Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0683 | 1 Pacific Software | 1 Carello | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter. | |||||
| CVE-2002-0710 | 1 Rod Clark | 1 Sendform.cgi | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. | |||||
| CVE-2002-0717 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
| CVE-2002-0664 | 1 Granite Software | 1 Zmerge | 2016-10-18 | 7.5 HIGH | N/A |
| The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts. | |||||
| CVE-2002-0484 | 1 Php | 1 Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | |||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
| CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
| CVE-2002-0409 | 1 Microsoft | 1 .net Framework | 2016-10-18 | 5.0 MEDIUM | N/A |
| orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. | |||||
| CVE-2002-0638 | 3 Hp, Mandrakesoft, Redhat | 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2016-10-18 | 6.2 MEDIUM | N/A |
| setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | |||||
| CVE-2002-0408 | 1 Lotus | 1 Domino | 2016-10-18 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. | |||||
| CVE-2002-0429 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 3.6 LOW | N/A |
| The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). | |||||
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2016-10-18 | 10.0 HIGH | N/A |
| ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | |||||
| CVE-2002-0489 | 1 Linux Directory Penguin | 1 Nslookup | 2016-10-18 | 10.0 HIGH | N/A |
| Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters. | |||||
| CVE-2002-0456 | 1 Qualcomm | 1 Eudora | 2016-10-18 | 5.0 MEDIUM | N/A |
| Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0575 | 1 Openbsd | 1 Openssh | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. | |||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2016-10-18 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||
| CVE-2002-0603 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2016-10-18 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500. | |||||
| CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2016-10-18 | 2.1 LOW | N/A |
| Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||
| CVE-2002-0569 | 1 Oracle | 1 Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). | |||||
| CVE-2002-0542 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 7.2 HIGH | N/A |
| mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. | |||||