Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0422 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. | |||||
| CVE-2003-0261 | 1 Fuzz | 1 Fuzz | 2008-09-10 | 4.6 MEDIUM | N/A |
| fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges. | |||||
| CVE-2003-0256 | 1 Kde | 1 Kopete | 2008-09-10 | 7.5 HIGH | N/A |
| The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2008-09-10 | 7.2 HIGH | N/A |
| xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | |||||
| CVE-2003-0243 | 1 Happycgi | 1 Happymall | 2008-09-10 | 7.5 HIGH | N/A |
| Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts. | |||||
| CVE-2003-0148 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 7.2 HIGH | N/A |
| The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | |||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2008-09-10 | 5.0 MEDIUM | N/A |
| SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | |||||
| CVE-2003-0351 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0171 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 7.2 HIGH | N/A |
| DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | |||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2008-09-10 | 2.1 LOW | N/A |
| ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | |||||
| CVE-2003-0157 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2008-09-10 | 9.3 HIGH | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2008-09-10 | 7.5 HIGH | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | |||||
| CVE-2003-0424 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. | |||||
| CVE-2003-0425 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. | |||||
| CVE-2003-0099 | 1 Apc | 1 Apcupsd | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. | |||||
| CVE-2003-0041 | 2 Mit, Redhat | 2 Kerberos Ftp Client, Linux | 2008-09-10 | 10.0 HIGH | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
| CVE-2003-0090 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
| CVE-2002-2151 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1651. Reason: This candidate is a duplicate of CVE-2002-1651. Notes: All CVE users should reference CVE-2002-1651 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.6 LOW | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | |||||
| CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | |||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
| CVE-2002-2200 | 1 Benjamin Lefevre | 1 Dobermann Forum | 2008-09-10 | 7.5 HIGH | N/A |
| Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php. | |||||
| CVE-2002-2001 | 2 Jmcce, Mandrakesoft | 2 Jmcce, Mandrake Linux | 2008-09-10 | 1.2 LOW | N/A |
| jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-2041 | 1 Qnx | 1 Rtos | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer. | |||||
| CVE-2002-2157 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1660. Reason: This candidate is a duplicate of CVE-2002-1660. Notes: All CVE users should reference CVE-2002-1660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2160 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1798. Reason: This candidate is a duplicate of CVE-2002-1798. Notes: All CVE users should reference CVE-2002-1798 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2135 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1618. Reason: This candidate is a duplicate of CVE-2002-1618. Notes: All CVE users should reference CVE-2002-1618 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2194 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1589. Reason: This candidate is a duplicate of CVE-2002-1589. Notes: All CVE users should reference CVE-2002-1589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2147 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1897 | 1 Mywebserver | 1 Mywebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. | |||||
| CVE-2002-1600 | 1 Mike Spice | 1 My Classifieds | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter. | |||||
| CVE-2002-1638 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-2153. Reason: This candidate is a duplicate of CVE-2002-2153. Notes: All CVE users should reference CVE-2002-2153 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1213 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. | |||||
| CVE-2002-1215 | 1 Linux-ha | 1 Heartbeat | 2008-09-10 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | |||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. | |||||
| CVE-2002-1234 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0180. Reason: This candidate is a an out-of-band assignment duplicate of CVE-2002-0180. Notes: All CVE users should reference CVE-2002-0180 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1202 | 1 Compaq | 1 Tru64 | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files. | |||||
| CVE-2002-1212 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1194 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | |||||
| CVE-2002-1193 | 1 Tkmail | 1 Tkmail | 2008-09-10 | 2.1 LOW | N/A |
| tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. | |||||
| CVE-2002-1404 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1348. Reason: This candidate is a reservation duplicate of CVE-2002-1348. Notes: All CVE users should reference CVE-2002-1348 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2002-1189 | 1 Cisco | 1 Unity Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. | |||||
| CVE-2002-1511 | 2 Att, Tightvnc | 2 Vnc, Tightvnc | 2008-09-10 | 5.0 MEDIUM | N/A |
| The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. | |||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||||
| CVE-2002-1516 | 1 Sgi | 1 Irix | 2008-09-10 | 4.6 MEDIUM | N/A |
| rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | |||||