Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0180 | 1 Bradford Barrett | 1 Webalizer | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | |||||
| CVE-2002-0206 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | |||||
| CVE-2002-0244 | 1 Atheos | 1 Atheos | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. | |||||
| CVE-2002-0281 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. | |||||
| CVE-2002-0282 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. | |||||
| CVE-2002-0286 | 1 Sitenews | 1 Sitenews | 2017-07-11 | 7.5 HIGH | N/A |
| The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. | |||||
| CVE-2002-0293 | 1 Alcatel-lucent | 1 Omnipcx | 2017-07-11 | 6.2 MEDIUM | N/A |
| FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | |||||
| CVE-2002-0296 | 1 Tarantella | 1 Tarantella Enterprise | 2017-07-11 | 1.2 LOW | N/A |
| The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||||
| CVE-2002-0305 | 1 Zero One Tech | 1 P100s | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. | |||||
| CVE-2002-0308 | 1 Stefan Holmberg | 1 Admentor | 2017-07-11 | 10.0 HIGH | N/A |
| admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. | |||||
| CVE-2002-0310 | 1 Netwin | 1 Webnews | 2017-07-11 | 7.5 HIGH | N/A |
| Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | |||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | |||||
| CVE-2002-0385 | 1 Vignette | 2 Storyserver, Vignette | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output. | |||||
| CVE-2002-0393 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. | |||||
| CVE-2002-0486 | 1 Workforceroi | 1 Xpede | 2017-07-11 | 7.2 HIGH | N/A |
| Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. | |||||
| CVE-2002-0526 | 1 Inn | 1 Inn | 2017-07-11 | 7.2 HIGH | N/A |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | |||||
| CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. | |||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | |||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | |||||
| CVE-2002-0602 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. | |||||
| CVE-2002-0628 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | |||||
| CVE-2002-0712 | 1 Entrust | 1 Entrust Authority Security Manager | 2017-07-11 | 2.1 LOW | N/A |
| Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | |||||
| CVE-2002-0793 | 1 Qnx | 1 Rtos | 2017-07-11 | 4.6 MEDIUM | N/A |
| Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | |||||
| CVE-2002-0886 | 1 Cisco | 1 Cbos | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory. | |||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2017-07-11 | 5.0 MEDIUM | N/A |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. | |||||
| CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. | |||||
| CVE-2002-1192 | 2 Netbsd, Rogue | 2 Netbsd, Rogue | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. | |||||
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. | |||||
| CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2017-07-11 | 7.5 HIGH | N/A |
| Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | |||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. | |||||
| CVE-2003-1133 | 1 Ritlabs | 1 The Bat | 2017-07-11 | 2.1 LOW | N/A |
| Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages. | |||||
| CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||||
| CVE-2003-1137 | 1 Charles Steinkuehler | 1 Sh-httpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character. | |||||
| CVE-2003-1139 | 1 Musicqueue | 1 Musicqueue | 2017-07-11 | 5.0 MEDIUM | N/A |
| Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file. | |||||
| CVE-2003-1140 | 1 Musicqueue | 1 Musicqueue | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file. | |||||
| CVE-2003-1141 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515. | |||||
| CVE-2003-1142 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2017-07-11 | 10.0 HIGH | N/A |
| Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. | |||||
| CVE-2003-1143 | 1 Croteam | 1 Serioussam | 2017-07-11 | 7.5 HIGH | N/A |
| Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter. | |||||
| CVE-2003-1144 | 1 Perception | 1 Liteserve | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name. | |||||
| CVE-2003-1145 | 1 Openautoclassifieds | 1 Openautoclassifieds | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. | |||||
| CVE-2003-1148 | 1 Les Visiteurs | 1 Les Visiteurs | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/. | |||||
| CVE-2003-1149 | 1 Symantec | 1 Norton Internet Security | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. | |||||
| CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2003-1151 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. | |||||
| CVE-2003-1152 | 1 Infrontech | 1 Webtide | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?"). | |||||
| CVE-2003-1153 | 1 Bytehoard | 1 Bytehoard | 2017-07-11 | 5.0 MEDIUM | N/A |
| byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php. | |||||
| CVE-2003-1154 | 1 Clearswift | 1 Mailsweeper | 2017-07-11 | 7.5 HIGH | N/A |
| MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants. | |||||
| CVE-2003-1155 | 1 X-cd-roast | 1 X-cd-roast | 2017-07-11 | 4.6 MEDIUM | N/A |
| X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file. | |||||
| CVE-2003-1156 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 4.6 MEDIUM | N/A |
| Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | |||||
| CVE-2003-1157 | 1 Citrix | 1 Metaframe | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. | |||||