Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1937 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2008-09-05 | 5.0 MEDIUM | N/A |
| Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password. | |||||
| CVE-2002-1936 | 1 Utstarcom | 1 Bas 1000 | 2008-09-05 | 7.5 HIGH | N/A |
| UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase". | |||||
| CVE-2002-1834 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2008-09-05 | 6.4 MEDIUM | N/A |
| The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history. | |||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | |||||
| CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. | |||||
| CVE-2002-1924 | 1 Apc | 1 Powerchute | 2008-09-05 | 5.0 MEDIUM | N/A |
| PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory. | |||||
| CVE-2002-1922 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | |||||
| CVE-2002-1916 | 1 Pirch | 2 Pirch Irc, Ruspirch | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries. | |||||
| CVE-2002-1784 | 1 Hp | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
| CVE-2002-1914 | 1 Dump | 1 Dump | 2008-09-05 | 2.1 LOW | N/A |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | |||||
| CVE-2002-1913 | 1 Myphpnuke | 1 Myphpnuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable. | |||||
| CVE-2002-1785 | 1 Zeus Technologies | 1 Zeus Web Server | 2008-09-05 | 1.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi. | |||||
| CVE-2002-1911 | 1 Zonelabs | 1 Zonealarm | 2008-09-05 | 5.0 MEDIUM | N/A |
| ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue. | |||||
| CVE-2002-1910 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2002-1902 | 1 Markus Triska | 1 Cgiforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. | |||||
| CVE-2002-1901 | 1 Bodo Bauer | 1 Bbgallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. | |||||
| CVE-2002-1900 | 1 Pinboard | 1 Pinboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. | |||||
| CVE-2002-1893 | 1 Argosoft | 1 Argosoft Mail Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message. | |||||
| CVE-2002-1892 | 1 Netgear | 1 Fvs318 | 2008-09-05 | 2.1 LOW | N/A |
| NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | |||||
| CVE-2002-1891 | 1 Ayman Akt | 1 Ircit | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request. | |||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2008-09-05 | 2.1 LOW | N/A |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. | |||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
| CVE-2002-1838 | 1 Steve Sachs | 1 Charities.cron | 2008-09-05 | 5.0 MEDIUM | N/A |
| Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-1884 | 1 Py-membres | 1 Py-membres | 2008-09-05 | 7.5 HIGH | N/A |
| index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". | |||||
| CVE-2002-1883 | 1 Trolltech | 1 Qt Assistant | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service. | |||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | |||||
| CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2008-09-05 | 5.0 MEDIUM | N/A |
| LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. | |||||
| CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. | |||||
| CVE-2002-1791 | 1 Sgi | 1 Irix | 2008-09-05 | 2.1 LOW | N/A |
| SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files. | |||||
| CVE-2002-1793 | 1 Hp | 2 Virtualvault, Vvos | 2008-09-05 | 5.0 MEDIUM | N/A |
| HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2002-1796 | 1 Hp | 1 Chaivm | 2008-09-05 | 4.6 MEDIUM | N/A |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | |||||
| CVE-2002-1498 | 1 Trevor Lee | 1 Swserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters. | |||||
| CVE-2002-1499 | 1 Factosystem | 1 Factosystem Weblog | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | |||||
| CVE-2002-1500 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2002-1501 | 1 Enterasys | 1 Smartswitch Ssr8000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. | |||||
| CVE-2002-1439 | 1 Hp | 2 Virtualvault, Vvos | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. | |||||
| CVE-2002-1503 | 1 Afd | 1 Afd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. | |||||
| CVE-2002-1440 | 1 Gateway | 1 Gs-400 | 2008-09-05 | 10.0 HIGH | N/A |
| The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. | |||||
| CVE-2002-1504 | 1 Radiobird Software | 1 Webserver 4 Everyone | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. | |||||
| CVE-2002-1485 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". | |||||
| CVE-2002-1510 | 1 Xfree86 Project | 1 X11r6 | 2008-09-05 | 10.0 HIGH | N/A |
| xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. | |||||
| CVE-2002-1551 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. | |||||