Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2008-09-05 | 10.0 HIGH | N/A |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | |||||
| CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2008-09-05 | 7.5 HIGH | N/A |
| b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | |||||
| CVE-2002-0544 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 7.2 HIGH | N/A |
| Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. | |||||
| CVE-2002-0795 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. | |||||
| CVE-2002-0512 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2008-09-05 | 4.6 MEDIUM | N/A |
| startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. | |||||
| CVE-2002-0611 | 1 Craig Patchett | 1 Fileseek | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered. | |||||
| CVE-2002-0609 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets. | |||||
| CVE-2002-0783 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 7.5 HIGH | N/A |
| Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. | |||||
| CVE-2002-0432 | 1 Citadel | 1 Ux | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server. | |||||
| CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | |||||
| CVE-2002-0774 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 10.0 HIGH | N/A |
| Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. | |||||
| CVE-2002-0451 | 1 Phpprojekt | 1 Phpprojekt | 2008-09-05 | 7.5 HIGH | N/A |
| filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. | |||||
| CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. | |||||
| CVE-2002-0445 | 1 Php Firstpost | 1 Php Firstpost | 2008-09-05 | 5.0 MEDIUM | N/A |
| article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. | |||||
| CVE-2002-0534 | 1 Postboard | 1 Postboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
| CVE-2002-0431 | 1 Dave Lawrence | 1 Xtux | 2008-09-05 | 5.0 MEDIUM | N/A |
| XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. | |||||
| CVE-2002-0472 | 1 Microsoft | 1 Msn Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. | |||||
| CVE-2002-0731 | 1 Vqsoft | 1 Vqserver | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. | |||||
| CVE-2002-0505 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. | |||||
| CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2008-09-05 | 10.0 HIGH | N/A |
| Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. | |||||