Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1684 | 2 Deerfield, Working Resources Inc. | 2 D2gfx, Badblue | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents. | |||||
| CVE-2002-1685 | 1 Working Resources Inc. | 1 Badblue | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. | |||||
| CVE-2003-1272 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. | |||||
| CVE-2003-1255 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2017-07-11 | 6.4 MEDIUM | N/A |
| add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter. | |||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2017-07-11 | 3.6 LOW | N/A |
| Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Pgp | 2017-07-11 | 2.1 LOW | N/A |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2002-1735 | 1 Davin Mccall | 1 Dlogin | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors. | |||||
| CVE-2002-1697 | 1 Vtun | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2002-1698 | 1 Microsoft | 1 Msn Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. | |||||
| CVE-2002-1699 | 1 Pascal Michaud | 1 Asp Client Check | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field. | |||||
| CVE-2002-1702 | 1 Deltascripts | 1 Php Classifieds | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter. | |||||
| CVE-2002-1703 | 1 Mewsoft | 1 Netauction | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter. | |||||
| CVE-2002-1704 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1706 | 1 Cisco | 1 Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. | |||||
| CVE-2002-1707 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1708 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | |||||
| CVE-2002-1709 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable. | |||||
| CVE-2002-1710 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 3.6 LOW | N/A |
| The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file. | |||||
| CVE-2002-1711 | 1 Basilix | 1 Basilix Webmail | 2017-07-11 | 2.1 LOW | N/A |
| BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. | |||||
| CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2017-07-11 | 10.0 HIGH | N/A |
| index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | |||||
| CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2017-07-11 | 2.1 LOW | N/A |
| The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | |||||
| CVE-2002-1715 | 1 Ssh | 2 Ssh, Ssh2 | 2017-07-11 | 7.2 HIGH | N/A |
| SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. | |||||
| CVE-2002-1716 | 1 Microsoft | 1 Office | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
| CVE-2002-1733 | 1 Prospero Technologies | 1 Prospero Message Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post. | |||||
| CVE-2002-1719 | 1 Bavo | 1 Bavo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages. | |||||
| CVE-2002-1720 | 1 Outfront | 1 Spooky Login | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field. | |||||
| CVE-2002-1721 | 1 Paul L Daniels | 1 Altermime | 2017-07-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte. | |||||
| CVE-2002-1734 | 1 Aspbin | 1 Newspro | 2017-07-11 | 10.0 HIGH | N/A |
| NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true". | |||||
| CVE-2002-1722 | 1 Logitech | 3 Cordless Freedom Itouch Keyboard, Cordless Itouch Keyboard, Itouch Keyboard | 2017-07-11 | 4.6 MEDIUM | N/A |
| Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. | |||||
| CVE-2002-1723 | 1 Powerboards | 1 Powerboards | 2017-07-11 | 5.0 MEDIUM | N/A |
| Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message. | |||||
| CVE-2002-1724 | 1 Onlinetools.org | 1 Phpimageview | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter. | |||||
| CVE-2002-1725 | 1 Onlinetools.org | 1 Phpimageview | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function. | |||||
| CVE-2002-1727 | 1 Asksam Systems | 1 Asksam Web Publisher | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL. | |||||
| CVE-2002-1728 | 1 Asksam Systems | 1 Asksam Web Publisher | 2017-07-11 | 5.0 MEDIUM | N/A |
| askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path. | |||||
| CVE-2002-1729 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message. | |||||
| CVE-2002-1730 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true". | |||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2017-07-11 | 2.1 LOW | N/A |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. | |||||
| CVE-2002-1736 | 1 Markus Triska | 1 Cginews | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input." | |||||
| CVE-2002-1737 | 1 Astaro | 1 Security Linux | 2017-07-11 | 2.1 LOW | N/A |
| Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. | |||||
| CVE-2002-1738 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email. | |||||
| CVE-2002-1739 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 2.1 LOW | N/A |
| Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | |||||
| CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||||
| CVE-2002-1741 | 1 Alt-n | 1 Worldclient | 2017-07-11 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | |||||
| CVE-2002-1742 | 1 Paul Kulchenko | 1 Soap Lite | 2017-07-11 | 5.0 MEDIUM | N/A |
| SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger. | |||||
| CVE-2002-1743 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file. | |||||
| CVE-2003-1243 | 1 Sage | 1 Sage | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. | |||||
| CVE-2004-0133 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||||
| CVE-2002-1746 | 1 Maxim Krasnyansky | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets. | |||||
| CVE-2002-1747 | 1 Maxim Krasnyansky | 1 Vtun | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB. | |||||
| CVE-2002-1748 | 1 Open Source Development Network | 1 Slashcode | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts. | |||||