Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1066 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack. | |||||
| CVE-2002-1065 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing. | |||||
| CVE-2002-1064 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2002-1062 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries. | |||||
| CVE-2002-1061 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response. | |||||
| CVE-2002-1060 | 1 Bluecoat | 1 Cacheos | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | |||||
| CVE-2002-1058 | 1 Cobalt | 1 Qube | 2008-09-05 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file. | |||||
| CVE-2002-1057 | 1 Smartmax Software | 1 Mailmax | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2002-1055 | 1 Brother | 1 Nc-3100h | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password. | |||||
| CVE-2002-1017 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 2.1 LOW | N/A |
| Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. | |||||
| CVE-2002-1016 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 4.6 MEDIUM | N/A |
| Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. | |||||
| CVE-2002-1013 | 1 Inktomi | 3 Media-ixt, Traffic Edge, Traffic Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. | |||||
| CVE-2002-1012 | 1 Ibm | 1 Tivoli Management Framework | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1011 | 1 Ibm | 1 Tivoli Management Framework | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1010 | 1 Lotus | 1 Domino R4 | 2008-09-05 | 7.5 HIGH | N/A |
| Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. | |||||
| CVE-2002-1009 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. | |||||
| CVE-2002-1008 | 1 Summit Computer Networks | 1 Lil Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. | |||||
| CVE-2002-1007 | 1 Blackboard | 1 Blackboard | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. | |||||
| CVE-2002-1006 | 1 Bbc Education | 1 Betsie | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. | |||||
| CVE-2002-1004 | 1 Argosoft | 1 Argosoft Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. | |||||
| CVE-2002-1003 | 1 Mywebserver | 1 Mywebserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1002 | 1 Novell | 1 Emframe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
| CVE-2002-1001 | 1 Analogx | 1 Proxy | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. | |||||
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. | |||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. | |||||
| CVE-2002-0998 | 1 Care 2002 | 1 Care 2002 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. | |||||
| CVE-2002-0997 | 1 Novell | 2 Netmail, Netmail Xe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. | |||||
| CVE-2002-0947 | 1 Oracle | 2 Application Server, Reports | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | |||||
| CVE-2002-0946 | 1 Seanox | 1 Devwex | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request. | |||||
| CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | |||||
| CVE-2002-0855 | 1 Gnu | 1 Mailman | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | |||||
| CVE-2002-1053 | 1 W3c | 1 Jigsaw | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message. | |||||
| CVE-2002-1014 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. | |||||
| CVE-2002-1063 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports. | |||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | |||||
| CVE-2002-0934 | 1 Jon Hedley | 1 Alienform2 | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file. | |||||
| CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | |||||
| CVE-2002-0926 | 1 Wolfram Research | 1 Webmathematica | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter. | |||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 7.5 HIGH | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||||
| CVE-2002-0821 | 1 Ethereal Group | 1 Ethereal | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | |||||
| CVE-2002-0933 | 1 Datalex | 1 Bookit Consumer | 2008-09-05 | 7.5 HIGH | N/A |
| Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks. | |||||
| CVE-2002-1040 | 1 Ibm | 1 Aix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames. | |||||
| CVE-2002-1029 | 1 Worldspan | 1 Res Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. | |||||
| CVE-2002-1043 | 1 Ultrafunk | 1 Popcorn | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). | |||||
| CVE-2002-1028 | 1 Oddsock | 1 Song Requester | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments. | |||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | |||||
| CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. | |||||
| CVE-2002-0914 | 1 Double Precision Incorporated | 1 Courier Mta | 2008-09-05 | 5.0 MEDIUM | N/A |
| Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. | |||||
| CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||||