Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0275 | 1 Blueface | 1 Falcon Web Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2002-0379 | 1 University Of Washington | 1 Uw-imap | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. | |||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. | |||||
| CVE-2002-0395 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 10.0 HIGH | N/A |
| The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. | |||||
| CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 7.5 HIGH | N/A |
| The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. | |||||
| CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 5.0 MEDIUM | N/A |
| Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | |||||
| CVE-2002-0398 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 10.0 HIGH | N/A |
| Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. | |||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2017-10-10 | 7.5 HIGH | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
| CVE-2002-0651 | 1 Isc | 1 Bind | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. | |||||
| CVE-2002-0668 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.5 HIGH | N/A |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | |||||
| CVE-2002-0674 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.2 HIGH | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | |||||
| CVE-2002-0830 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | |||||
| CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
| CVE-2002-0850 | 1 Pgp | 1 Corporate Desktop | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. | |||||
| CVE-2002-0906 | 1 Sendmail | 1 Sendmail | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. | |||||
| CVE-2002-0970 | 1 Kde | 2 Kde, Konqueror | 2017-10-10 | 7.5 HIGH | N/A |
| The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
| CVE-2002-0985 | 1 Php | 1 Php | 2017-10-10 | 7.5 HIGH | N/A |
| Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | |||||
| CVE-2002-0986 | 1 Php | 1 Php | 2017-10-10 | 5.0 MEDIUM | N/A |
| The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | |||||
| CVE-2002-1104 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). | |||||
| CVE-2002-1105 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 4.6 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. | |||||
| CVE-2002-1106 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. | |||||
| CVE-2002-1107 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. | |||||
| CVE-2002-1108 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. | |||||
| CVE-2002-1111 | 1 Mantis | 1 Mantis | 2017-10-10 | 5.0 MEDIUM | N/A |
| print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. | |||||
| CVE-2002-1112 | 1 Mantis | 1 Mantis | 2017-10-10 | 5.0 MEDIUM | N/A |
| Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. | |||||
| CVE-2002-1113 | 1 Mantis | 1 Mantis | 2017-10-10 | 7.5 HIGH | N/A |
| summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. | |||||
| CVE-2002-1116 | 1 Mantis | 1 Mantis | 2017-10-10 | 7.5 HIGH | N/A |
| The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | |||||
| CVE-2002-1117 | 1 Symantec Veritas | 1 Backup Exec | 2017-10-10 | 5.0 MEDIUM | N/A |
| Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. | |||||
| CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | |||||
| CVE-2002-1266 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." | |||||
| CVE-2002-1267 | 1 Apple | 1 Mac Os X | 2017-10-10 | 5.0 MEDIUM | N/A |
| Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." | |||||
| CVE-2002-1268 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." | |||||
| CVE-2002-1270 | 1 Apple | 1 Mac Os X | 2017-10-10 | 2.1 LOW | N/A |
| Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. | |||||
| CVE-2002-1272 | 1 Alcatel | 1 Aos | 2017-10-10 | 10.0 HIGH | N/A |
| Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. | |||||
| CVE-2002-1284 | 1 Kgpg | 1 Kgpg | 2017-10-10 | 4.6 MEDIUM | N/A |
| The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. | |||||
| CVE-2002-1307 | 1 Mhonarc | 1 Mhonarc | 2017-10-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. | |||||
| CVE-2002-1308 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2017-10-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | |||||
| CVE-2002-1313 | 1 Nullmailer | 1 Nullmailer | 2017-10-10 | 2.1 LOW | N/A |
| nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. | |||||
| CVE-2002-1319 | 2 Linux, Trustix | 2 Linux Kernel, Secure Linux | 2017-10-10 | 2.1 LOW | N/A |
| The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. | |||||
| CVE-2002-1336 | 1 Tightvnc | 1 Tightvnc | 2017-10-10 | 7.5 HIGH | N/A |
| TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | |||||
| CVE-2002-1349 | 1 Trend Micro | 2 Officescan, Pc-cillin | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). | |||||
| CVE-2002-1361 | 1 Sun | 1 Cobalt Raq 4 | 2017-10-10 | 10.0 HIGH | N/A |
| overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. | |||||
| CVE-2002-1362 | 1 Matthew Smith | 1 Micq | 2017-10-10 | 5.0 MEDIUM | N/A |
| mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. | |||||
| CVE-2002-1363 | 1 Greg Roelofs | 1 Libpng | 2017-10-10 | 7.5 HIGH | N/A |
| Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | |||||
| CVE-2002-1364 | 1 Ehud Gavron | 1 Tracesroute | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. | |||||
| CVE-2002-1366 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 6.2 MEDIUM | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. | |||||
| CVE-2002-1367 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 10.0 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke. | |||||
| CVE-2002-1369 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 10.0 HIGH | N/A |
| jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2002-1371 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 7.5 HIGH | N/A |
| filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. | |||||