Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2060 | 1 Twibright Labs | 1 Links | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images. | |||||
| CVE-2002-2063 | 1 Atguard | 1 Atguard Personal Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. | |||||
| CVE-2002-2064 | 1 Phpwebgallery | 1 Phpwebgallery | 2008-09-05 | 7.5 HIGH | N/A |
| isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. | |||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | |||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2008-09-05 | 5.0 MEDIUM | N/A |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2067 | 1 East Technologies | 1 East-tec Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2068 | 1 Sami Tolvanen | 1 Eraser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2069 | 1 Pgp | 1 Pgp | 2008-09-05 | 5.0 MEDIUM | N/A |
| PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2070 | 1 Accessdata | 1 Secureclean | 2008-09-05 | 5.0 MEDIUM | N/A |
| SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | |||||
| CVE-2002-2071 | 1 Compaq | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap. | |||||
| CVE-2002-2072 | 1 Sun | 1 Jre | 2008-09-05 | 5.0 MEDIUM | N/A |
| java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument. | |||||
| CVE-2002-2074 | 1 Erwin Lansing | 1 Mailidx | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page. | |||||
| CVE-2002-2075 | 1 Mirabilis | 1 Icq | 2008-09-05 | 5.0 MEDIUM | N/A |
| ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||||
| CVE-2002-2076 | 1 Summit Computer Networks | 1 Lil Http | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2002-2078 | 1 Floosietek | 2 Ftgateoffice, Ftgatepro | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command. | |||||
| CVE-2002-2079 | 2 Mosix Project, Openmosix Project | 2 Mosix, Openmosix | 2008-09-05 | 5.0 MEDIUM | N/A |
| mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets. | |||||
| CVE-2002-2080 | 1 Floosietek | 1 Ftgatepro | 2008-09-05 | 5.0 MEDIUM | N/A |
| Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session. | |||||
| CVE-2002-2081 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2008-09-05 | 5.0 MEDIUM | N/A |
| cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. | |||||
| CVE-2002-2082 | 1 Floosietek | 2 Ftgateoffice, Ftgatepro | 2008-09-05 | 7.5 HIGH | N/A |
| FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users. | |||||
| CVE-2002-2083 | 1 Novell | 1 Netware | 2008-09-05 | 2.1 LOW | N/A |
| The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. | |||||
| CVE-2002-2084 | 1 Portix-php | 1 Portix-php | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters. | |||||
| CVE-2002-2085 | 1 Wwwebbb | 1 Wwwebbb Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2002-2087 | 1 Borland Software | 1 Interbase | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server. | |||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2008-09-05 | 10.0 HIGH | N/A |
| The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | |||||
| CVE-2002-2089 | 1 Sun | 1 Solaris | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2002-2090 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. | |||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. | |||||
| CVE-2002-2094 | 1 Joe Testa | 1 Hellbent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct. | |||||
| CVE-2002-2095 | 1 Joe Testa | 1 Hellbent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow. | |||||
| CVE-2002-2096 | 1 Novell | 1 Netware | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2002-2100 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. | |||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | |||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2008-09-05 | 5.0 MEDIUM | N/A |
| InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data. | |||||
| CVE-2002-2103 | 1 Apache | 1 Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | |||||
| CVE-2002-2107 | 1 Veridis | 1 Openkeyserver | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2002-2108 | 1 Sony | 1 Vaio Manual Cybersupport | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. | |||||
| CVE-2002-2109 | 1 Matt Wright | 1 Formmail | 2008-09-05 | 7.5 HIGH | N/A |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. | |||||
| CVE-2002-2110 | 1 Rca | 1 Digital Cable Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device. | |||||
| CVE-2002-2112 | 1 Rca | 1 Digital Cable Modem | 2008-09-05 | 5.0 MEDIUM | N/A |
| RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information. | |||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2008-09-05 | 7.5 HIGH | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | |||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2002-2116 | 1 Netgear | 2 Rm356, Rt338 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. | |||||
| CVE-2002-2117 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). | |||||
| CVE-2002-2119 | 1 Novell | 1 Edirectory | 2008-09-05 | 7.5 HIGH | N/A |
| Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | |||||
| CVE-2002-2120 | 1 Qnx | 1 Rtos | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10. | |||||
| CVE-2002-2122 | 1 Pointsec Mobile Technologies | 1 Pointsec | 2008-09-05 | 2.1 LOW | N/A |
| Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory. | |||||
| CVE-2002-2126 | 1 Pedestal Software | 1 Integrity Protection Driver | 2008-09-05 | 2.1 LOW | N/A |
| restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time. | |||||
| CVE-2002-2128 | 1 W-agora | 1 W-agora | 2008-09-05 | 4.6 MEDIUM | N/A |
| editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2002-2130 | 1 Gallery Project | 1 Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-2131 | 1 Perl-httpd | 1 Perl-httpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. | |||||