Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2008-09-05 | 10.0 HIGH | N/A |
| Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | |||||
| CVE-2002-0784 | 1 Lysias | 1 Lidik Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). | |||||
| CVE-2002-0748 | 1 National Instruments | 1 Labview | 2008-09-05 | 5.0 MEDIUM | N/A |
| LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. | |||||
| CVE-2002-0747 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in lsmcode in AIX 4.3.3. | |||||
| CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | |||||
| CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | |||||
| CVE-2002-0787 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters. | |||||
| CVE-2002-0614 | 1 Php-survey | 1 Php-survey | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. | |||||
| CVE-2002-0746 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument. | |||||
| CVE-2002-0745 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in uucp in AIX 4.3.3. | |||||
| CVE-2002-0613 | 1 Dnstools Software | 1 Dnstools | 2008-09-05 | 10.0 HIGH | N/A |
| dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. | |||||
| CVE-2002-0612 | 1 Craig Patchett | 1 Fileseek | 2008-09-05 | 7.5 HIGH | N/A |
| FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters. | |||||
| CVE-2002-0611 | 1 Craig Patchett | 1 Fileseek | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered. | |||||
| CVE-2002-0610 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges. | |||||
| CVE-2002-0609 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets. | |||||
| CVE-2002-0607 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL. | |||||
| CVE-2002-0606 | 1 3com | 1 3cdaemon | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login. | |||||
| CVE-2002-0601 | 1 Information Security Systems | 1 Realsecure Network Sensor | 2008-09-05 | 5.0 MEDIUM | N/A |
| ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. | |||||
| CVE-2002-0608 | 1 Matu | 1 Matu Ftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. | |||||
| CVE-2002-0599 | 1 Blahz-dns | 1 Blahz-dns | 2008-09-05 | 10.0 HIGH | N/A |
| Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen. | |||||
| CVE-2002-0598 | 1 Foundstone | 1 Fscan | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. | |||||
| CVE-2002-0764 | 1 Phorum | 1 Phorum | 2008-09-05 | 7.5 HIGH | N/A |
| Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. | |||||
| CVE-2002-0595 | 1 Webtrends | 1 Reporting Center | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory. | |||||
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2002-0591 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename. | |||||
| CVE-2002-0590 | 1 Icredibb | 1 Icredibb | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts. | |||||
| CVE-2002-0589 | 1 Steve Korbett | 1 Pvote | 2008-09-05 | 7.5 HIGH | N/A |
| PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password. | |||||
| CVE-2002-0588 | 1 Steve Korbett | 1 Pvote | 2008-09-05 | 5.0 MEDIUM | N/A |
| PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. | |||||
| CVE-2002-0587 | 1 Aol | 1 Aol Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. | |||||
| CVE-2002-0586 | 1 Aol | 1 Aol Server | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. | |||||
| CVE-2002-0584 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. | |||||
| CVE-2002-0583 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | |||||
| CVE-2002-0582 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. | |||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | |||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | |||||
| CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | |||||
| CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. | |||||
| CVE-2002-0576 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | |||||
| CVE-2002-0574 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. | |||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | |||||
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | |||||
| CVE-2002-0556 | 1 Deep Forest Software | 1 Quik-serv Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2002-0555 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. | |||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||||
| CVE-2002-0553 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. | |||||
| CVE-2002-0552 | 1 Melange | 1 Melange Chat System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. | |||||
| CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. | |||||
| CVE-2002-0550 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. | |||||