Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0772 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. | |||||
| CVE-2002-0428 | 1 Checkpoint | 3 Check Point Vpn, Firewall-1, Next Generation | 2008-09-05 | 7.5 HIGH | N/A |
| Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. | |||||
| CVE-2002-0447 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2002-0608 | 1 Matu | 1 Matu Ftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. | |||||
| CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2008-09-05 | 5.0 MEDIUM | N/A |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0751 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 7.5 HIGH | N/A |
| CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters. | |||||
| CVE-2002-0599 | 1 Blahz-dns | 1 Blahz-dns | 2008-09-05 | 10.0 HIGH | N/A |
| Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen. | |||||
| CVE-2002-0598 | 1 Foundstone | 1 Fscan | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. | |||||
| CVE-2002-0445 | 1 Php Firstpost | 1 Php Firstpost | 2008-09-05 | 5.0 MEDIUM | N/A |
| article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0553 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. | |||||
| CVE-2002-0750 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. | |||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. | |||||
| CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. | |||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||||
| CVE-2002-0439 | 1 Caupo.net | 1 Cauposhop | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field. | |||||
| CVE-2002-0595 | 1 Webtrends | 1 Reporting Center | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory. | |||||
| CVE-2002-0749 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 7.5 HIGH | N/A |
| CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. | |||||
| CVE-2002-0748 | 1 National Instruments | 1 Labview | 2008-09-05 | 5.0 MEDIUM | N/A |
| LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. | |||||
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||||
| CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | |||||
| CVE-2002-0799 | 1 Youngzsoft | 1 Cmailserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | |||||
| CVE-2002-0795 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. | |||||
| CVE-2002-0794 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | |||||
| CVE-2002-0792 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | |||||
| CVE-2002-0791 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||||
| CVE-2002-0789 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. | |||||
| CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | |||||
| CVE-2002-0676 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. | |||||
| CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. | |||||
| CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. | |||||
| CVE-2002-0462 | 1 Big Sam | 1 Big Sam | 2008-09-05 | 6.4 MEDIUM | N/A |
| bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. | |||||
| CVE-2002-0424 | 1 Efingerd | 1 Efingerd | 2008-09-05 | 4.6 MEDIUM | N/A |
| efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. | |||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||||
| CVE-2002-0425 | 1 Khaled Mardam-bey | 1 Mirc | 2008-09-05 | 5.0 MEDIUM | N/A |
| mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message. | |||||
| CVE-2002-0414 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | |||||
| CVE-2002-0394 | 1 Red-m | 1 1050ap Lan Acess Point | 2008-09-05 | 10.0 HIGH | N/A |
| Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords. | |||||
| CVE-2002-0415 | 1 Realnetworks | 1 Realplayer | 2008-09-05 | 1.7 LOW | N/A |
| Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275. | |||||
| CVE-2002-0426 | 1 Linksys | 1 Befvp41 | 2008-09-05 | 7.5 HIGH | N/A |
| VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. | |||||
| CVE-2002-0041 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump. | |||||
| CVE-2002-0410 | 1 Aeromail | 1 Aeromail | 2008-09-05 | 5.0 MEDIUM | N/A |
| send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded. | |||||
| CVE-2002-0091 | 1 Nswc | 1 Cider Shadow | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields. | |||||
| CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||||
| CVE-2002-0040 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges. | |||||
| CVE-2002-0241 | 1 Cisco | 1 Secure Access Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. | |||||
| CVE-2002-0039 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. | |||||
| CVE-2002-0032 | 1 Yahoo | 1 Messenger | 2008-09-05 | 7.5 HIGH | N/A |
| Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. | |||||
| CVE-2002-0358 | 1 Sgi | 1 Mediamail | 2008-09-05 | 4.6 MEDIUM | N/A |
| MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. | |||||
| CVE-2002-0420 | 1 Claymore Systems Inc | 1 Puretls | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions. | |||||
| CVE-2002-0406 | 1 Menasoft | 1 Sphereserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in. | |||||