Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2387 1 Mollensoft Software 1 Hyperion Ftp Server 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command.
CVE-2002-2356 1 Hamweather 1 Hamweather 2008-09-05 6.4 MEDIUM N/A
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
CVE-2002-2388 1 Inweb 1 Mail Server 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.
CVE-2002-2406 1 Perception 1 Liteserve 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
CVE-2002-2407 1 Qnx 1 Rtos 2008-09-05 6.9 MEDIUM N/A
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
CVE-2002-2389 1 Fastlink Software 1 The Server 2008-09-05 5.0 MEDIUM N/A
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
CVE-2002-2408 1 Gordano 1 Ntmail 2008-09-05 7.5 HIGH N/A
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.
CVE-2002-2409 1 Qnx 2 Neutrino Rtos, Photon Microgui 2008-09-05 3.5 LOW N/A
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
CVE-2002-2420 1 Independent Solution 2 Simple Site Searcher, Super Site Searcher 2008-09-05 7.5 HIGH N/A
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-2002-2410 1 Open Webmail 1 Open Webmail 2008-09-05 5.0 MEDIUM N/A
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVE-2003-0152 1 Mozilla 1 Bonsai 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
CVE-2002-2390 1 Cerulean Studios 2 Trillian, Trillian Pro 2008-09-05 10.0 HIGH N/A
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
CVE-2002-2412 1 Nullsoft 1 Winamp 2008-09-05 2.1 LOW N/A
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVE-2003-0194 1 Redhat 2 Linux, Tcpdump 2008-09-05 4.6 MEDIUM N/A
tcpdump does not properly drop privileges to the pcap user when starting up.
CVE-2002-2413 2 Deerfield, Microsoft 3 Website Pro, Windows 9x, Windows Nt 2008-09-05 5.0 MEDIUM N/A
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
CVE-2003-0119 1 Ibm 1 Aix 2008-09-05 7.5 HIGH N/A
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
CVE-2003-0103 1 Nokia 1 6210 Handset 2008-09-05 5.0 MEDIUM N/A
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
CVE-2002-2421 1 Andrey Cherezov 1 Acweb 2008-09-05 7.8 HIGH N/A
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
CVE-2003-0177 1 Sgi 1 Irix 2008-09-05 4.6 MEDIUM N/A
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.
CVE-2002-2422 1 Compaq 1 Insight Management Agent 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
CVE-2002-2355 1 Netgear 1 Fm114p 2008-09-05 7.1 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2002-2364 1 Sourceforge 1 Php Ticket 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.
CVE-2002-2365 1 Springer Verlag Berlin Heidelberg 1 Simple Wais 2008-09-05 10.0 HIGH N/A
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
CVE-2003-0142 1 Adobe 1 Acrobat Reader 2008-09-05 5.0 MEDIUM N/A
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
CVE-2002-2366 1 Cerulean Studios 1 Trillian 2008-09-05 6.8 MEDIUM N/A
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
CVE-2002-2369 1 Perception 1 Liteserve 2008-09-05 5.0 MEDIUM N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2002-2370 1 Sws 1 Sws Simple Web Server 2008-09-05 5.0 MEDIUM N/A
SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline.
CVE-2002-2415 1 Alliedtelesyn 2 At-8024, Rapier 24 2008-09-05 6.8 MEDIUM N/A
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
CVE-2002-2416 1 Zeroo 1 Http Server 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
CVE-2003-0104 1 Peoplesoft 1 Peopletools 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
CVE-2002-2391 2 Webchat.org, Xoops 2 Webchat, Xoops 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
CVE-2003-0214 1 Debian 1 Mime-support 2008-09-05 4.6 MEDIUM N/A
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2002-2371 1 Linksys 1 Wet11 2008-09-05 7.8 HIGH N/A
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
CVE-2003-0249 1 Php 1 Php 2008-09-05 7.5 HIGH N/A
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
CVE-2003-0120 1 Mhc-utils 1 Mhc-utils 2008-09-05 1.2 LOW N/A
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
CVE-2002-2354 1 Netgear 1 Fm114p 2008-09-05 7.8 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
CVE-2002-2372 1 Ibm 2 Infoprint, Infoprint 21 2008-09-05 5.0 MEDIUM N/A
The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.
CVE-2002-2392 1 Nullsoft 1 Winamp 2008-09-05 6.4 MEDIUM N/A
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
CVE-2002-2394 1 Trend Micro 1 Interscan Viruswall 2008-09-05 5.0 MEDIUM N/A
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
CVE-2002-2417 1 Acftp 1 Acftp 2008-09-05 10.0 HIGH N/A
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
CVE-2003-0241 1 Frontrange 1 Goldmine 2008-09-05 7.5 HIGH N/A
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
CVE-2003-0176 1 Sgi 1 Irix 2008-09-05 5.0 MEDIUM N/A
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
CVE-2003-0167 1 Mutt 1 Mutt 2008-09-05 7.5 HIGH N/A
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
CVE-2002-2373 1 Apple 2 Apple Laserwriter, Tcp Ip Configuration Utility 2008-09-05 7.5 HIGH N/A
The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.
CVE-2002-2367 1 Socks5 1 Socks5 2008-09-05 7.8 HIGH N/A
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.
CVE-2002-2368 1 Nec 1 Socks 5 2008-09-05 10.0 HIGH N/A
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2008-09-05 5.0 MEDIUM N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-2002-2313 1 Qualcomm 1 Eudora 2008-09-05 8.8 HIGH N/A
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer.
CVE-2002-2312 1 Opera Software 1 Opera 2008-09-05 5.8 MEDIUM N/A
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.
CVE-2002-2339 1 Script Shed 1 Ssgbook 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.