web\+ Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. | |||||
| CVE-2002-0752 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. | |||||