Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2043 | 1 Cyrus | 1 Sasl | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. | |||||
| CVE-2002-2044 | 1 Xqus | 1 X-stat | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action. | |||||
| CVE-2002-2068 | 1 Sami Tolvanen | 1 Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2046 | 1 Xqus | 1 X-news | 2008-09-05 | 7.5 HIGH | N/A |
| x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. | |||||
| CVE-2002-2047 | 1 Sketch | 1 Sketch | 2008-09-05 | 10.0 HIGH | N/A |
| The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file. | |||||
| CVE-2002-2067 | 1 East Technologies | 1 East-tec Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2319 | 1 Mysimplenews | 1 Mysimplenews | 2008-09-05 | 7.5 HIGH | N/A |
| Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. | |||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2008-09-05 | 5.0 MEDIUM | N/A |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | |||||
| CVE-2002-2060 | 1 Twibright Labs | 1 Links | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images. | |||||
| CVE-2002-2059 | 1 Intel | 4 D845bg Motherboard, D845hv Motherboard, D845pt Motherboard and 1 more | 2008-09-05 | 4.6 MEDIUM | N/A |
| BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key. | |||||
| CVE-2002-2058 | 1 Teekai | 1 Teekai Tracking Online | 2008-09-05 | 5.0 MEDIUM | N/A |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
| CVE-2002-2090 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. | |||||
| CVE-2002-2023 | 1 Yamaguchi | 1 Shingo Beep2 | 2008-09-05 | 2.1 LOW | N/A |
| The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors. | |||||
| CVE-2002-2312 | 1 Opera Software | 1 Opera | 2008-09-05 | 5.8 MEDIUM | N/A |
| Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. | |||||
| CVE-2002-2022 | 1 Kaffe | 1 Kaffe Openvm | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute. | |||||
| CVE-2002-1896 | 1 Alsaplayer | 1 Alsaplayer | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument. | |||||
| CVE-2002-1898 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.2 HIGH | N/A |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
| CVE-2002-1899 | 1 Icewarp | 1 Web Mail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. | |||||
| CVE-2002-1904 | 1 Gaztek | 1 Ghttpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1905 | 1 Polycom | 1 Viavideo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1906 | 1 Polycom | 1 Viavideo | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | |||||
| CVE-2002-1907 | 1 Telcondex | 1 Simplewebserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. | |||||
| CVE-2002-1910 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1911 | 1 Zonelabs | 1 Zonealarm | 2008-09-05 | 5.0 MEDIUM | N/A |
| ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue. | |||||
| CVE-2002-1913 | 1 Myphpnuke | 1 Myphpnuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable. | |||||
| CVE-2002-1914 | 1 Dump | 1 Dump | 2008-09-05 | 2.1 LOW | N/A |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | |||||
| CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
| CVE-2002-1916 | 1 Pirch | 2 Pirch Irc, Ruspirch | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries. | |||||
| CVE-2002-1917 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header. | |||||
| CVE-2002-1920 | 1 Datawizard | 1 Ftpxq | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. | |||||
| CVE-2002-1957 | 1 Pen | 1 Pen | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages. | |||||
| CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. | |||||
| CVE-2002-1930 | 1 An | 1 An-httpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
| CVE-2002-1931 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. | |||||
| CVE-2002-1933 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.2 HIGH | N/A |
| The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | |||||
| CVE-2002-1952 | 1 Phprank | 1 Phprank | 2008-09-05 | 7.5 HIGH | N/A |
| phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable. | |||||
| CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. | |||||
| CVE-2002-1954 | 1 Php | 1 Php | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
| CVE-2002-1955 | 1 Iomega | 1 Nas | 2008-09-05 | 5.0 MEDIUM | N/A |
| Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. | |||||
| CVE-2002-1591 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 7.5 HIGH | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions. | |||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2002-1761 | 1 Phprojekt | 1 Phprojekt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||||
| CVE-2002-1779 | 1 Symantec | 1 Norton Personal Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). | |||||
| CVE-2002-1791 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files. | |||||
| CVE-2002-1793 | 1 Hp | 2 Virtualvault, Vvos | 2008-09-05 | 5.0 MEDIUM | N/A |
| HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service. | |||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2002-1796 | 1 Hp | 1 Chaivm | 2008-09-05 | 4.6 MEDIUM | N/A |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | |||||
| CVE-2002-1797 | 1 Hp | 1 Chaivm | 2008-09-05 | 4.6 MEDIUM | N/A |
| ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer. | |||||