Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2184 | 1 Digi-net Technologies | 1 Digichat | 2008-09-05 | 5.0 MEDIUM | N/A |
| Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet. | |||||
| CVE-2002-2186 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL. | |||||
| CVE-2002-2187 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact. | |||||
| CVE-2002-2188 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 4.9 MEDIUM | N/A |
| OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error. | |||||
| CVE-2002-2195 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. | |||||
| CVE-2002-2196 | 1 Samba | 1 Samba | 2008-09-05 | 7.5 HIGH | N/A |
| Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2002-2236 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-2198 | 1 Zmailer | 1 Zmailer | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname. | |||||
| CVE-2002-2229 | 1 Sapio Design Ltd | 1 Webreflex | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | |||||
| CVE-2002-2228 | 1 Mailscanner | 1 Mailscanner | 2008-09-05 | 6.4 MEDIUM | N/A |
| MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | |||||
| CVE-2002-2201 | 1 Webmin | 1 Webmin | 2008-09-05 | 10.0 HIGH | N/A |
| The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name. | |||||
| CVE-2002-2202 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 3.8 LOW | N/A |
| Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email. | |||||
| CVE-2002-2204 | 1 Redhat | 1 Redhat Package Manager | 2008-09-05 | 7.5 HIGH | N/A |
| The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. | |||||
| CVE-2002-2216 | 1 Soft3304 | 1 04webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information. | |||||
| CVE-2002-2215 | 1 Php | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. | |||||
| CVE-2002-2214 | 1 Php | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. | |||||
| CVE-2002-1690 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225. | |||||
| CVE-2002-1687 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable. | |||||
| CVE-2002-1686 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in lscfg of unknown versions of AIX has unknown impact. | |||||
| CVE-2002-1975 | 1 Sharp | 1 Zaurus | 2008-09-05 | 2.1 LOW | N/A |
| Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
| CVE-2002-1974 | 1 Sharp | 1 Zaurus | 2008-09-05 | 10.0 HIGH | N/A |
| The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root. | |||||
| CVE-2002-1972 | 1 Sebastian Dehne | 1 Pp Powerswitch | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports. | |||||
| CVE-2002-1967 | 1 Mark Hanson | 1 Xircon | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command. | |||||
| CVE-2002-1966 | 1 My Postcards | 1 My Postcards Platinum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2002-1965 | 1 Imatix | 1 Xitami | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. | |||||
| CVE-2002-1964 | 1 Wesmo | 1 Phpeventcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2002-1963 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries. | |||||
| CVE-2002-1955 | 1 Iomega | 1 Nas | 2008-09-05 | 5.0 MEDIUM | N/A |
| Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. | |||||
| CVE-2002-1954 | 1 Php | 1 Php | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
| CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. | |||||
| CVE-2002-1952 | 1 Phprank | 1 Phprank | 2008-09-05 | 7.5 HIGH | N/A |
| phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable. | |||||
| CVE-2002-1950 | 1 Phprank | 1 Phprank | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list. | |||||
| CVE-2002-1949 | 1 Iomega | 1 Nas | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |||||
| CVE-2002-1948 | 1 Gringotts | 1 Gringotts | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2002-1947 | 1 Webmin | 1 Webmin | 2008-09-05 | 6.4 MEDIUM | N/A |
| Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. | |||||
| CVE-2002-1933 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.2 HIGH | N/A |
| The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | |||||
| CVE-2002-1931 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. | |||||
| CVE-2002-1930 | 1 An | 1 An-httpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
| CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. | |||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | |||||
| CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. | |||||
| CVE-2002-1924 | 1 Apc | 1 Powerchute | 2008-09-05 | 5.0 MEDIUM | N/A |
| PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory. | |||||
| CVE-2002-1922 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | |||||
| CVE-2002-1957 | 1 Pen | 1 Pen | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages. | |||||
| CVE-2002-1920 | 1 Datawizard | 1 Ftpxq | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. | |||||
| CVE-2002-1917 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2002-1902 | 1 Markus Triska | 1 Cgiforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. | |||||
| CVE-2002-1901 | 1 Bodo Bauer | 1 Bbgallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. | |||||
| CVE-2002-1900 | 1 Pinboard | 1 Pinboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. | |||||