Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1468 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. | |||||
| CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | |||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2008-09-05 | 10.0 HIGH | N/A |
| CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | |||||
| CVE-2002-1465 | 1 Cafelog | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. | |||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | |||||
| CVE-2002-1484 | 1 Db4web | 1 Db4web | 2008-09-05 | 7.5 HIGH | N/A |
| DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. | |||||
| CVE-2002-1462 | 1 Organicphp | 1 Php-affiliate | 2008-09-05 | 5.0 MEDIUM | N/A |
| details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields. | |||||
| CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | |||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | |||||
| CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | |||||
| CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. | |||||
| CVE-2002-1457 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter. | |||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2008-09-05 | 7.5 HIGH | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | |||||
| CVE-2002-1547 | 1 Juniper | 1 Netscreen Screenos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. | |||||
| CVE-2002-1582 | 1 Mailreader.com | 1 Mailreader.com | 2008-09-05 | 10.0 HIGH | N/A |
| compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi. | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2002-1251 | 1 Log2mail | 1 Log2mail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. | |||||
| CVE-2002-1253 | 1 Abuse | 1 Abuse | 2008-09-05 | 7.2 HIGH | N/A |
| Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. | |||||
| CVE-2002-1276 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 4.3 MEDIUM | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | |||||
| CVE-2002-1277 | 1 Windowmaker | 1 Windowmaker | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. | |||||
| CVE-2002-1411 | 1 Duma | 1 Photo Gallery System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter. | |||||
| CVE-2002-1413 | 1 Novell | 1 Netware | 2008-09-05 | 7.5 HIGH | N/A |
| RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. | |||||
| CVE-2002-1434 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. | |||||
| CVE-2002-1421 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. | |||||
| CVE-2002-1422 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters. | |||||
| CVE-2002-1423 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | |||||
| CVE-2002-1424 | 1 John G. Myers | 1 Mpack | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1425 | 1 John G. Myers | 1 Mpack | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted. | |||||
| CVE-2002-1430 | 1 Synthetic Reality | 1 Sympoll | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. | |||||
| CVE-2002-1431 | 1 Belkin | 1 F5d5230-4 4-port Cable Dsl Gateway Router | 2008-09-05 | 7.5 HIGH | N/A |
| Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. | |||||
| CVE-2002-1433 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services. | |||||
| CVE-2002-1442 | 1 Google | 1 Toolbar | 2008-09-05 | 7.5 HIGH | N/A |
| The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. | |||||
| CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2008-09-05 | 7.5 HIGH | N/A |
| An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||
| CVE-2002-1450 | 1 Ibm | 1 U2 Universe | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. | |||||
| CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. | |||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | |||||
| CVE-2002-1477 | 1 The Cacti Group | 1 Cacti | 2008-09-05 | 7.5 HIGH | N/A |
| graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. | |||||
| CVE-2002-1455 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. | |||||
| CVE-2002-1483 | 1 Db4web | 1 Db4web | 2008-09-05 | 5.0 MEDIUM | N/A |
| db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot). | |||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2008-09-05 | 2.1 LOW | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | |||||
| CVE-2002-1471 | 1 Ximian | 1 Evolution | 2008-09-05 | 5.0 MEDIUM | N/A |
| The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. | |||||
| CVE-2002-1472 | 1 Xfree86 Project | 1 X11r6 | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. | |||||
| CVE-2002-1473 | 1 Hp | 1 Hp-ux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1474 | 1 Hp | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. | |||||
| CVE-2002-1475 | 1 Hp | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. | |||||
| CVE-2002-1485 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". | |||||
| CVE-2002-1486 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server. | |||||
| CVE-2002-1487 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. | |||||
| CVE-2002-1488 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | |||||
| CVE-2002-1489 | 1 Planetdns | 1 Planetweb | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | |||||