Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2008-09-10 | 9.3 HIGH | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
| CVE-2003-0243 | 1 Happycgi | 1 Happymall | 2008-09-10 | 7.5 HIGH | N/A |
| Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts. | |||||
| CVE-2003-0256 | 1 Kde | 1 Kopete | 2008-09-10 | 7.5 HIGH | N/A |
| The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2003-0261 | 1 Fuzz | 1 Fuzz | 2008-09-10 | 4.6 MEDIUM | N/A |
| fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges. | |||||
| CVE-2003-0351 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2008-09-10 | 7.5 HIGH | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
| CVE-2003-0422 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. | |||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | |||||
| CVE-2003-0424 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. | |||||
| CVE-2003-0425 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. | |||||
| CVE-2003-0041 | 2 Mit, Redhat | 2 Kerberos Ftp Client, Linux | 2008-09-10 | 10.0 HIGH | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
| CVE-2003-0090 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0099 | 1 Apc | 1 Apcupsd | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. | |||||
| CVE-2002-2001 | 2 Jmcce, Mandrakesoft | 2 Jmcce, Mandrake Linux | 2008-09-10 | 1.2 LOW | N/A |
| jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-2041 | 1 Qnx | 1 Rtos | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer. | |||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
| CVE-2002-2135 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1618. Reason: This candidate is a duplicate of CVE-2002-1618. Notes: All CVE users should reference CVE-2002-1618 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
| CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | |||||
| CVE-2002-2147 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2151 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1651. Reason: This candidate is a duplicate of CVE-2002-1651. Notes: All CVE users should reference CVE-2002-1651 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2157 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1660. Reason: This candidate is a duplicate of CVE-2002-1660. Notes: All CVE users should reference CVE-2002-1660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2160 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1798. Reason: This candidate is a duplicate of CVE-2002-1798. Notes: All CVE users should reference CVE-2002-1798 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | |||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.6 LOW | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||
| CVE-2002-2194 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1589. Reason: This candidate is a duplicate of CVE-2002-1589. Notes: All CVE users should reference CVE-2002-1589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-2200 | 1 Benjamin Lefevre | 1 Dobermann Forum | 2008-09-10 | 7.5 HIGH | N/A |
| Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php. | |||||
| CVE-2002-1600 | 1 Mike Spice | 1 My Classifieds | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter. | |||||
| CVE-2002-1638 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-2153. Reason: This candidate is a duplicate of CVE-2002-2153. Notes: All CVE users should reference CVE-2002-2153 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1897 | 1 Mywebserver | 1 Mywebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. | |||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||||
| CVE-2002-1189 | 1 Cisco | 1 Unity Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. | |||||
| CVE-2002-1193 | 1 Tkmail | 1 Tkmail | 2008-09-10 | 2.1 LOW | N/A |
| tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. | |||||
| CVE-2002-1194 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | |||||
| CVE-2002-1202 | 1 Compaq | 1 Tru64 | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files. | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2002-1212 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1213 | 1 Radiobird Software | 1 Webserver 4 All | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. | |||||
| CVE-2002-1215 | 1 Linux-ha | 1 Heartbeat | 2008-09-10 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | |||||
| CVE-2002-1222 | 1 Cisco | 1 Catos | 2008-09-10 | 7.1 HIGH | N/A |
| Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | |||||
| CVE-2002-1231 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 2.1 LOW | N/A |
| SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. | |||||
| CVE-2002-1234 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0180. Reason: This candidate is a an out-of-band assignment duplicate of CVE-2002-0180. Notes: All CVE users should reference CVE-2002-0180 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. | |||||
| CVE-2002-1252 | 1 Peoplesoft | 1 Peopletools | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. | |||||
| CVE-2002-1259 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1261 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1263 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1295. Reason: This candidate is a reservation duplicate of CVE-2002-1295. Notes: All CVE users should reference CVE-2002-1295 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-1278 | 1 Jacques Gelinas | 1 Linuxconf | 2008-09-10 | 7.5 HIGH | N/A |
| The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. | |||||
| CVE-2002-1279 | 1 Masqmail | 1 Masqmail | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option). | |||||
| CVE-2002-1280 | 1 Iss | 1 Realsecure Event Collector | 2008-09-10 | 5.0 MEDIUM | N/A |
| Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | |||||