Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1195 | 1 Gabriele Bartolini | 1 Ht Check | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. | |||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | |||||
| CVE-2002-1153 | 1 Ibm | 1 Websphere Application Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | |||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | |||||
| CVE-2002-1216 | 1 Gnu | 1 Tar | 2016-10-18 | 5.0 MEDIUM | N/A |
| GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | |||||
| CVE-2002-1166 | 1 John Franks | 1 Wn Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2002-1165 | 2 Netbsd, Sendmail | 2 Netbsd, Sendmail | 2016-10-18 | 4.6 MEDIUM | N/A |
| Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. | |||||
| CVE-2002-1149 | 1 Invision Power Services | 1 Invision Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. | |||||
| CVE-2002-1211 | 1 Jason Orcutt | 1 Prometheus | 2016-10-18 | 7.5 HIGH | N/A |
| Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. | |||||
| CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. | |||||
| CVE-2002-1160 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. | |||||
| CVE-2002-1226 | 1 Kth | 1 Heimdal | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). | |||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||||
| CVE-2002-1225 | 1 Kth | 1 Heimdal | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | |||||
| CVE-2002-1198 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | |||||
| CVE-2002-1191 | 1 Sabre | 1 Desktop Reservation Software | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001. | |||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. | |||||
| CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2016-10-18 | 4.6 MEDIUM | N/A |
| The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. | |||||
| CVE-2002-1147 | 1 Hp | 1 Procurve Switch 4000m | 2016-10-18 | 7.1 HIGH | N/A |
| The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. | |||||
| CVE-2002-1201 | 1 Ibm | 1 Aix | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. | |||||
| CVE-2002-1126 | 2 Galeon, Mozilla | 2 Galeon Browser, Mozilla | 2016-10-18 | 2.6 LOW | N/A |
| Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | |||||
| CVE-2002-1125 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 2.1 LOW | N/A |
| FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. | |||||
| CVE-2002-0975 | 1 Microsoft | 1 Directx Files Viewer Control | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. | |||||
| CVE-2002-0968 | 1 Analogx | 1 Simpleserver Www | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. | |||||
| CVE-2002-1039 | 1 Michael Dean | 1 Double Choco Latte | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. | |||||
| CVE-2002-1038 | 1 Michael Dean | 1 Double Choco Latte | 2016-10-18 | 5.0 MEDIUM | N/A |
| Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features. | |||||
| CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. | |||||
| CVE-2002-0990 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. | |||||
| CVE-2002-0989 | 1 Rob Flynn | 1 Gaim | 2016-10-18 | 7.5 HIGH | N/A |
| The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. | |||||
| CVE-2002-1121 | 4 Gfi, Network Associates, Roaring Penguin and 1 more | 5 Mailsecurity, Webshield Smtp, Canit and 2 more | 2016-10-18 | 7.5 HIGH | N/A |
| SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. | |||||
| CVE-2002-1020 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. | |||||
| CVE-2002-1129 | 2 Compaq, Digital | 2 Tru64, Osf 1 | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument. | |||||
| CVE-2002-1133 | 1 Funsoft | 1 Dinos Webserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters. | |||||
| CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. | |||||
| CVE-2002-1018 | 1 Adobe | 1 Adobe Content Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times. | |||||
| CVE-2002-1115 | 1 Mantis | 1 Mantis | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | |||||
| CVE-2002-1059 | 1 Van Dyke Technologies | 1 Securecrt | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. | |||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. | |||||
| CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2016-10-18 | 4.6 MEDIUM | N/A |
| Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | |||||
| CVE-2002-1114 | 1 Mantis | 1 Mantis | 2016-10-18 | 7.5 HIGH | N/A |
| config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie. | |||||
| CVE-2002-1110 | 1 Mantis | 1 Mantis | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. | |||||
| CVE-2002-1109 | 1 Amavis | 1 Virus Scanner | 2016-10-18 | 2.1 LOW | N/A |
| securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. | |||||
| CVE-2002-0982 | 1 Microsoft | 1 Sql Server | 2016-10-18 | 7.5 HIGH | N/A |
| Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. | |||||
| CVE-2002-0973 | 1 Freebsd | 1 Freebsd | 2016-10-18 | 4.6 MEDIUM | N/A |
| Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | |||||
| CVE-2002-1068 | 1 D-link | 1 Dp-303 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. | |||||
| CVE-2002-1069 | 1 D-link | 1 Di-804 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | |||||
| CVE-2002-0972 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | |||||
| CVE-2002-1091 | 3 Mozilla, Netscape, Opera Software | 3 Mozilla, Navigator, Opera Web Browser | 2016-10-18 | 7.5 HIGH | N/A |
| Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | |||||
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2016-10-18 | 7.5 HIGH | N/A |
| The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |||||
| CVE-2002-1052 | 1 W3c | 1 Jigsaw | 2016-10-18 | 5.0 MEDIUM | N/A |
| Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. | |||||