Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | |||||
| CVE-2002-0903 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value. | |||||
| CVE-2002-0905 | 1 Ibm | 1 Informix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable. | |||||
| CVE-2002-0907 | 1 Nullsoft | 1 Shoutcast Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-". | |||||
| CVE-2002-0908 | 1 Cisco | 1 Ids Device Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request. | |||||
| CVE-2002-0910 | 1 Debian | 1 Netstd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to. | |||||
| CVE-2002-0911 | 1 Caldera | 1 Volution Manager | 2008-09-05 | 7.2 HIGH | N/A |
| Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. | |||||
| CVE-2002-0912 | 1 Debian | 1 Debian Linux | 2008-09-05 | 5.0 MEDIUM | N/A |
| in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow. | |||||
| CVE-2002-0914 | 1 Double Precision Incorporated | 1 Courier Mta | 2008-09-05 | 5.0 MEDIUM | N/A |
| Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. | |||||
| CVE-2002-0915 | 1 Harald Hoyer | 2 Autorun, Xandros Desktop Os | 2008-09-05 | 2.1 LOW | N/A |
| autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file. | |||||
| CVE-2002-0916 | 1 Stellar-x Software | 1 Msntauth | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call. | |||||
| CVE-2002-0917 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. | |||||
| CVE-2002-0918 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error. | |||||
| CVE-2002-0919 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page. | |||||
| CVE-2002-0921 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages. | |||||
| CVE-2002-0922 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb. | |||||
| CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. | |||||
| CVE-2002-0925 | 1 Matthew Mondor | 2 Mmftpd, Mmmail | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier. | |||||
| CVE-2002-0926 | 1 Wolfram Research | 1 Webmathematica | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter. | |||||
| CVE-2002-0928 | 1 Pirch | 1 Pirch Irc | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message. | |||||
| CVE-2002-0929 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | |||||
| CVE-2002-0930 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command. | |||||
| CVE-2002-0931 | 1 Luis Bernardo | 1 Myhelpdesk | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited. | |||||
| CVE-2002-0932 | 1 Luis Bernardo | 1 Myhelpdesk | 2008-09-05 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog. | |||||
| CVE-2002-0933 | 1 Datalex | 1 Bookit Consumer | 2008-09-05 | 7.5 HIGH | N/A |
| Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks. | |||||
| CVE-2002-0934 | 1 Jon Hedley | 1 Alienform2 | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file. | |||||
| CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | |||||
| CVE-2002-0941 | 1 Ncipher | 2 Nforce, Nshield | 2008-09-05 | 4.6 MEDIUM | N/A |
| The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges. | |||||
| CVE-2002-0942 | 1 Lumigent | 1 Log Explorer | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach. | |||||
| CVE-2002-0943 | 1 Metalinks | 1 Metacart2.sql | 2008-09-05 | 6.4 MEDIUM | N/A |
| MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. | |||||
| CVE-2002-0944 | 1 Deepmetrix | 1 Livestats | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program. | |||||
| CVE-2002-0945 | 1 Seanox | 1 Devwex | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2002-0946 | 1 Seanox | 1 Devwex | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request. | |||||
| CVE-2002-0947 | 1 Oracle | 2 Application Server, Reports | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | |||||
| CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | |||||
| CVE-2002-0950 | 1 Transware | 1 Active Mail | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered. | |||||
| CVE-2002-0951 | 1 Ruslan Communications | 1 Body Builder | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password. | |||||
| CVE-2002-0953 | 1 Php Address | 1 Php Address | 2008-09-05 | 7.5 HIGH | N/A |
| globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter. | |||||
| CVE-2002-0955 | 1 Yabb | 1 Yabb | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. | |||||
| CVE-2002-0956 | 1 Iss | 1 Blackice Agent | 2008-09-05 | 7.5 HIGH | N/A |
| BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions. | |||||
| CVE-2002-0957 | 1 Iss | 1 Blackice Agent | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | |||||
| CVE-2002-0958 | 1 Ekilat Llc | 1 Php\(reactor\) | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. | |||||
| CVE-2002-0959 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. | |||||
| CVE-2002-0960 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users. | |||||
| CVE-2002-0961 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack. | |||||
| CVE-2002-0962 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php. | |||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | |||||
| CVE-2002-0964 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out. | |||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | |||||