Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0501 1 Posadis 1 Posadis 2008-09-05 7.2 HIGH N/A
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
CVE-2002-0557 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
CVE-2002-0518 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.
CVE-2002-0786 1 Critical Path 1 Injoin Directory Server 2008-09-05 5.0 MEDIUM N/A
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.
CVE-2002-0787 1 Critical Path 1 Injoin Directory Server 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
CVE-2002-0801 1 Macromedia 1 Jrun 2008-09-05 10.0 HIGH N/A
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
CVE-2002-0800 1 Working Resources Inc. 1 Badblue 2008-09-05 5.0 MEDIUM N/A
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
CVE-2002-0799 1 Youngzsoft 1 Cmailserver 2008-09-05 7.5 HIGH N/A
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
CVE-2002-0591 1 Aol 1 Instant Messenger 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
CVE-2002-0593 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2008-09-05 7.5 HIGH N/A
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
CVE-2002-0594 3 Galeon, Mozilla, Netscape 3 Galeon Browser, Mozilla, Navigator 2008-09-05 5.0 MEDIUM N/A
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
CVE-2002-0595 1 Webtrends 1 Reporting Center 2008-09-05 7.5 HIGH N/A
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.
CVE-2002-0598 1 Foundstone 1 Fscan 2008-09-05 7.5 HIGH N/A
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner.
CVE-2002-0580 1 Workforceroi 1 Xpede 2008-09-05 7.5 HIGH N/A
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
CVE-2002-0579 1 Workforceroi 1 Xpede 2008-09-05 7.5 HIGH N/A
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVE-2002-0599 1 Blahz-dns 1 Blahz-dns 2008-09-05 10.0 HIGH N/A
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
CVE-2002-0608 1 Matu 1 Matu Ftp 2008-09-05 7.5 HIGH N/A
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
CVE-2002-0609 1 Hp 1 Mpe Ix 2008-09-05 5.0 MEDIUM N/A
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets.
CVE-2002-0451 1 Phpprojekt 1 Phpprojekt 2008-09-05 7.5 HIGH N/A
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
CVE-2002-0590 1 Icredibb 1 Icredibb 2008-09-05 7.5 HIGH N/A
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.
CVE-2002-0610 1 Hp 1 Mpe Ix 2008-09-05 7.5 HIGH N/A
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.
CVE-2002-0452 1 Foundrynet 1 Serveriron 2008-09-05 7.5 HIGH N/A
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
CVE-2002-0611 1 Craig Patchett 1 Fileseek 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.
CVE-2002-0612 1 Craig Patchett 1 Fileseek 2008-09-05 7.5 HIGH N/A
FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters.
CVE-2002-0613 1 Dnstools Software 1 Dnstools 2008-09-05 10.0 HIGH N/A
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
CVE-2002-0589 1 Steve Korbett 1 Pvote 2008-09-05 7.5 HIGH N/A
PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
CVE-2002-0453 1 Oblix 1 Netpoint 2008-09-05 7.5 HIGH N/A
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
CVE-2002-0463 1 Arsc Really Simple Chat 1 Arsc Really Simple Chat 2008-09-05 5.0 MEDIUM N/A
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2008-09-05 6.4 MEDIUM N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2002-0467 2 Ecartis, Listar 2 Ecartis, Listar 2008-09-05 10.0 HIGH N/A
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
CVE-2002-0469 2 Ecartis, Listar 2 Ecartis, Listar 2008-09-05 7.2 HIGH N/A
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
CVE-2002-0626 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2008-09-05 10.0 HIGH N/A
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
CVE-2002-0627 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2008-09-05 7.5 HIGH N/A
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
CVE-2002-0629 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2008-09-05 5.0 MEDIUM N/A
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
CVE-2002-0630 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2008-09-05 5.0 MEDIUM N/A
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
CVE-2002-0483 1 Francisco Burzi 1 Php-nuke 2008-09-05 5.0 MEDIUM N/A
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
CVE-2002-0487 1 Workforceroi 1 Xpede 2008-09-05 4.6 MEDIUM N/A
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVE-2002-0669 1 Pingtel 1 Xpressa 2008-09-05 5.0 MEDIUM N/A
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
CVE-2002-0670 1 Pingtel 1 Xpressa 2008-09-05 7.5 HIGH N/A
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
CVE-2002-0687 1 Zope 1 Zope 2008-09-05 5.0 MEDIUM N/A
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
CVE-2002-0688 1 Zope 1 Zope 2008-09-05 7.5 HIGH N/A
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
CVE-2002-0730 1 Philip Chinery 1 Philip Chinerys Guestbook 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
CVE-2002-0578 1 Aci 1 4d Webserver 2008-09-05 7.5 HIGH N/A
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
CVE-2002-0494 1 Websight Directory System 1 Websight Directory System 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
CVE-2002-0495 1 Cgiscript.net 1 Cssearch 2008-09-05 10.0 HIGH N/A
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
CVE-2002-0731 1 Vqsoft 1 Vqserver 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
CVE-2002-0496 1 Southwest 1 Southwest 2008-09-05 5.0 MEDIUM N/A
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
CVE-2002-0497 1 Mtr 1 Mtr 2008-09-05 2.1 LOW N/A
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVE-2002-0508 1 Wwwisis 1 Wwwisis 2008-09-05 10.0 HIGH N/A
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
CVE-2002-0509 1 Oracle 1 Oracle9i 2008-09-05 5.0 MEDIUM N/A
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.