Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4308 | 1 Scriptscenter | 1 Ezupload Pro | 2008-09-20 | 7.5 HIGH | N/A |
| index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | |||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 5.0 MEDIUM | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | |||||
| CVE-2005-4303 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | |||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | |||||
| CVE-2005-4233 | 1 Php Web Scripts | 1 Ad Manager Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | |||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | |||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2008-09-20 | 5.0 MEDIUM | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | |||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | |||||
| CVE-2007-0448 | 1 Php | 1 Php | 2008-09-11 | 10.0 HIGH | N/A |
| The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||||
| CVE-2003-0018 | 1 Linux | 1 Linux Kernel | 2008-09-11 | 3.6 LOW | N/A |
| Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. | |||||
| CVE-2003-0019 | 1 Redhat | 1 Linux | 2008-09-11 | 7.2 HIGH | N/A |
| uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. | |||||
| CVE-2003-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-11 | 7.5 HIGH | N/A |
| Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. | |||||
| CVE-2003-0034 | 1 Jean-jacques Sarton | 1 Mtink | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2003-0088 | 1 Apple | 1 Mac Os X | 2008-09-11 | 7.2 HIGH | N/A |
| TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. | |||||
| CVE-2002-1118 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-11 | 5.0 MEDIUM | N/A |
| TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | |||||
| CVE-2002-0357 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. | |||||
| CVE-2002-0351 | 1 Matt Blaze | 1 Cfs | 2008-09-11 | 7.5 HIGH | N/A |
| Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-0356 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. | |||||
| CVE-2002-0355 | 1 Sgi | 1 Irix | 2008-09-11 | 2.1 LOW | N/A |
| netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. | |||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2008-09-11 | 7.5 HIGH | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | |||||
| CVE-2002-0139 | 1 Pi-soft | 1 Spoonftp | 2008-09-11 | 7.5 HIGH | N/A |
| Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. | |||||
| CVE-2002-0174 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | |||||
| CVE-2002-0135 | 1 Netopia | 1 Timbuktu Pro | 2008-09-11 | 5.0 MEDIUM | N/A |
| Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). | |||||
| CVE-2002-0132 | 1 Chinput | 1 Chinput | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2008-09-11 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). | |||||
| CVE-2002-0126 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2008-09-11 | 7.5 HIGH | N/A |
| Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD. | |||||
| CVE-2002-0125 | 1 Clanlib | 1 Clanlib | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. | |||||
| CVE-2002-0124 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2008-09-11 | 5.0 MEDIUM | N/A |
| MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. | |||||
| CVE-2002-0123 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2008-09-11 | 7.5 HIGH | N/A |
| MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. | |||||
| CVE-2002-0122 | 1 Siemens | 1 3568i Wap | 2008-09-11 | 5.0 MEDIUM | N/A |
| Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters. | |||||
| CVE-2002-0173 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. | |||||
| CVE-2002-0172 | 1 Sgi | 1 Irix | 2008-09-11 | 2.1 LOW | N/A |
| /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). | |||||
| CVE-2002-0120 | 1 Palm | 1 Palm Desktop | 2008-09-11 | 2.1 LOW | N/A |
| Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. | |||||
| CVE-2002-0196 | 1 Acd Incorporated | 1 Cwpapi | 2008-09-11 | 6.4 MEDIUM | N/A |
| GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. | |||||
| CVE-2002-0176 | 1 Avaya | 1 Libsafe | 2008-09-11 | 4.6 MEDIUM | N/A |
| The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. | |||||
| CVE-2002-0166 | 1 Stephen Turner | 1 Analog | 2008-09-11 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. | |||||
| CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2008-09-11 | 5.0 MEDIUM | N/A |
| Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. | |||||
| CVE-2002-0121 | 1 Php | 1 Php | 2008-09-11 | 2.1 LOW | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
| CVE-2002-0171 | 1 Sgi | 1 Irisconsole | 2008-09-11 | 7.5 HIGH | N/A |
| IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. | |||||
| CVE-2002-0202 | 1 Paintbbs | 1 Paintbbs | 2008-09-11 | 3.6 LOW | N/A |
| PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder. | |||||
| CVE-2002-0246 | 1 Caldera | 1 Unixware | 2008-09-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | |||||
| CVE-2002-0247 | 1 Wliang | 1 Wmtv | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. | |||||
| CVE-2002-0248 | 1 Wliang | 1 Wmtv | 2008-09-11 | 7.2 HIGH | N/A |
| wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. | |||||
| CVE-2002-0169 | 1 Redhat | 2 Docbook Stylesheets, Docbook Utils | 2008-09-11 | 4.6 MEDIUM | N/A |
| The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. | |||||
| CVE-2002-0311 | 1 Caldera | 2 Openunix, Unixware | 2008-09-11 | 10.0 HIGH | N/A |
| Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. | |||||
| CVE-2002-0175 | 1 Avaya | 1 Libsafe | 2008-09-11 | 4.6 MEDIUM | N/A |
| libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. | |||||
| CVE-2002-0168 | 1 Enlightenment | 1 Imlib | 2008-09-11 | 7.5 HIGH | N/A |
| Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption. | |||||