Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1082 | 1 Visualshapers | 1 Ezcontents | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded. | |||||
| CVE-2002-1081 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character. | |||||
| CVE-2002-1080 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 7.5 HIGH | N/A |
| The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. | |||||
| CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2002-0956 | 1 Iss | 1 Blackice Agent | 2008-09-05 | 7.5 HIGH | N/A |
| BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions. | |||||
| CVE-2002-0957 | 1 Iss | 1 Blackice Agent | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | |||||
| CVE-2002-1002 | 1 Novell | 1 Emframe | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
| CVE-2002-1055 | 1 Brother | 1 Nc-3100h | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password. | |||||
| CVE-2002-0958 | 1 Ekilat Llc | 1 Php\(reactor\) | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. | |||||
| CVE-2002-1078 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters. | |||||
| CVE-2002-1012 | 1 Ibm | 1 Tivoli Management Framework | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1050 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. | |||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 2.6 LOW | N/A |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | |||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. | |||||
| CVE-2002-1063 | 1 T. Hauck | 1 Jana Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports. | |||||
| CVE-2002-1015 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2008-09-05 | 7.5 HIGH | N/A |
| RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | |||||
| CVE-2002-1014 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. | |||||
| CVE-2002-1053 | 1 W3c | 1 Jigsaw | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message. | |||||
| CVE-2002-1157 | 1 Mod Ssl | 1 Mod Ssl | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | |||||
| CVE-2002-1124 | 1 Purity | 1 Purity | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables. | |||||
| CVE-2002-0428 | 1 Checkpoint | 3 Check Point Vpn, Firewall-1, Next Generation | 2008-09-05 | 7.5 HIGH | N/A |
| Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. | |||||
| CVE-2002-0431 | 1 Dave Lawrence | 1 Xtux | 2008-09-05 | 5.0 MEDIUM | N/A |
| XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. | |||||
| CVE-2002-0432 | 1 Citadel | 1 Ux | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server. | |||||
| CVE-2002-0433 | 1 Pi3 | 1 Pi3web | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character. | |||||
| CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2008-09-05 | 10.0 HIGH | N/A |
| Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. | |||||
| CVE-2002-0435 | 1 Gnu | 1 Fileutils | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. | |||||
| CVE-2002-0437 | 1 Stefan Frings | 1 Sms Server Tools | 2008-09-05 | 10.0 HIGH | N/A |
| Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. | |||||
| CVE-2002-0439 | 1 Caupo.net | 1 Cauposhop | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field. | |||||
| CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. | |||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. | |||||
| CVE-2002-0445 | 1 Php Firstpost | 1 Php Firstpost | 2008-09-05 | 5.0 MEDIUM | N/A |
| article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2008-09-05 | 5.0 MEDIUM | N/A |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0447 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | |||||
| CVE-2002-0537 | 1 Stepweb | 1 Sws | 2008-09-05 | 10.0 HIGH | N/A |
| The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. | |||||
| CVE-2002-0451 | 1 Phpprojekt | 1 Phpprojekt | 2008-09-05 | 7.5 HIGH | N/A |
| filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | |||||
| CVE-2002-0452 | 1 Foundrynet | 1 Serveriron | 2008-09-05 | 7.5 HIGH | N/A |
| Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible. | |||||
| CVE-2002-0453 | 1 Oblix | 1 Netpoint | 2008-09-05 | 7.5 HIGH | N/A |
| The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again. | |||||
| CVE-2002-0454 | 1 Qualcomm | 1 Qpopper | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. | |||||
| CVE-2002-0455 | 1 Incredimail | 1 Incredimail | 2008-09-05 | 5.0 MEDIUM | N/A |
| IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0457 | 1 Bg Guestbook | 1 Bg Guestbook | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. | |||||
| CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0459 | 1 Linux-sottises | 2 Board-tnk, News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0460 | 1 Bitvise | 1 Winsshd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd. | |||||
| CVE-2002-0463 | 1 Arsc Really Simple Chat | 1 Arsc Really Simple Chat | 2008-09-05 | 5.0 MEDIUM | N/A |
| home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0464 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp. | |||||
| CVE-2002-0804 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | |||||
| CVE-2002-0467 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c. | |||||
| CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
| PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | |||||
| CVE-2002-0469 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2008-09-05 | 7.2 HIGH | N/A |
| Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges. | |||||