Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2162 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 4.6 MEDIUM | N/A |
| Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. | |||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2008-09-05 | 7.5 HIGH | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | |||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2008-09-05 | 4.0 MEDIUM | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | |||||
| CVE-2002-2164 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. | |||||
| CVE-2002-2165 | 1 Imho | 1 Imho Webmail | 2008-09-05 | 2.1 LOW | N/A |
| The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox. | |||||
| CVE-2002-2035 | 1 Realityscape | 1 Mylogin 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form. | |||||
| CVE-2002-2173 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message. | |||||
| CVE-2002-2036 | 1 Sun | 1 Ray Server Software | 2008-09-05 | 7.5 HIGH | N/A |
| Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. | |||||
| CVE-2002-2018 | 1 Sas | 2 Base, Integration Technologies | 2008-09-05 | 7.2 HIGH | N/A |
| sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | |||||
| CVE-2002-2174 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections. | |||||
| CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | |||||
| CVE-2002-2351 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 6.4 MEDIUM | N/A |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | |||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | |||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||||
| CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | |||||
| CVE-2002-2348 | 1 Authoria | 1 Authoria | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2002-2148 | 1 Lucent | 3 Ascend Max Router, Ascend Pipeline Router, Dslterminator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response. | |||||
| CVE-2002-2235 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 5.0 MEDIUM | N/A |
| member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. | |||||
| CVE-2002-2315 | 1 Cisco | 1 Ios | 2008-09-05 | 7.8 HIGH | N/A |
| Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router. | |||||
| CVE-2002-2109 | 1 Matt Wright | 1 Formmail | 2008-09-05 | 7.5 HIGH | N/A |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. | |||||
| CVE-2002-2110 | 1 Rca | 1 Digital Cable Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device. | |||||
| CVE-2002-1982 | 1 Icecast | 1 Icecast | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. | |||||
| CVE-2002-2112 | 1 Rca | 1 Digital Cable Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information. | |||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2008-09-05 | 7.5 HIGH | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | |||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2002-2167 | 1 Thorsten Korner | 1 123tkshop | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call. | |||||
| CVE-2002-2313 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 8.8 HIGH | N/A |
| Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. | |||||
| CVE-2002-2264 | 1 Hp | 1 Secure Web Server For Tru64 | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain. | |||||
| CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | |||||
| CVE-2002-2122 | 1 Pointsec Mobile Technologies | 1 Pointsec | 2008-09-05 | 2.1 LOW | N/A |
| Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory. | |||||
| CVE-2002-2145 | 1 Savant | 1 Savant Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename. | |||||
| CVE-2002-2126 | 1 Pedestal Software | 1 Integrity Protection Driver | 2008-09-05 | 2.1 LOW | N/A |
| restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time. | |||||
| CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | |||||
| CVE-2002-2128 | 1 W-agora | 1 W-agora | 2008-09-05 | 4.6 MEDIUM | N/A |
| editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2002-2146 | 1 Savant | 1 Savant Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request. | |||||
| CVE-2002-1977 | 1 Pgp | 1 Pgp | 2008-09-05 | 2.1 LOW | N/A |
| Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase. | |||||
| CVE-2002-2245 | 1 Netbsd | 1 Ftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session. | |||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | |||||
| CVE-2002-2143 | 1 Mysimplenews | 1 Mysimplenews | 2008-09-05 | 7.5 HIGH | N/A |
| The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. | |||||
| CVE-2002-2040 | 1 Qnx | 1 Rtos | 2008-09-05 | 7.2 HIGH | N/A |
| The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program. | |||||
| CVE-2002-2234 | 1 Netscreen | 1 Screenos | 2008-09-05 | 4.3 MEDIUM | N/A |
| NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. | |||||
| CVE-2002-2058 | 1 Teekai | 1 Teekai Tracking Online | 2008-09-05 | 5.0 MEDIUM | N/A |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
| CVE-2002-1976 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap. | |||||
| CVE-2002-2232 | 1 Mollensoft Software | 1 Enceladus Server Suite | 2008-09-05 | 8.5 HIGH | N/A |
| Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. | |||||
| CVE-2002-2229 | 1 Sapio Design Ltd | 1 Webreflex | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | |||||
| CVE-2002-2144 | 1 Free Peers | 1 Bearshare | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters. | |||||
| CVE-2002-2228 | 1 Mailscanner | 1 Mailscanner | 2008-09-05 | 6.4 MEDIUM | N/A |
| MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | |||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2008-09-05 | 5.0 MEDIUM | N/A |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2216 | 1 Soft3304 | 1 04webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information. | |||||
| CVE-2002-2215 | 1 Php | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | |||||