Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2398 | 1 App | 1 Apboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter. | |||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2008-09-05 | 10.0 HIGH | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||||
| CVE-2002-2396 | 1 Remi Lefebvre | 1 Advanced Tftp | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option. | |||||
| CVE-2002-2366 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. | |||||
| CVE-2002-2365 | 1 Springer Verlag Berlin Heidelberg | 1 Simple Wais | 2008-09-05 | 10.0 HIGH | N/A |
| Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character. | |||||
| CVE-2002-2364 | 1 Sourceforge | 1 Php Ticket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | |||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | |||||
| CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | |||||
| CVE-2003-0176 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan. | |||||
| CVE-2002-2381 | 1 Ka-shu Wong | 1 Gtetrinet | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-2382 | 1 Cvsup | 1 Cvsup | 2008-09-05 | 7.2 HIGH | N/A |
| cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | |||||
| CVE-2002-2379 | 1 Cisco | 1 As5350 | 2008-09-05 | 7.8 HIGH | N/A |
| ** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor. | |||||
| CVE-2002-2423 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 6.4 MEDIUM | N/A |
| Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | |||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2008-09-05 | 3.6 LOW | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | |||||
| CVE-2002-2385 | 1 Hotfoon Corporation | 1 Hotfoon | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number. | |||||
| CVE-2003-0214 | 1 Debian | 1 Mime-support | 2008-09-05 | 4.6 MEDIUM | N/A |
| run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-2425 | 1 Sun | 1 Solaris Answerbook2 | 2008-09-05 | 10.0 HIGH | N/A |
| Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. | |||||
| CVE-2003-0177 | 1 Sgi | 1 Irix | 2008-09-05 | 4.6 MEDIUM | N/A |
| SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently. | |||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | |||||
| CVE-2002-2424 | 1 Ekilat Llc | 1 Php\(reactor\) | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | |||||
| CVE-2002-2420 | 1 Independent Solution | 2 Simple Site Searcher, Super Site Searcher | 2008-09-05 | 7.5 HIGH | N/A |
| site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2002-2375 | 1 Stalker | 1 Communigate Pro | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | |||||
| CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | |||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | |||||
| CVE-2002-2377 | 1 Sephiroth32 | 1 Zap Book | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | |||||
| CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2008-09-05 | 7.1 HIGH | N/A |
| Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | |||||
| CVE-2002-2373 | 1 Apple | 2 Apple Laserwriter, Tcp Ip Configuration Utility | 2008-09-05 | 7.5 HIGH | N/A |
| The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. | |||||
| CVE-2002-2354 | 1 Netgear | 1 Fm114p | 2008-09-05 | 7.8 HIGH | N/A |
| Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | |||||
| CVE-2002-2376 | 1 Leung | 1 E-guest | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. | |||||
| CVE-2002-2387 | 1 Mollensoft Software | 1 Hyperion Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | |||||
| CVE-2002-2352 | 1 Neosoft | 1 Neobook | 2008-09-05 | 5.8 MEDIUM | N/A |
| The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs. | |||||
| CVE-2002-2380 | 2 Arescom, Microsoft | 2 Netdsl, Network Firmware | 2008-09-05 | 6.4 MEDIUM | N/A |
| NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | |||||
| CVE-2002-2388 | 1 Inweb | 1 Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. | |||||
| CVE-2002-2407 | 1 Qnx | 1 Rtos | 2008-09-05 | 6.9 MEDIUM | N/A |
| Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed. | |||||
| CVE-2002-2409 | 1 Qnx | 2 Neutrino Rtos, Photon Microgui | 2008-09-05 | 3.5 LOW | N/A |
| Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | |||||
| CVE-2002-2406 | 1 Perception | 1 Liteserve | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request. | |||||
| CVE-2003-0061 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. | |||||
| CVE-2003-0126 | 1 Multitech | 1 Routefinder 550 Vpn | 2008-09-05 | 7.5 HIGH | N/A |
| The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities. | |||||
| CVE-2002-2395 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. | |||||
| CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 6.4 MEDIUM | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||||
| CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | |||||
| CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | |||||
| CVE-2002-2408 | 1 Gordano | 1 Ntmail | 2008-09-05 | 7.5 HIGH | N/A |
| Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server. | |||||
| CVE-2003-0194 | 1 Redhat | 2 Linux, Tcpdump | 2008-09-05 | 4.6 MEDIUM | N/A |
| tcpdump does not properly drop privileges to the pcap user when starting up. | |||||
| CVE-2002-2390 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | |||||
| CVE-2002-2076 | 1 Summit Computer Networks | 1 Lil Http | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.8 HIGH | N/A |
| The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | |||||
| CVE-2002-2075 | 1 Mirabilis | 1 Icq | 2008-09-05 | 5.0 MEDIUM | N/A |
| ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||||
| CVE-2002-2344 | 1 Ensim | 1 Webppliance | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. | |||||