Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0378 | 1 Astart Technologies | 1 Lprng | 2008-09-10 | 7.5 HIGH | N/A |
| The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||||
| CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2008-09-10 | 4.6 MEDIUM | N/A |
| The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | |||||
| CVE-2002-0029 | 2 Astaro, Isc | 2 Security Linux, Bind | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | |||||
| CVE-2002-0384 | 1 Rob Flynn | 1 Gaim | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-0400 | 1 Isc | 1 Bind | 2008-09-10 | 5.0 MEDIUM | N/A |
| ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. | |||||
| CVE-2002-0009 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | |||||
| CVE-2002-0376 | 1 Apple | 1 Quicktime | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. | |||||
| CVE-2002-0144 | 1 Scott Parish | 1 Chuid | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. | |||||
| CVE-2002-0066 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.5 HIGH | N/A |
| Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. | |||||
| CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | |||||
| CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2008-09-10 | 7.5 HIGH | N/A |
| Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. | |||||
| CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). | |||||
| CVE-2001-1341 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. | |||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. | |||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||||
| CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2008-09-10 | 5.0 MEDIUM | N/A |
| More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2008-09-10 | 4.6 MEDIUM | N/A |
| cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
| CVE-2001-1501 | 1 Proftpd Project | 1 Proftpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument. | |||||
| CVE-2001-1293 | 1 3com | 1 3cr29223 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. | |||||
| CVE-2001-1298 | 1 Grant Horwood | 1 Webodex | 2008-09-10 | 5.0 MEDIUM | N/A |
| Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||