Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1684 | 2 Deerfield, Working Resources Inc. | 2 D2gfx, Badblue | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. | |||||
| CVE-2002-1685 | 1 Working Resources Inc. | 1 Badblue | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. | |||||
| CVE-2002-1691 | 1 Alcatel-lucent | 1 Omnipcx | 2017-07-11 | 10.0 HIGH | N/A |
| Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2017-07-11 | 3.6 LOW | N/A |
| Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Pgp | 2017-07-11 | 2.1 LOW | N/A |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2002-1697 | 1 Vtun | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2002-1698 | 1 Microsoft | 1 Msn Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. | |||||
| CVE-2002-1699 | 1 Pascal Michaud | 1 Asp Client Check | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field. | |||||
| CVE-2002-1702 | 1 Deltascripts | 1 Php Classifieds | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter. | |||||
| CVE-2002-1703 | 1 Mewsoft | 1 Netauction | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter. | |||||
| CVE-2002-1704 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1706 | 1 Cisco | 1 Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. | |||||
| CVE-2002-1707 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1708 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | |||||
| CVE-2002-1709 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable. | |||||
| CVE-2002-1710 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 3.6 LOW | N/A |
| The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file. | |||||
| CVE-2002-1711 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 2.1 LOW | N/A |
| BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. | |||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2017-07-11 | 2.1 LOW | N/A |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | |||||
| CVE-2002-1715 | 1 Ssh | 2 Ssh, Ssh2 | 2017-07-11 | 7.2 HIGH | N/A |
| SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. | |||||
| CVE-2002-1716 | 1 Microsoft | 1 Office | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
| CVE-2002-1719 | 1 Bavo | 1 Bavo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages. | |||||
| CVE-2002-1720 | 1 Outfront | 1 Spooky Login | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field. | |||||
| CVE-2002-1721 | 1 Paul L Daniels | 1 Altermime | 2017-07-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte. | |||||
| CVE-2002-1722 | 1 Logitech | 3 Cordless Freedom Itouch Keyboard, Cordless Itouch Keyboard, Itouch Keyboard | 2017-07-11 | 4.6 MEDIUM | N/A |
| Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. | |||||
| CVE-2002-1723 | 1 Powerboards | 1 Powerboards | 2017-07-11 | 5.0 MEDIUM | N/A |
| Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message. | |||||
| CVE-2002-1724 | 1 Onlinetools.org | 1 Phpimageview | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter. | |||||
| CVE-2002-1725 | 1 Onlinetools.org | 1 Phpimageview | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function. | |||||
| CVE-2002-1726 | 1 Brokenbytes | 1 Photodb | 2017-07-11 | 7.5 HIGH | N/A |
| secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page. | |||||
| CVE-2002-1727 | 1 Asksam Systems | 1 Asksam Web Publisher | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL. | |||||
| CVE-2002-1728 | 1 Asksam Systems | 1 Asksam Web Publisher | 2017-07-11 | 5.0 MEDIUM | N/A |
| askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path. | |||||
| CVE-2002-1729 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message. | |||||
| CVE-2002-1730 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true". | |||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2017-07-11 | 2.1 LOW | N/A |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. | |||||
| CVE-2002-1732 | 1 Actinic | 1 Actinic Catalog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl. | |||||
| CVE-2002-1733 | 1 Prospero Technologies | 1 Prospero Message Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post. | |||||
| CVE-2002-1734 | 1 Aspbin | 1 Newspro | 2017-07-11 | 10.0 HIGH | N/A |
| NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true". | |||||
| CVE-2002-1735 | 1 Davin Mccall | 1 Dlogin | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors. | |||||
| CVE-2002-1736 | 1 Markus Triska | 1 Cginews | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input." | |||||
| CVE-2002-1737 | 1 Astaro | 1 Security Linux | 2017-07-11 | 2.1 LOW | N/A |
| Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. | |||||
| CVE-2002-1738 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email. | |||||
| CVE-2002-1739 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 2.1 LOW | N/A |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
| CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||||
| CVE-2002-1741 | 1 Alt-n | 1 Worldclient | 2017-07-11 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | |||||
| CVE-2002-1742 | 1 Paul Kulchenko | 1 Soap Lite | 2017-07-11 | 5.0 MEDIUM | N/A |
| SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger. | |||||
| CVE-2002-1743 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file. | |||||
| CVE-2002-1746 | 1 Maxim Krasnyansky | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets. | |||||
| CVE-2002-1747 | 1 Maxim Krasnyansky | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB. | |||||
| CVE-2002-1748 | 1 Open Source Development Network | 1 Slashcode | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts. | |||||
| CVE-2002-1750 | 1 Cgiscript.net | 1 Csguestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2002-1751 | 1 Cgiscript.net | 1 Cslivesupport | 2017-07-11 | 5.0 MEDIUM | N/A |
| csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||