Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0987 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
| SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
| CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2008-09-10 | 5.1 MEDIUM | N/A |
| CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | |||||
| CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-0873 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. | |||||
| CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2008-09-10 | 7.5 HIGH | N/A |
| Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
| CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | |||||
| CVE-2002-0874 | 1 Redhat | 1 Interchange | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||||
| CVE-2002-1122 | 1 Iss | 1 Internet Scanner | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. | |||||
| CVE-2002-1128 | 1 Digital | 2 Osf 1, Ultrix | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. | |||||
| CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
| CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
| domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
| CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. | |||||
| CVE-2002-0924 | 1 Cgiscript.net | 1 Csnews | 2008-09-10 | 7.5 HIGH | N/A |
| CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. | |||||
| CVE-2002-0984 | 1 Light | 1 Light | 2008-09-10 | 7.5 HIGH | N/A |
| The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | |||||
| CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 7.5 HIGH | N/A |
| l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. | |||||