Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0139 | 1 Pi-soft | 1 Spoonftp | 2008-09-11 | 7.5 HIGH | N/A |
| Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. | |||||
| CVE-2002-0123 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2008-09-11 | 7.5 HIGH | N/A |
| MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. | |||||
| CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2008-09-11 | 5.0 MEDIUM | N/A |
| Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. | |||||
| CVE-2002-0174 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | |||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2008-09-11 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). | |||||
| CVE-2002-0120 | 1 Palm | 1 Palm Desktop | 2008-09-11 | 2.1 LOW | N/A |
| Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. | |||||
| CVE-2002-0215 | 1 Steve Kneizys | 1 Agora.cgi | 2008-09-11 | 5.0 MEDIUM | N/A |
| Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message. | |||||
| CVE-2002-0202 | 1 Paintbbs | 1 Paintbbs | 2008-09-11 | 3.6 LOW | N/A |
| PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder. | |||||
| CVE-2002-0121 | 1 Php | 1 Php | 2008-09-11 | 2.1 LOW | N/A |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
| CVE-2002-0223 | 2 Infopop, Wired Community Software | 2 Ultimate Bulletin Board, Wwwthreads | 2008-09-11 | 7.5 HIGH | N/A |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. | |||||
| CVE-2002-0246 | 1 Caldera | 1 Unixware | 2008-09-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | |||||
| CVE-2002-0132 | 1 Chinput | 1 Chinput | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2008-09-11 | 5.0 MEDIUM | N/A |
| userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. | |||||
| CVE-2002-0209 | 1 Nortel | 1 Alteon Acedirector | 2008-09-11 | 5.0 MEDIUM | N/A |
| Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. | |||||
| CVE-2002-0196 | 1 Acd Incorporated | 1 Cwpapi | 2008-09-11 | 6.4 MEDIUM | N/A |
| GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. | |||||
| CVE-2002-0217 | 1 Xoops | 1 Xoops | 2008-09-11 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. | |||||
| CVE-2002-0220 | 1 Phpsmssend | 1 Phpsmssend | 2008-09-11 | 7.5 HIGH | N/A |
| phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. | |||||
| CVE-2002-0173 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. | |||||
| CVE-2002-0125 | 1 Clanlib | 1 Clanlib | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. | |||||
| CVE-2002-0135 | 1 Netopia | 1 Timbuktu Pro | 2008-09-11 | 5.0 MEDIUM | N/A |
| Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). | |||||