Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1499 | 1 Factosystem | 1 Factosystem Weblog | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | |||||
| CVE-2002-1500 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | |||||
| CVE-2002-1501 | 1 Enterasys | 1 Smartswitch Ssr8000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. | |||||
| CVE-2002-1503 | 1 Afd | 1 Afd | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. | |||||
| CVE-2002-1504 | 1 Radiobird Software | 1 Webserver 4 Everyone | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. | |||||
| CVE-2002-1521 | 1 Mdg Computer Services | 1 Web Server 4d | 2008-09-05 | 2.1 LOW | N/A |
| Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. | |||||
| CVE-2002-1522 | 1 Cooolsoft | 1 Powerftp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. | |||||
| CVE-2002-1523 | 1 Daniel Arenz | 1 Mini Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. | |||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | |||||
| CVE-2002-1426 | 1 Hp | 1 Procurve Switch 4000m | 2008-09-05 | 7.8 HIGH | N/A |
| HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | |||||
| CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | |||||
| CVE-2002-1525 | 2 Astaware, Sun | 2 Searchdisc, Sunone Starter Kit | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017. | |||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | |||||
| CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | |||||
| CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. | |||||
| CVE-2002-1457 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter. | |||||
| CVE-2002-1441 | 1 Tomahawk Technologies | 1 Steelarrow | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. | |||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | |||||
| CVE-2002-1428 | 1 Dotproject | 1 Dotproject | 2008-09-05 | 10.0 HIGH | N/A |
| index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. | |||||
| CVE-2002-1427 | 1 Easy Scripts Archive | 2 Advanced Easy Homepage Creator, Easy Homepage Creator | 2008-09-05 | 7.5 HIGH | N/A |
| The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. | |||||
| CVE-2002-1410 | 2 Ben Chivers, Easy Scripts Archive | 2 Ben Chivers Guestbook, Easy Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi. | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2008-09-05 | 7.5 HIGH | N/A |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | |||||
| CVE-2002-1480 | 1 Phpgb | 1 Phpgb | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. | |||||
| CVE-2002-1478 | 1 The Cacti Group | 1 Cacti | 2008-09-05 | 10.0 HIGH | N/A |
| Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. | |||||
| CVE-2002-1224 | 1 Kde | 1 Kde | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | |||||
| CVE-2002-1251 | 1 Log2mail | 1 Log2mail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. | |||||
| CVE-2002-1253 | 1 Abuse | 1 Abuse | 2008-09-05 | 7.2 HIGH | N/A |
| Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. | |||||
| CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | |||||
| CVE-2002-0894 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2008-09-05 | 5.0 MEDIUM | N/A |
| NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet. | |||||
| CVE-2002-0895 | 1 Matu | 1 Matu Ftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. | |||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | |||||
| CVE-2002-1075 | 1 David Harris | 1 Pegasus Mail | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. | |||||
| CVE-2002-0896 | 1 Swatch | 1 Swatch | 2008-09-05 | 5.0 MEDIUM | N/A |
| The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection. | |||||
| CVE-2002-1073 | 1 Atrium Software | 1 Mercur Mailserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password. | |||||
| CVE-2002-0897 | 1 Intranet-server | 1 Localweb2000 | 2008-09-05 | 7.5 HIGH | N/A |
| LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. | |||||
| CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. | |||||
| CVE-2002-1043 | 1 Ultrafunk | 1 Popcorn | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). | |||||
| CVE-2002-1050 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. | |||||
| CVE-2002-1044 | 1 Ultrafunk | 1 Popcorn | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field. | |||||
| CVE-2002-0821 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | |||||
| CVE-2002-1008 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. | |||||
| CVE-2002-0925 | 1 Matthew Mondor | 2 Mmftpd, Mmmail | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier. | |||||
| CVE-2002-1009 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. | |||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 7.5 HIGH | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||||
| CVE-2002-0926 | 1 Wolfram Research | 1 Webmathematica | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter. | |||||
| CVE-2002-0928 | 1 Pirch | 1 Pirch Irc | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message. | |||||
| CVE-2002-0929 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | |||||
| CVE-2002-0943 | 1 Metalinks | 1 Metacart2.sql | 2008-09-05 | 6.4 MEDIUM | N/A |
| MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. | |||||