Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0995 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. | |||||
| CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | |||||
| CVE-2002-1064 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2002-1062 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries. | |||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | |||||
| CVE-2002-0996 | 1 Novell | 2 Netmail, Netmail Xe | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. | |||||
| CVE-2002-1023 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. | |||||
| CVE-2002-1022 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 7.5 HIGH | N/A |
| BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. | |||||
| CVE-2002-0997 | 1 Novell | 2 Netmail, Netmail Xe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. | |||||
| CVE-2002-0998 | 1 Care 2002 | 1 Care 2002 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. | |||||
| CVE-2002-1007 | 1 Blackboard | 1 Blackboard | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. | |||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | |||||
| CVE-2002-1021 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. | |||||
| CVE-2002-1017 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 2.1 LOW | N/A |
| Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. | |||||
| CVE-2002-1061 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response. | |||||
| CVE-2002-1060 | 1 Bluecoat | 1 Cacheos | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | |||||
| CVE-2002-1058 | 1 Cobalt | 1 Qube | 2008-09-05 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file. | |||||
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. | |||||
| CVE-2002-1016 | 1 Adobe | 1 Digital Editions | 2008-09-05 | 4.6 MEDIUM | N/A |
| Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. | |||||
| CVE-2002-1013 | 1 Inktomi | 3 Media-ixt, Traffic Edge, Traffic Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. | |||||
| CVE-2002-1057 | 1 Smartmax Software | 1 Mailmax | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2002-0964 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out. | |||||
| CVE-2002-1047 | 1 Watchguard | 1 Soho Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name. | |||||
| CVE-2002-0966 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. | |||||
| CVE-2002-1001 | 1 Analogx | 1 Proxy | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. | |||||
| CVE-2002-0835 | 3 Caldera, Hp, Redhat | 4 Openlinux Server, Openlinux Workstation, Secure Os and 1 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. | |||||
| CVE-2002-0905 | 1 Ibm | 1 Informix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable. | |||||
| CVE-2002-1132 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | |||||
| CVE-2002-0851 | 1 Isdn4linux | 1 Isdn4linux | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog. | |||||
| CVE-2002-1131 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | |||||
| CVE-2002-1127 | 1 Digital | 1 Osf 1 | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter. | |||||
| CVE-2002-0855 | 1 Gnu | 1 Mailman | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | |||||
| CVE-2002-0916 | 1 Stellar-x Software | 1 Msntauth | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call. | |||||
| CVE-2002-0876 | 1 Evolvable Corporation | 1 Shambala Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request. | |||||
| CVE-2002-0877 | 1 Evolvable Corporation | 1 Shambala Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands. | |||||
| CVE-2002-0878 | 1 Logisense | 2 Dns Manager System, Hawk-i | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field. | |||||
| CVE-2002-0879 | 1 Gafware | 1 Cfximage | 2008-09-05 | 5.0 MEDIUM | N/A |
| showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter. | |||||
| CVE-2002-0922 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb. | |||||
| CVE-2002-0883 | 1 Compaq | 1 Proliant Bl E-class Integrated Administrator Firmware | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities. | |||||
| CVE-2002-0941 | 1 Ncipher | 2 Nforce, Nshield | 2008-09-05 | 4.6 MEDIUM | N/A |
| The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges. | |||||
| CVE-2002-1154 | 1 Stephen Turner | 1 Analog | 2008-09-05 | 5.0 MEDIUM | N/A |
| anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | |||||
| CVE-2002-0891 | 1 Juniper | 1 Netscreen Screenos | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
| CVE-2002-0827 | 1 Caldera | 2 Openunix, Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824. | |||||
| CVE-2002-0892 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. | |||||
| CVE-2002-0893 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences. | |||||
| CVE-2002-0894 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2008-09-05 | 5.0 MEDIUM | N/A |
| NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet. | |||||
| CVE-2002-0895 | 1 Matu | 1 Matu Ftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. | |||||
| CVE-2002-0896 | 1 Swatch | 1 Swatch | 2008-09-05 | 5.0 MEDIUM | N/A |
| The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection. | |||||
| CVE-2002-0897 | 1 Intranet-server | 1 Localweb2000 | 2008-09-05 | 7.5 HIGH | N/A |
| LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. | |||||