Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2326 | 1 Apple | 1 Mac Os X | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. | |||||
| CVE-2002-2325 | 1 University Of Washington | 1 Pine | 2008-09-05 | 7.8 HIGH | N/A |
| The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | |||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 7.2 HIGH | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
| CVE-2002-2349 | 1 Phpbb | 1 Phpbbmod | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | |||||
| CVE-2002-2319 | 1 Mysimplenews | 1 Mysimplenews | 2008-09-05 | 7.5 HIGH | N/A |
| Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. | |||||
| CVE-2002-2103 | 1 Apache | 1 Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | |||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2008-09-05 | 5.0 MEDIUM | N/A |
| InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data. | |||||
| CVE-2002-2318 | 1 Blueface | 1 Falcon Web Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages. | |||||
| CVE-2002-2317 | 1 Symantec | 1 Velociraptor | 2008-09-05 | 7.8 HIGH | N/A |
| Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||||
| CVE-2002-2316 | 1 Cisco | 1 Catos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing. | |||||
| CVE-2002-2315 | 1 Cisco | 1 Ios | 2008-09-05 | 7.8 HIGH | N/A |
| Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router. | |||||
| CVE-2002-2090 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. | |||||
| CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | |||||
| CVE-2002-2313 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 8.8 HIGH | N/A |
| Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. | |||||
| CVE-2002-2089 | 1 Sun | 1 Solaris | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2008-09-05 | 10.0 HIGH | N/A |
| The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | |||||
| CVE-2002-2312 | 1 Opera Software | 1 Opera | 2008-09-05 | 5.8 MEDIUM | N/A |
| Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. | |||||
| CVE-2002-2133 | 1 Telindus | 1 1120 Adsl Router | 2008-09-05 | 10.0 HIGH | N/A |
| Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. | |||||
| CVE-2002-2134 | 1 Peel | 1 Peel | 2008-09-05 | 5.0 MEDIUM | N/A |
| haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. | |||||
| CVE-2002-2149 | 1 Lucent | 3 Access Point Service Router 1500, Access Point Service Router 300, Access Point Service Router 600 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface. | |||||
| CVE-2002-2150 | 1 Juniper | 1 Netscreen Screenos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. | |||||
| CVE-2002-2152 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 10.0 HIGH | N/A |
| The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected. | |||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2008-09-05 | 5.0 MEDIUM | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | |||||
| CVE-2002-2087 | 1 Borland Software | 1 Interbase | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server. | |||||
| CVE-2002-2309 | 1 Php | 1 Php | 2008-09-05 | 7.8 HIGH | N/A |
| php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. | |||||
| CVE-2002-2085 | 1 Wwwebbb | 1 Wwwebbb Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2002-2084 | 1 Portix-php | 1 Portix-php | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters. | |||||
| CVE-2002-2308 | 1 Netscape | 1 Communicator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | |||||
| CVE-2002-2071 | 1 Compaq | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap. | |||||
| CVE-2002-2070 | 1 Accessdata | 1 Secureclean | 2008-09-05 | 5.0 MEDIUM | N/A |
| SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2307 | 1 Pyramid | 1 Benhur Software Update | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. | |||||
| CVE-2002-2069 | 1 Pgp | 1 Pgp | 2008-09-05 | 5.0 MEDIUM | N/A |
| PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2161 | 1 Kerio | 1 Personal Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood. | |||||
| CVE-2002-2162 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 4.6 MEDIUM | N/A |
| Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. | |||||
| CVE-2002-2068 | 1 Sami Tolvanen | 1 Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2008-09-05 | 4.0 MEDIUM | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | |||||
| CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2008-09-05 | 5.0 MEDIUM | N/A |
| iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. | |||||
| CVE-2002-2344 | 1 Ensim | 1 Webppliance | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. | |||||
| CVE-2002-2164 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. | |||||
| CVE-2002-1986 | 1 Perception | 1 Liteserve | 2008-09-05 | 5.0 MEDIUM | N/A |
| Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot ("."). | |||||
| CVE-2002-2165 | 1 Imho | 1 Imho Webmail | 2008-09-05 | 2.1 LOW | N/A |
| The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox. | |||||
| CVE-2002-2067 | 1 East Technologies | 1 East-tec Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-1987 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot). | |||||
| CVE-2002-1988 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources. | |||||
| CVE-2002-1989 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp. | |||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2008-09-05 | 5.0 MEDIUM | N/A |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | |||||
| CVE-2002-1990 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. | |||||
| CVE-2002-2060 | 1 Twibright Labs | 1 Links | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images. | |||||
| CVE-2002-1992 | 1 Macromedia | 2 Coldfusion, Coldfusion Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | |||||