Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1417 | 1 Novell | 2 Netware, Small Business Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator. | |||||
| CVE-2002-1418 | 1 Novell | 2 Netware, Small Business Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. | |||||
| CVE-2002-1419 | 1 Sgi | 1 Irix | 2008-09-05 | 7.5 HIGH | N/A |
| The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address. | |||||
| CVE-2002-1421 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. | |||||
| CVE-2002-1422 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters. | |||||
| CVE-2002-1423 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | |||||
| CVE-2002-1424 | 1 John G. Myers | 1 Mpack | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1425 | 1 John G. Myers | 1 Mpack | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted. | |||||
| CVE-2002-1426 | 1 Hp | 1 Procurve Switch 4000m | 2008-09-05 | 7.8 HIGH | N/A |
| HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | |||||
| CVE-2002-1427 | 1 Easy Scripts Archive | 2 Advanced Easy Homepage Creator, Easy Homepage Creator | 2008-09-05 | 7.5 HIGH | N/A |
| The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. | |||||
| CVE-2002-1428 | 1 Dotproject | 1 Dotproject | 2008-09-05 | 10.0 HIGH | N/A |
| index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. | |||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | |||||
| CVE-2002-1430 | 1 Synthetic Reality | 1 Sympoll | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. | |||||
| CVE-2002-1431 | 1 Belkin | 1 F5d5230-4 4-port Cable Dsl Gateway Router | 2008-09-05 | 7.5 HIGH | N/A |
| Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. | |||||
| CVE-2002-1433 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services. | |||||
| CVE-2002-1434 | 1 Kerio | 1 Kerio Mailserver | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. | |||||
| CVE-2002-1435 | 1 Achievo | 1 Achievo | 2008-09-05 | 7.5 HIGH | N/A |
| class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. | |||||
| CVE-2002-1436 | 1 Novell | 1 Netware | 2008-09-05 | 7.5 HIGH | N/A |
| The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. | |||||
| CVE-2002-1437 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. | |||||
| CVE-2002-1438 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. | |||||
| CVE-2002-1439 | 1 Hp | 2 Virtualvault, Vvos | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. | |||||
| CVE-2002-1440 | 1 Gateway | 1 Gs-400 | 2008-09-05 | 10.0 HIGH | N/A |
| The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. | |||||
| CVE-2002-1441 | 1 Tomahawk Technologies | 1 Steelarrow | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. | |||||
| CVE-2002-1442 | 1 Google | 1 Toolbar | 2008-09-05 | 7.5 HIGH | N/A |
| The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. | |||||
| CVE-2002-1445 | 1 W3c | 1 Cern Httpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. | |||||
| CVE-2002-1446 | 1 Ncipher | 1 Pkcs 11 Library | 2008-09-05 | 5.0 MEDIUM | N/A |
| The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. | |||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | |||||
| CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2008-09-05 | 7.5 HIGH | N/A |
| An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||
| CVE-2002-1450 | 1 Ibm | 1 U2 Universe | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. | |||||
| CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. | |||||
| CVE-2002-1455 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. | |||||
| CVE-2002-1457 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter. | |||||
| CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. | |||||
| CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | |||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | |||||
| CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | |||||
| CVE-2002-1462 | 1 Organicphp | 1 Php-affiliate | 2008-09-05 | 5.0 MEDIUM | N/A |
| details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields. | |||||
| CVE-2002-1464 | 1 Cafelog | 1 B2 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | |||||
| CVE-2002-1465 | 1 Cafelog | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. | |||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2008-09-05 | 10.0 HIGH | N/A |
| CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | |||||
| CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | |||||
| CVE-2002-1468 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. | |||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2008-09-05 | 7.5 HIGH | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | |||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2008-09-05 | 2.1 LOW | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | |||||
| CVE-2002-1471 | 1 Ximian | 1 Evolution | 2008-09-05 | 5.0 MEDIUM | N/A |
| The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. | |||||
| CVE-2002-1472 | 1 Xfree86 Project | 1 X11r6 | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. | |||||
| CVE-2002-1473 | 1 Hp | 1 Hp-ux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1474 | 1 Hp | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. | |||||
| CVE-2002-1475 | 1 Hp | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. | |||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | |||||