Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0653 | 1 Mod Ssl | 1 Mod Ssl | 2016-10-18 | 4.6 MEDIUM | N/A |
| Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | |||||
| CVE-2002-0662 | 1 Dan Mueth | 1 Scrollkeeper | 2016-10-18 | 2.1 LOW | N/A |
| scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. | |||||
| CVE-2002-0664 | 1 Granite Software | 1 Zmerge | 2016-10-18 | 7.5 HIGH | N/A |
| The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts. | |||||
| CVE-2002-0665 | 1 Macromedia | 1 Jrun | 2016-10-18 | 10.0 HIGH | N/A |
| Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. | |||||
| CVE-2002-0683 | 1 Pacific Software | 1 Carello | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter. | |||||
| CVE-2002-0684 | 2 Gnu, Isc | 2 Glibc, Bind | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | |||||
| CVE-2002-0685 | 1 Pgp | 3 Desktop Security, Freeware, Personal Security | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message. | |||||
| CVE-2002-0686 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter. | |||||
| CVE-2002-0701 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2016-10-18 | 2.1 LOW | N/A |
| ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. | |||||
| CVE-2002-0702 | 1 Isc | 1 Dhcpd | 2016-10-18 | 10.0 HIGH | N/A |
| Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. | |||||
| CVE-2002-0704 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. | |||||
| CVE-2002-0705 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-18 | 7.5 HIGH | N/A |
| The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords. | |||||
| CVE-2002-0706 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-18 | 7.5 HIGH | N/A |
| UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function. | |||||
| CVE-2002-0707 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow. | |||||
| CVE-2002-0708 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences. | |||||
| CVE-2002-0709 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs. | |||||
| CVE-2002-0710 | 1 Rod Clark | 1 Sendform.cgi | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. | |||||
| CVE-2002-0711 | 1 Hp | 1 Trucluster Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. | |||||
| CVE-2002-0713 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated. | |||||
| CVE-2002-0714 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. | |||||
| CVE-2002-0715 | 1 Squid | 1 Squid | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. | |||||
| CVE-2002-0716 | 1 Sco | 1 Openserver | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument. | |||||
| CVE-2002-0717 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
| CVE-2002-0729 | 1 Microsoft | 1 Sql Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. | |||||
| CVE-2002-0735 | 2 C-note, Padl Software | 3 Squid Auth Ldap, Nss Ldap, Pam Ldap | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | |||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2016-10-18 | 7.5 HIGH | N/A |
| The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
| CVE-2002-0401 | 1 Ethereal Group | 1 Ethereal | 2016-10-18 | 7.5 HIGH | N/A |
| SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. | |||||
| CVE-2002-0402 | 1 Ethereal Group | 1 Ethereal | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. | |||||
| CVE-2002-0403 | 1 Ethereal Group | 1 Ethereal | 2016-10-18 | 5.0 MEDIUM | N/A |
| DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | |||||
| CVE-2002-0404 | 1 Ethereal Group | 1 Ethereal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2016-10-18 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||
| CVE-2002-0408 | 1 Lotus | 1 Domino | 2016-10-18 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. | |||||
| CVE-2002-0409 | 1 Microsoft | 1 .net Framework | 2016-10-18 | 5.0 MEDIUM | N/A |
| orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. | |||||
| CVE-2002-0412 | 1 Luca Deri | 1 Ntop | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | |||||
| CVE-2002-0429 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 3.6 LOW | N/A |
| The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). | |||||
| CVE-2002-0456 | 1 Qualcomm | 1 Eudora | 2016-10-18 | 5.0 MEDIUM | N/A |
| Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0468 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files. | |||||
| CVE-2002-0477 | 1 Macromedia | 1 Flash Player | 2016-10-18 | 7.5 HIGH | N/A |
| Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. | |||||
| CVE-2002-0478 | 1 Foundrynet | 1 Edgeiron | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings. | |||||
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2016-10-18 | 10.0 HIGH | N/A |
| ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | |||||
| CVE-2002-0484 | 1 Php | 1 Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | |||||
| CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2016-10-18 | 5.0 MEDIUM | N/A |
| Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | |||||
| CVE-2002-0489 | 1 Linux Directory Penguin | 1 Nslookup | 2016-10-18 | 10.0 HIGH | N/A |
| Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters. | |||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
| CVE-2002-0542 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 7.2 HIGH | N/A |
| mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. | |||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||||
| CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
| CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
| CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2016-10-18 | 2.1 LOW | N/A |
| Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||