Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | |||||
| CVE-2002-0266 | 1 Thunderstone Software | 1 Texis | 2016-10-18 | 5.0 MEDIUM | N/A |
| Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. | |||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | |||||
| CVE-2002-0230 | 1 Faq-o-matic | 1 Faq-o-matic | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message. | |||||
| CVE-2002-0256 | 1 Arescom | 1 Netdsl | 2016-10-18 | 5.0 MEDIUM | N/A |
| The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop. | |||||
| CVE-2002-0133 | 1 Avirt | 3 Avirt Gateway, Avirt Gateway Suite, Avirt Soho | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy. | |||||
| CVE-2002-0107 | 1 Cacheflow | 1 Cacheos | 2016-10-18 | 5.0 MEDIUM | N/A |
| Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. | |||||
| CVE-2002-0197 | 1 Psychoid | 1 Psybnc | 2016-10-18 | 7.5 HIGH | N/A |
| psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. | |||||
| CVE-2002-0137 | 1 Andreas Mueller | 1 Cdrdao | 2016-10-18 | 7.2 HIGH | N/A |
| CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. | |||||
| CVE-2002-0082 | 2 Apache-ssl, Mod Ssl | 2 Apache-ssl, Mod Ssl | 2016-10-18 | 7.5 HIGH | N/A |
| The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2002-0129 | 1 Efax | 1 Efax | 2016-10-18 | 2.1 LOW | N/A |
| efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | |||||
| CVE-2002-0111 | 1 Funsoft | 1 Dinos Webserver | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. | |||||
| CVE-2002-0092 | 1 Cvs | 1 Cvs | 2016-10-18 | 5.0 MEDIUM | N/A |
| CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. | |||||
| CVE-2002-0110 | 1 Nevrona Designs | 1 Miramail | 2016-10-18 | 2.1 LOW | N/A |
| Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file. | |||||
| CVE-2002-0098 | 1 Boozt | 1 Boozt Standard | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. | |||||
| CVE-2002-0116 | 1 Palm | 1 Palm Os | 2016-10-18 | 5.0 MEDIUM | N/A |
| Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. | |||||
| CVE-2002-0103 | 1 Oracle | 1 Application Server Web Cache | 2016-10-18 | 4.6 MEDIUM | N/A |
| An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | |||||
| CVE-2002-0109 | 1 Linksys | 3 Befn2ps4, Befsr41, Befsr81 | 2016-10-18 | 6.4 MEDIUM | N/A |
| Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. | |||||
| CVE-2002-0131 | 1 Activestate | 1 Activepython | 2016-10-18 | 5.0 MEDIUM | N/A |
| ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. | |||||