Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
| CVE-2002-0758 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.5 HIGH | N/A |
| ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. | |||||
| CVE-2002-0766 | 1 Openbsd | 1 Openbsd | 2008-09-10 | 7.2 HIGH | N/A |
| OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. | |||||
| CVE-2002-0450 | 1 Talentsoft | 1 Web\+ Server | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. | |||||
| CVE-2002-0667 | 1 Pingtel | 1 Xpressa | 2008-09-10 | 10.0 HIGH | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | |||||
| CVE-2002-0064 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.2 HIGH | N/A |
| Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. | |||||
| CVE-2002-0097 | 1 Geeklog | 1 Geeklog | 2008-09-10 | 7.5 HIGH | N/A |
| Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. | |||||
| CVE-2002-0010 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. | |||||
| CVE-2002-0011 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | |||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
| CVE-2002-0065 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.2 HIGH | N/A |
| Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. | |||||
| CVE-2002-0378 | 1 Astart Technologies | 1 Lprng | 2008-09-10 | 7.5 HIGH | N/A |
| The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||||
| CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2008-09-10 | 4.6 MEDIUM | N/A |
| The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | |||||
| CVE-2002-0029 | 2 Astaro, Isc | 2 Security Linux, Bind | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | |||||
| CVE-2002-0384 | 1 Rob Flynn | 1 Gaim | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-0400 | 1 Isc | 1 Bind | 2008-09-10 | 5.0 MEDIUM | N/A |
| ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. | |||||
| CVE-2002-0009 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | |||||
| CVE-2002-0376 | 1 Apple | 1 Quicktime | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. | |||||
| CVE-2002-0144 | 1 Scott Parish | 1 Chuid | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. | |||||
| CVE-2002-0066 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.5 HIGH | N/A |
| Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. | |||||