Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
| CVE-2002-1883 | 1 Trolltech | 1 Qt Assistant | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service. | |||||
| CVE-2002-1884 | 1 Py-membres | 1 Py-membres | 2008-09-05 | 7.5 HIGH | N/A |
| index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". | |||||
| CVE-2002-1885 | 1 Powerphlogger | 1 Powerphlogger | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter. | |||||
| CVE-2002-1886 | 1 Tightauction | 1 Tightauction | 2008-09-05 | 5.0 MEDIUM | N/A |
| TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. | |||||
| CVE-2002-1887 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter. | |||||
| CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2008-09-05 | 2.1 LOW | N/A |
| CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2008-09-05 | 2.1 LOW | N/A |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. | |||||
| CVE-2002-1891 | 1 Ayman Akt | 1 Ircit | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request. | |||||
| CVE-2002-1892 | 1 Netgear | 1 Fvs318 | 2008-09-05 | 2.1 LOW | N/A |
| NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | |||||
| CVE-2002-1893 | 1 Argosoft | 1 Argosoft Mail Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message. | |||||
| CVE-2002-1894 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2002-1896 | 1 Alsaplayer | 1 Alsaplayer | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument. | |||||
| CVE-2002-1898 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.2 HIGH | N/A |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
| CVE-2002-1899 | 1 Icewarp | 1 Web Mail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. | |||||
| CVE-2002-1900 | 1 Pinboard | 1 Pinboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. | |||||
| CVE-2002-1901 | 1 Bodo Bauer | 1 Bbgallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. | |||||
| CVE-2002-1902 | 1 Markus Triska | 1 Cgiforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2002-1904 | 1 Gaztek | 1 Ghttpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-1905 | 1 Polycom | 1 Viavideo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1906 | 1 Polycom | 1 Viavideo | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | |||||
| CVE-2002-1907 | 1 Telcondex | 1 Simplewebserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. | |||||
| CVE-2002-1910 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1911 | 1 Zonelabs | 1 Zonealarm | 2008-09-05 | 5.0 MEDIUM | N/A |
| ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue. | |||||
| CVE-2002-1913 | 1 Myphpnuke | 1 Myphpnuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable. | |||||
| CVE-2002-1914 | 1 Dump | 1 Dump | 2008-09-05 | 2.1 LOW | N/A |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | |||||
| CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
| CVE-2002-1916 | 1 Pirch | 2 Pirch Irc, Ruspirch | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries. | |||||
| CVE-2002-1917 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header. | |||||
| CVE-2002-1920 | 1 Datawizard | 1 Ftpxq | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. | |||||
| CVE-2002-1922 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | |||||
| CVE-2002-1924 | 1 Apc | 1 Powerchute | 2008-09-05 | 5.0 MEDIUM | N/A |
| PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory. | |||||
| CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. | |||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | |||||
| CVE-2002-1928 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. | |||||
| CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. | |||||
| CVE-2002-1930 | 1 An | 1 An-httpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
| CVE-2002-1931 | 1 Php Arena | 1 Pafiledb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. | |||||
| CVE-2002-1933 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.2 HIGH | N/A |
| The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | |||||
| CVE-2002-1934 | 1 Pingtel | 1 Xpressa | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information. | |||||
| CVE-2002-1935 | 1 Pingtel | 1 Xpressa | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar. | |||||
| CVE-2002-1936 | 1 Utstarcom | 1 Bas 1000 | 2008-09-05 | 7.5 HIGH | N/A |
| UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase". | |||||
| CVE-2002-1937 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2008-09-05 | 5.0 MEDIUM | N/A |
| Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password. | |||||
| CVE-2002-1938 | 1 Virgil | 1 Cgi Scanner | 2008-09-05 | 7.5 HIGH | N/A |
| Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters. | |||||
| CVE-2002-1939 | 1 Flashfxp | 1 Flashfxp | 2008-09-05 | 2.1 LOW | N/A |
| FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties. | |||||
| CVE-2002-1940 | 1 Jacob Navia | 1 Lcc-win32 | 2008-09-05 | 5.0 MEDIUM | N/A |
| LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application. | |||||
| CVE-2002-1941 | 1 Radiobird Software | 1 Web Server 4 Everyone | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request with the Host header set. | |||||