Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1857 | 1 Jo | 1 Jo Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1802 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. | |||||
| CVE-2002-1803 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2002-1804 | 1 Npds | 1 Npds | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2002-1856 | 1 Hp | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1807 | 1 Phpwebsite | 1 Phpwebsite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1799 | 1 Phprank | 1 Phprank | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter. | |||||
| CVE-2002-1808 | 1 Zack Coburn | 1 Meunity Community System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic. | |||||
| CVE-2002-1810 | 1 D-link | 1 Dwl-900ap\+ | 2008-09-05 | 7.5 HIGH | N/A |
| D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | |||||
| CVE-2002-1854 | 1 Rlaj | 1 Rlaj Whois | 2008-09-05 | 10.0 HIGH | N/A |
| Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field. | |||||
| CVE-2002-1975 | 1 Sharp | 1 Zaurus | 2008-09-05 | 2.1 LOW | N/A |
| Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
| CVE-2002-1974 | 1 Sharp | 1 Zaurus | 2008-09-05 | 10.0 HIGH | N/A |
| The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root. | |||||
| CVE-2002-1972 | 1 Sebastian Dehne | 1 Pp Powerswitch | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports. | |||||
| CVE-2002-1971 | 1 Sourcecraft | 1 Networking Utils | 2008-09-05 | 10.0 HIGH | N/A |
| The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument. | |||||
| CVE-2002-1970 | 1 Snortcenter | 1 Snortcenter | 2008-09-05 | 2.1 LOW | N/A |
| SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers. | |||||
| CVE-2002-1969 | 1 The Magic Notebook | 1 The Magic Notebook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login. | |||||
| CVE-2002-1968 | 1 Com21 | 1 Doxport 1100 | 2008-09-05 | 2.1 LOW | N/A |
| Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server. | |||||
| CVE-2002-1967 | 1 Mark Hanson | 1 Xircon | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command. | |||||
| CVE-2002-1966 | 1 My Postcards | 1 My Postcards Platinum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2002-1965 | 1 Imatix | 1 Xitami | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. | |||||
| CVE-2002-1964 | 1 Wesmo | 1 Phpeventcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2002-1963 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries. | |||||
| CVE-2002-1853 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php. | |||||
| CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | |||||
| CVE-2002-1962 | 1 Finjan Software | 1 Surfingate | 2008-09-05 | 7.5 HIGH | N/A |
| Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname. | |||||
| CVE-2002-1811 | 1 Belkin | 1 F5d6130 Wnap | 2008-09-05 | 5.0 MEDIUM | N/A |
| Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests. | |||||
| CVE-2002-1812 | 1 Gdam | 1 Gdam | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter. | |||||
| CVE-2002-1961 | 1 Finjan Software | 1 Surfingate | 2008-09-05 | 7.5 HIGH | N/A |
| Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot). | |||||
| CVE-2002-1960 | 1 Cybozu | 1 Share360 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link. | |||||
| CVE-2002-1959 | 1 Nagios | 1 Nagios | 2008-09-05 | 10.0 HIGH | N/A |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. | |||||
| CVE-2002-1955 | 1 Iomega | 1 Nas | 2008-09-05 | 5.0 MEDIUM | N/A |
| Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. | |||||
| CVE-2002-1813 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 2.6 LOW | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link. | |||||
| CVE-2002-1954 | 1 Php | 1 Php | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. | |||||
| CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. | |||||
| CVE-2002-1814 | 4 Gnome, Mandrakesoft, Redhat and 1 more | 4 Bonobo, Mandrake Linux, Linux and 1 more | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2002-1952 | 1 Phprank | 1 Phprank | 2008-09-05 | 7.5 HIGH | N/A |
| phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable. | |||||
| CVE-2002-1950 | 1 Phprank | 1 Phprank | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list. | |||||
| CVE-2002-1949 | 1 Iomega | 1 Nas | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |||||
| CVE-2002-1948 | 1 Gringotts | 1 Gringotts | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2002-1947 | 1 Webmin | 1 Webmin | 2008-09-05 | 6.4 MEDIUM | N/A |
| Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. | |||||
| CVE-2002-1849 | 1 Parachat | 1 Parachat Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users. | |||||
| CVE-2002-1815 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2002-1816 | 1 Yann Ramin | 1 Atphttpd | 2008-09-05 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1817 | 1 Symantec Veritas | 1 Cluster Server | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. | |||||
| CVE-2002-1818 | 1 Ez Systems | 1 Httpbench | 2008-09-05 | 5.0 MEDIUM | N/A |
| ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter. | |||||
| CVE-2002-1819 | 1 Tinyhttpd | 1 Tinyhttpd | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL. | |||||
| CVE-2002-1820 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2008-09-05 | 7.5 HIGH | N/A |
| register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a." | |||||
| CVE-2002-1761 | 1 Phprojekt | 1 Phprojekt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||||
| CVE-2002-1848 | 1 Tightvnc | 1 Tightvnc | 2008-09-05 | 2.1 LOW | N/A |
| TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. | |||||