Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0505 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. | |||||
| CVE-2002-0504 | 1 Citrix | 1 Nfuse | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | |||||
| CVE-2002-0482 | 1 Newlog | 1 Netsupport Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.1 MEDIUM | N/A |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | |||||
| CVE-2002-0479 | 1 Gravity Storm Software | 1 Service Pack Manager 2000 | 2008-09-05 | 7.2 HIGH | N/A |
| Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share. | |||||
| CVE-2002-0460 | 1 Bitvise | 1 Winsshd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd. | |||||
| CVE-2002-0459 | 1 Linux-sottises | 2 Board-tnk, News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. | |||||
| CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. | |||||
| CVE-2002-0439 | 1 Caupo.net | 1 Cauposhop | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field. | |||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. | |||||
| CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | |||||
| CVE-2002-0676 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. | |||||
| CVE-2002-0491 | 1 Alguest | 1 Alguest | 2008-09-05 | 10.0 HIGH | N/A |
| admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value. | |||||
| CVE-2002-0511 | 1 Nscd | 1 Nscd | 2008-09-05 | 7.5 HIGH | N/A |
| The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names. | |||||
| CVE-2002-0510 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 5.0 MEDIUM | N/A |
| The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. | |||||
| CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 5.0 MEDIUM | N/A |
| Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||||
| CVE-2002-0508 | 1 Wwwisis | 1 Wwwisis | 2008-09-05 | 10.0 HIGH | N/A |
| wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog. | |||||
| CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. | |||||
| CVE-2002-0501 | 1 Posadis | 1 Posadis | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. | |||||
| CVE-2002-0476 | 1 Macromedia | 1 Flash Player | 2008-09-05 | 5.0 MEDIUM | N/A |
| Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | |||||
| CVE-2002-0488 | 1 Linux Directory Penguin | 1 Linux Directory Penguin Traceroute | 2008-09-05 | 10.0 HIGH | N/A |
| Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. | |||||
| CVE-2002-0499 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories. | |||||
| CVE-2002-0498 | 1 Etnus | 1 Totalview | 2008-09-05 | 4.6 MEDIUM | N/A |
| Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users. | |||||
| CVE-2002-0490 | 1 Instant Web Mail | 1 Instant Web Mail | 2008-09-05 | 10.0 HIGH | N/A |
| Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. | |||||
| CVE-2002-0492 | 1 Dcscripts | 1 Dcshop | 2008-09-05 | 5.0 MEDIUM | N/A |
| dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter. | |||||
| CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | |||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||||
| CVE-2002-0799 | 1 Youngzsoft | 1 Cmailserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | |||||
| CVE-2002-0795 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. | |||||
| CVE-2002-0794 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | |||||
| CVE-2002-0792 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | |||||
| CVE-2002-0791 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||||
| CVE-2002-0789 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. | |||||
| CVE-2002-0779 | 1 Novell | 1 Bordermanager | 2008-09-05 | 5.0 MEDIUM | N/A |
| FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. | |||||
| CVE-2002-0777 | 1 Ipswitch | 1 Imail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. | |||||
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 7.5 HIGH | N/A |
| getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | |||||
| CVE-2002-0775 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 5.0 MEDIUM | N/A |
| browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. | |||||
| CVE-2002-0774 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 10.0 HIGH | N/A |
| Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. | |||||
| CVE-2002-0773 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 10.0 HIGH | N/A |
| imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. | |||||
| CVE-2002-0772 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. | |||||
| CVE-2002-0760 | 1 Bzip | 1 Bzip2 | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. | |||||
| CVE-2002-0759 | 1 Bzip | 1 Bzip2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | |||||
| CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | |||||
| CVE-2002-0756 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | |||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | |||||
| CVE-2002-0754 | 2 Freebsd, Kth | 3 Freebsd, Heimdal, Heimdal | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | |||||
| CVE-2002-0753 | 1 Talentsoft | 1 Web\+ Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. | |||||
| CVE-2002-0752 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. | |||||