Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1338 | 1 Microsoft | 1 Office Web Components | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. | |||||
| CVE-2002-1335 | 1 W3m | 1 W3m | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. | |||||
| CVE-2002-1334 | 1 Bizdesign | 1 Imagefolio | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. | |||||
| CVE-2002-1322 | 1 Rational Software | 1 Clearcase | 2017-07-11 | 5.0 MEDIUM | N/A |
| Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap. | |||||
| CVE-2002-1312 | 1 Linksys | 9 Befn2ps4, Befsr11, Befsr41 and 6 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password. | |||||
| CVE-2002-1310 | 1 Macromedia | 1 Jrun | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. | |||||
| CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2017-07-11 | 7.5 HIGH | N/A |
| Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | |||||
| CVE-2002-1286 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-11 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. | |||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. | |||||
| CVE-2004-0132 | 1 Visualshapers | 1 Ezcontents | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. | |||||
| CVE-2004-0149 | 1 Xboing | 1 Xboing | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges. | |||||
| CVE-2004-0130 | 1 Phpgedview | 1 Phpgedview | 2017-07-11 | 5.0 MEDIUM | N/A |
| login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message. | |||||
| CVE-2002-1565 | 1 Immunix | 1 Immunix | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL. | |||||
| CVE-2002-1566 | 1 Netris | 1 Netris | 2017-07-11 | 5.0 MEDIUM | N/A |
| netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284. | |||||
| CVE-2002-1569 | 2 Ghostview, Gv | 2 Ghostview, Gv | 2017-07-11 | 7.5 HIGH | N/A |
| gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file. | |||||
| CVE-2002-1570 | 1 Ucd-snmp | 1 Ucd-snmp | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. | |||||
| CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2017-07-11 | 5.0 MEDIUM | N/A |
| cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | |||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2017-07-11 | 7.2 HIGH | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | |||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2017-07-11 | 7.5 HIGH | N/A |
| SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | |||||
| CVE-2002-1578 | 1 Sap | 1 Sap R 3 | 2017-07-11 | 7.5 HIGH | N/A |
| The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected. | |||||
| CVE-2002-1616 | 1 Hp | 1 Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc. | |||||
| CVE-2002-1579 | 1 Sap | 1 Sapgui | 2017-07-11 | 5.0 MEDIUM | N/A |
| SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | |||||
| CVE-2002-1580 | 1 Carnegie Mellon University | 1 Cyrus Imap Server | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347. | |||||
| CVE-2002-1588 | 1 Sun | 1 Openwindows | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment. | |||||
| CVE-2002-1594 | 2 Grpck, Pwck | 2 Grpck, Pwck | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. | |||||
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. | |||||
| CVE-2004-0127 | 1 Phpgedview | 1 Phpgedview | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter. | |||||
| CVE-2002-1599 | 1 Daniel Barron | 1 Dansguardian | 2017-07-11 | 7.5 HIGH | N/A |
| DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs. | |||||
| CVE-2003-1287 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device. | |||||
| CVE-2003-1286 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 7.5 HIGH | N/A |
| HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | |||||
| CVE-2002-1601 | 1 Adobe | 1 Photodeluxe | 2017-07-11 | 5.1 MEDIUM | N/A |
| The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page. | |||||
| CVE-2002-1602 | 1 Gnu | 1 Screen | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | |||||
| CVE-2002-1603 | 1 Goahead Software | 1 Goahead Webserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. | |||||
| CVE-2002-1604 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver. | |||||
| CVE-2002-1605 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession. | |||||
| CVE-2002-1606 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm. | |||||
| CVE-2002-1192 | 2 Netbsd, Rogue | 2 Netbsd, Rogue | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. | |||||
| CVE-2002-1607 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code. | |||||
| CVE-2002-1608 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code. | |||||
| CVE-2002-1609 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
| CVE-2002-1610 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service. | |||||
| CVE-2002-1611 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
| CVE-2002-1612 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
| CVE-2002-1613 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges. | |||||
| CVE-2002-1614 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at. | |||||
| CVE-2002-1615 | 1 Hp | 2 Hp-ux, Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader. | |||||
| CVE-2002-1619 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump). | |||||
| CVE-2002-1620 | 1 Ibm | 1 Aix Parallel Systems Support Programs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection. | |||||
| CVE-2003-1285 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). | |||||
| CVE-2002-1622 | 1 Ibm | 1 Aix | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type." | |||||