Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0524 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. | |||||
| CVE-2002-0738 | 1 Mhonarc | 1 Mhonarc | 2008-09-05 | 7.5 HIGH | N/A |
| MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. | |||||
| CVE-2002-0555 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. | |||||
| CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. | |||||
| CVE-2002-0576 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | |||||
| CVE-2002-0556 | 1 Deep Forest Software | 1 Quik-serv Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | |||||
| CVE-2002-0574 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. | |||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
| CVE-2002-0462 | 1 Big Sam | 1 Big Sam | 2008-09-05 | 6.4 MEDIUM | N/A |
| bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. | |||||
| CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. | |||||
| CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | |||||
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2008-09-05 | 10.0 HIGH | N/A |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | |||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. | |||||
| CVE-2002-0792 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | |||||
| CVE-2002-0791 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||||
| CVE-2002-0737 | 1 Sambar | 1 Sambar Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. | |||||
| CVE-2002-0540 | 1 Nortel | 1 Cvx 1800 Multi-service Access Switch | 2008-09-05 | 7.5 HIGH | N/A |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. | |||||
| CVE-2002-0739 | 1 Postnuke Software Foundation | 1 Postcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. | |||||
| CVE-2002-0740 | 1 Slrn Development Team | 1 Slrn | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. | |||||
| CVE-2002-0741 | 1 Psychoid | 1 Psybnc | 2008-09-05 | 5.0 MEDIUM | N/A |
| psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC. | |||||
| CVE-2002-0742 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in pioout on AIX 4.3.3. | |||||
| CVE-2002-0747 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in lsmcode in AIX 4.3.3. | |||||
| CVE-2002-0789 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. | |||||
| CVE-2002-0779 | 1 Novell | 1 Bordermanager | 2008-09-05 | 5.0 MEDIUM | N/A |
| FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. | |||||
| CVE-2002-0748 | 1 National Instruments | 1 Labview | 2008-09-05 | 5.0 MEDIUM | N/A |
| LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. | |||||
| CVE-2002-0749 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 7.5 HIGH | N/A |
| CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. | |||||
| CVE-2002-0750 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. | |||||
| CVE-2002-0777 | 1 Ipswitch | 1 Imail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. | |||||
| CVE-2002-0751 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 7.5 HIGH | N/A |
| CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters. | |||||
| CVE-2002-0752 | 1 Cgiscript.net | 1 Csmailto | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. | |||||
| CVE-2002-0753 | 1 Talentsoft | 1 Web\+ Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. | |||||
| CVE-2002-0754 | 2 Freebsd, Kth | 3 Freebsd, Heimdal, Heimdal | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | |||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | |||||
| CVE-2002-0756 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | |||||
| CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2008-09-05 | 7.5 HIGH | N/A |
| (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | |||||
| CVE-2002-0759 | 1 Bzip | 1 Bzip2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | |||||
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 7.5 HIGH | N/A |
| getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | |||||
| CVE-2002-0760 | 1 Bzip | 1 Bzip2 | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. | |||||
| CVE-2002-0435 | 1 Gnu | 1 Fileutils | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. | |||||
| CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2008-09-05 | 10.0 HIGH | N/A |
| Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. | |||||
| CVE-2002-0433 | 1 Pi3 | 1 Pi3web | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character. | |||||
| CVE-2002-0541 | 1 Ibm | 1 Tivoli Storage Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581. | |||||
| CVE-2002-0432 | 1 Citadel | 1 Ux | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server. | |||||
| CVE-2002-0455 | 1 Incredimail | 1 Incredimail | 2008-09-05 | 5.0 MEDIUM | N/A |
| IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0543 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. | |||||
| CVE-2002-0544 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 7.2 HIGH | N/A |
| Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. | |||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2002-0545 | 1 Cisco | 2 Aironet Ap340, Aironet Ap350 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. | |||||