Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1525 | 2 Astaware, Sun | 2 Searchdisc, Sunone Starter Kit | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017. | |||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | |||||
| CVE-2002-1523 | 1 Daniel Arenz | 1 Mini Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. | |||||
| CVE-2002-1522 | 1 Cooolsoft | 1 Powerftp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. | |||||
| CVE-2002-1521 | 1 Mdg Computer Services | 1 Web Server 4d | 2008-09-05 | 2.1 LOW | N/A |
| Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. | |||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | |||||
| CVE-2002-1514 | 1 Borland Software | 1 Interbase | 2008-09-05 | 7.2 HIGH | N/A |
| gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. | |||||
| CVE-2002-1513 | 1 Compaq | 1 Tcp-ip Services | 2008-09-05 | 4.6 MEDIUM | N/A |
| The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. | |||||
| CVE-2002-1512 | 1 Tolis Group | 1 Bru | 2008-09-05 | 6.2 MEDIUM | N/A |
| xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file. | |||||
| CVE-2002-1430 | 1 Synthetic Reality | 1 Sympoll | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. | |||||
| CVE-2002-1510 | 1 Xfree86 Project | 1 X11r6 | 2008-09-05 | 10.0 HIGH | N/A |
| xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. | |||||
| CVE-2002-1434 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. | |||||
| CVE-2002-1477 | 1 The Cacti Group | 1 Cacti | 2008-09-05 | 7.5 HIGH | N/A |
| graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. | |||||
| CVE-2002-1507 | 1 Epic Games | 1 Unreal Tournament Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777. | |||||
| CVE-2002-1506 | 1 Jacques Gelinas | 1 Linuxconf | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. | |||||
| CVE-2002-1505 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. | |||||
| CVE-2002-1482 | 1 Phpgb | 1 Phpgb | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. | |||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2008-09-05 | 7.5 HIGH | N/A |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | |||||
| CVE-2002-1480 | 1 Phpgb | 1 Phpgb | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. | |||||
| CVE-2002-1478 | 1 The Cacti Group | 1 Cacti | 2008-09-05 | 10.0 HIGH | N/A |
| Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. | |||||
| CVE-2002-1465 | 1 Cafelog | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. | |||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | |||||
| CVE-2002-1468 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. | |||||
| CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | |||||
| CVE-2002-1431 | 1 Belkin | 1 F5d5230-4 4-port Cable Dsl Gateway Router | 2008-09-05 | 7.5 HIGH | N/A |
| Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. | |||||
| CVE-2002-1433 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services. | |||||
| CVE-2002-1426 | 1 Hp | 1 Procurve Switch 4000m | 2008-09-05 | 7.8 HIGH | N/A |
| HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | |||||
| CVE-2002-1442 | 1 Google | 1 Toolbar | 2008-09-05 | 7.5 HIGH | N/A |
| The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. | |||||
| CVE-2002-1445 | 1 W3c | 1 Cern Httpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. | |||||
| CVE-2002-1446 | 1 Ncipher | 1 Pkcs 11 Library | 2008-09-05 | 5.0 MEDIUM | N/A |
| The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. | |||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | |||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2008-09-05 | 7.5 HIGH | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | |||||
| CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2008-09-05 | 7.5 HIGH | N/A |
| An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2008-09-05 | 10.0 HIGH | N/A |
| CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | |||||
| CVE-2002-1583 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. | |||||
| CVE-2002-1582 | 1 Mailreader.com | 1 Mailreader.com | 2008-09-05 | 10.0 HIGH | N/A |
| compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi. | |||||
| CVE-2002-1450 | 1 Ibm | 1 U2 Universe | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. | |||||
| CVE-2002-1551 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2002-1545 | 1 Cooolsoft | 1 Personal Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response. | |||||
| CVE-2002-1544 | 1 Cooolsoft | 1 Personal Ftp Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get. | |||||
| CVE-2002-1543 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. | |||||
| CVE-2002-1427 | 1 Easy Scripts Archive | 2 Advanced Easy Homepage Creator, Easy Homepage Creator | 2008-09-05 | 7.5 HIGH | N/A |
| The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. | |||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | |||||
| CVE-2002-1428 | 1 Dotproject | 1 Dotproject | 2008-09-05 | 10.0 HIGH | N/A |
| index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. | |||||
| CVE-2002-1541 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 7.5 HIGH | N/A |
| BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). | |||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | |||||
| CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. | |||||
| CVE-2002-1533 | 1 Jetty | 1 Jetty | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). | |||||
| CVE-2002-1532 | 1 Surfcontrol | 1 Superscout Email Filter | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it. | |||||
| CVE-2002-1531 | 1 Surfcontrol | 1 Superscout Email Filter | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. | |||||