Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2017-07-11 | 5.0 MEDIUM | N/A |
| The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | |||||
| CVE-2002-1624 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters. | |||||
| CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed. | |||||
| CVE-2003-0084 | 1 Mod Auth Any | 1 Mod Auth Any | 2017-07-11 | 7.5 HIGH | N/A |
| mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. | |||||
| CVE-2002-1626 | 1 Mike Spice | 1 My Calendar | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL. | |||||
| CVE-2002-1627 | 1 Mike Spice | 1 Quiz Me | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter. | |||||
| CVE-2002-1628 | 1 Mike Spice | 1 Mikes Vote Cgi | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter. | |||||
| CVE-2002-1629 | 1 Multi-tech | 1 Proxyserver | 2017-07-11 | 10.0 HIGH | N/A |
| Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP. | |||||
| CVE-2003-1284 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. | |||||
| CVE-2002-1630 | 1 Oracle | 1 Application Server | 2017-07-11 | 7.5 HIGH | N/A |
| The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | |||||
| CVE-2003-1274 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | |||||
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2017-07-11 | 6.4 MEDIUM | N/A |
| Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | |||||
| CVE-2002-1633 | 1 Qnx | 1 Qnx Rtos | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip. | |||||
| CVE-2002-1634 | 1 Novell | 1 Netware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. | |||||
| CVE-2002-1635 | 1 Oracle | 1 Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | |||||
| CVE-2002-1636 | 1 Oracle | 1 Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | |||||
| CVE-2003-1273 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 2.1 LOW | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. | |||||
| CVE-2002-1642 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 7.2 HIGH | N/A |
| PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. | |||||
| CVE-2002-1644 | 1 Ssh | 1 Ssh2 | 2017-07-11 | 7.2 HIGH | N/A |
| SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | |||||
| CVE-2002-1645 | 1 Ssh | 1 Ssh2 | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2002-1646 | 1 Ssh | 1 Secure Shell For Servers | 2017-07-11 | 7.5 HIGH | N/A |
| SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server. | |||||
| CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | |||||
| CVE-2002-1649 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. | |||||
| CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-11 | 7.5 HIGH | N/A |
| The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | |||||
| CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | |||||
| CVE-2002-1653 | 1 Farm9 | 1 Cryptcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information. | |||||
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-11 | 7.5 HIGH | N/A |
| iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2017-07-11 | 7.5 HIGH | N/A |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | |||||
| CVE-2002-1657 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 5.0 MEDIUM | N/A |
| PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2017-07-11 | 10.0 HIGH | N/A |
| user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. | |||||
| CVE-2002-1661 | 1 Leafnode | 1 Leafnode | 2017-07-11 | 5.0 MEDIUM | N/A |
| The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group. | |||||
| CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||||
| CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | |||||
| CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | |||||
| CVE-2002-1668 | 1 Hp | 3 Hp-ux, Hp-ux Series 700, Hp-ux Series 800 | 2017-07-11 | 2.1 LOW | N/A |
| HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file. | |||||
| CVE-2002-1669 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | |||||
| CVE-2002-1672 | 1 Webmin | 1 Webmin | 2017-07-11 | 2.1 LOW | N/A |
| Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials. | |||||
| CVE-2002-1673 | 1 Webmin | 1 Webmin | 2017-07-11 | 3.6 LOW | N/A |
| The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. | |||||
| CVE-2002-1674 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 1.2 LOW | N/A |
| procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. | |||||
| CVE-2002-1675 | 1 Unreal | 1 Unrealircd | 2017-07-11 | 6.4 MEDIUM | N/A |
| Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers. | |||||
| CVE-2002-1677 | 1 Mrtg | 1 Mrtgconfig | 2017-07-11 | 5.0 MEDIUM | N/A |
| 14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path. | |||||
| CVE-2002-1678 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits. | |||||
| CVE-2002-1679 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. | |||||
| CVE-2002-1680 | 1 Cows | 1 Cgi Online Worldweb Shopping | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi. | |||||
| CVE-2002-1681 | 1 Open Source Development Network | 1 Slashcode | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag. | |||||
| CVE-2002-1682 | 1 Daansystems | 1 Newsreactor | 2017-07-11 | 2.1 LOW | N/A |
| NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts. | |||||
| CVE-2002-1683 | 1 Working Resources Inc. | 1 Badblue | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. | |||||