Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0515 | 1 Darren Reed | 1 Ipfilter | 2008-09-05 | 5.0 MEDIUM | N/A |
| IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. | |||||
| CVE-2002-0516 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 10.0 HIGH | N/A |
| SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | |||||
| CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | |||||
| CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. | |||||
| CVE-2002-0520 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag. | |||||
| CVE-2002-0521 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp. | |||||
| CVE-2002-0522 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 7.5 HIGH | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. | |||||
| CVE-2002-0523 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | |||||
| CVE-2002-0524 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. | |||||
| CVE-2002-0525 | 1 Isc | 1 Inn | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. | |||||
| CVE-2002-0527 | 1 Watchguard | 1 Soho Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. | |||||
| CVE-2002-0528 | 1 Watchguard | 1 Soho Firewall | 2008-09-05 | 10.0 HIGH | N/A |
| Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules. | |||||
| CVE-2002-0529 | 1 Hp | 1 Photosmart Print Driver | 2008-09-05 | 6.2 MEDIUM | N/A |
| HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse. | |||||
| CVE-2002-0531 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. | |||||
| CVE-2002-0532 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2008-09-05 | 7.2 HIGH | N/A |
| EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||||
| CVE-2002-0534 | 1 Postboard | 1 Postboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
| CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
| PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | |||||
| CVE-2002-0537 | 1 Stepweb | 1 Sws | 2008-09-05 | 10.0 HIGH | N/A |
| The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. | |||||
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2008-09-05 | 10.0 HIGH | N/A |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | |||||
| CVE-2002-0540 | 1 Nortel | 1 Cvx 1800 Multi-service Access Switch | 2008-09-05 | 7.5 HIGH | N/A |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. | |||||
| CVE-2002-0541 | 1 Ibm | 1 Tivoli Storage Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581. | |||||
| CVE-2002-0543 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. | |||||
| CVE-2002-0544 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 7.2 HIGH | N/A |
| Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. | |||||
| CVE-2002-0545 | 1 Cisco | 2 Aironet Ap340, Aironet Ap350 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. | |||||
| CVE-2002-0546 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. | |||||
| CVE-2002-0547 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. | |||||
| CVE-2002-0548 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php. | |||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. | |||||
| CVE-2002-0550 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. | |||||
| CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. | |||||
| CVE-2002-0552 | 1 Melange | 1 Melange Chat System | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. | |||||
| CVE-2002-0553 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. | |||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||||
| CVE-2002-0555 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. | |||||
| CVE-2002-0556 | 1 Deep Forest Software | 1 Quik-serv Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | |||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | |||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
| CVE-2002-0574 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. | |||||
| CVE-2002-0576 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | |||||
| CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. | |||||
| CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | |||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | |||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | |||||
| CVE-2002-0582 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. | |||||
| CVE-2002-0583 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | |||||
| CVE-2002-0584 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. | |||||
| CVE-2002-0586 | 1 Aol | 1 Aol Server | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. | |||||
| CVE-2002-0587 | 1 Aol | 1 Aol Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. | |||||
| CVE-2002-0588 | 1 Steve Korbett | 1 Pvote | 2008-09-05 | 5.0 MEDIUM | N/A |
| PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. | |||||