Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1750 | 1 Cgiscript.net | 1 Csguestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2002-1751 | 1 Cgiscript.net | 1 Cslivesupport | 2017-07-11 | 5.0 MEDIUM | N/A |
| csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2002-1752 | 1 Cgiscript.net | 1 Cschat-r-box | 2017-07-11 | 5.0 MEDIUM | N/A |
| csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2002-1753 | 1 Cgiscript.net | 2 Csnews, Csnewspro | 2017-07-11 | 5.0 MEDIUM | N/A |
| csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2002-1754 | 1 Novell | 1 Netware Client | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. | |||||
| CVE-2002-1755 | 1 Tinc | 1 Tinc | 2017-07-11 | 5.0 MEDIUM | N/A |
| tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. | |||||
| CVE-2002-1756 | 1 Acd Systems | 1 Acdsee | 2017-07-11 | 5.0 MEDIUM | N/A |
| ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed. | |||||
| CVE-2002-1757 | 1 Phprojekt | 1 Phprojekt | 2017-07-11 | 7.5 HIGH | N/A |
| PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms". | |||||
| CVE-2002-1758 | 1 Phprojekt | 1 Phprojekt | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in. | |||||
| CVE-2002-1764 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 2.1 LOW | N/A |
| acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-1760 | 1 Phprojekt | 1 Phprojekt | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors. | |||||
| CVE-2003-1233 | 1 Pedestal Software | 1 Integrity Protection Driver | 2017-07-11 | 2.1 LOW | N/A |
| Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. | |||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | |||||
| CVE-2002-1765 | 1 Ximian | 1 Evolution | 2017-07-11 | 5.0 MEDIUM | N/A |
| Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header. | |||||
| CVE-2002-1766 | 1 Netscape | 1 Communicator | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | |||||
| CVE-2002-1767 | 1 Oracle | 1 Database Server | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument. | |||||
| CVE-2002-1768 | 1 Cisco | 1 Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985. | |||||
| CVE-2002-1769 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2017-07-11 | 7.5 HIGH | N/A |
| Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. | |||||
| CVE-2002-1770 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. | |||||
| CVE-2002-1771 | 1 Matt Wright | 1 Formmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables. | |||||
| CVE-2002-1772 | 1 Novell | 1 Netware | 2017-07-11 | 4.6 MEDIUM | N/A |
| Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password. | |||||
| CVE-2002-1773 | 1 Mirabilis | 1 Icq For Macos X | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. | |||||
| CVE-2002-1774 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed. | |||||
| CVE-2002-1775 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed. | |||||
| CVE-2002-1776 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. | |||||
| CVE-2002-1777 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed. | |||||
| CVE-2002-1778 | 1 Symantec | 1 Norton Personal Firewall | 2017-07-11 | 7.5 HIGH | N/A |
| Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. | |||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2002-1781 | 1 Delegate | 1 Delegate | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy. | |||||
| CVE-2002-1782 | 1 University Of Washington | 1 Uw-imap | 2017-07-11 | 2.1 LOW | N/A |
| The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. | |||||
| CVE-2002-1783 | 1 Php | 1 Php | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. | |||||
| CVE-2003-1230 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 6.4 MEDIUM | N/A |
| The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic. | |||||
| CVE-2004-0125 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 7.2 HIGH | N/A |
| The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. | |||||
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | |||||
| CVE-2003-1215 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | |||||
| CVE-2003-1214 | 1 Visualshapers | 1 Ezcontents | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions. | |||||
| CVE-2003-1213 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 7.5 HIGH | N/A |
| The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. | |||||
| CVE-2003-1212 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 7.5 HIGH | N/A |
| MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. | |||||
| CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. | |||||
| CVE-2003-1084 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. | |||||
| CVE-2003-1083 | 1 Tildeslash | 1 Monit | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2003-1077 | 1 Sun | 1 Solaris | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). | |||||
| CVE-2003-1074 | 1 Sun | 1 Solaris | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges. | |||||
| CVE-2002-0886 | 1 Cisco | 1 Cbos | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory. | |||||
| CVE-2003-1053 | 1 Xshisen | 1 Xshisen | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. | |||||
| CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | |||||
| CVE-2003-1051 | 1 Ibm | 1 Db2 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
| CVE-2003-1050 | 1 Ibm | 1 Db2 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 4.6 MEDIUM | N/A |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | |||||
| CVE-2003-1043 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. | |||||