Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1905 | 1 Polycom | 1 Viavideo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2002-1835 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2008-09-05 | 7.5 HIGH | N/A |
| The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device. | |||||
| CVE-2002-1904 | 1 Gaztek | 1 Ghttpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2002-1902 | 1 Markus Triska | 1 Cgiforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. | |||||
| CVE-2002-1901 | 1 Bodo Bauer | 1 Bbgallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. | |||||
| CVE-2002-1900 | 1 Pinboard | 1 Pinboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. | |||||
| CVE-2002-1796 | 1 Hp | 1 Chaivm | 2008-09-05 | 4.6 MEDIUM | N/A |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | |||||
| CVE-2002-1836 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files. | |||||
| CVE-2002-1899 | 1 Icewarp | 1 Web Mail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. | |||||
| CVE-2002-1898 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.2 HIGH | N/A |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | |||||
| CVE-2002-1896 | 1 Alsaplayer | 1 Alsaplayer | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument. | |||||
| CVE-2002-1837 | 1 Ids | 1 Ids | 2008-09-05 | 5.0 MEDIUM | N/A |
| The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not. | |||||
| CVE-2002-1838 | 1 Steve Sachs | 1 Charities.cron | 2008-09-05 | 5.0 MEDIUM | N/A |
| Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-1894 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2002-1893 | 1 Argosoft | 1 Argosoft Mail Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message. | |||||
| CVE-2002-1839 | 1 Trend Micro | 1 Interscan Viruswall For Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message. | |||||
| CVE-2002-1892 | 1 Netgear | 1 Fvs318 | 2008-09-05 | 2.1 LOW | N/A |
| NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | |||||
| CVE-2002-1891 | 1 Ayman Akt | 1 Ircit | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request. | |||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2008-09-05 | 2.1 LOW | N/A |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. | |||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
| CVE-2002-1690 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225. | |||||
| CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2008-09-05 | 2.1 LOW | N/A |
| CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
| CVE-2002-1887 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter. | |||||
| CVE-2002-1689 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow. | |||||
| CVE-2002-1886 | 1 Tightauction | 1 Tightauction | 2008-09-05 | 5.0 MEDIUM | N/A |
| TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. | |||||
| CVE-2002-1687 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable. | |||||
| CVE-2002-1840 | 1 Irssi | 1 Irssi | 2008-09-05 | 10.0 HIGH | N/A |
| irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system. | |||||
| CVE-2002-1885 | 1 Powerphlogger | 1 Powerphlogger | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter. | |||||
| CVE-2002-1884 | 1 Py-membres | 1 Py-membres | 2008-09-05 | 7.5 HIGH | N/A |
| index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". | |||||
| CVE-2002-1883 | 1 Trolltech | 1 Qt Assistant | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service. | |||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
| CVE-2002-1686 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in lscfg of unknown versions of AIX has unknown impact. | |||||
| CVE-2002-1842 | 1 Perlbot | 1 Perlbot | 2008-09-05 | 7.5 HIGH | N/A |
| Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address. | |||||
| CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | |||||
| CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2008-09-05 | 5.0 MEDIUM | N/A |
| LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. | |||||
| CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. | |||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2002-1878 | 1 W-agora | 1 W-agora | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. | |||||
| CVE-2002-1875 | 1 Mcafee | 1 Entercept Agent | 2008-09-05 | 4.6 MEDIUM | N/A |
| Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. | |||||
| CVE-2002-1631 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1797 | 1 Hp | 1 Chaivm | 2008-09-05 | 4.6 MEDIUM | N/A |
| ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer. | |||||
| CVE-2002-1843 | 1 Perlbot | 1 Perlbot | 2008-09-05 | 7.5 HIGH | N/A |
| Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm. | |||||
| CVE-2002-1621 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-1870 | 1 Sws | 1 Sws Simple Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution. | |||||
| CVE-2002-1869 | 1 Heysoft | 2 Eventsave, Eventsave\+ | 2008-09-05 | 2.1 LOW | N/A |
| Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer. | |||||
| CVE-2002-1868 | 1 Daniel Stenberg | 1 Dispair | 2008-09-05 | 10.0 HIGH | N/A |
| Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields. | |||||