Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2162 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 4.6 MEDIUM | N/A |
| Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. | |||||
| CVE-2002-2170 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 7.5 HIGH | N/A |
| Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared. | |||||
| CVE-2002-2351 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 6.4 MEDIUM | N/A |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | |||||
| CVE-2002-2209 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors. | |||||
| CVE-2002-2331 | 1 Cascadesoft | 1 W3mail | 2008-09-05 | 5.8 MEDIUM | N/A |
| W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | |||||
| CVE-2002-2020 | 1 Netgear | 1 Rp114 | 2008-09-05 | 7.5 HIGH | N/A |
| Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. | |||||
| CVE-2002-1992 | 1 Macromedia | 2 Coldfusion, Coldfusion Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | |||||
| CVE-2002-2083 | 1 Novell | 1 Netware | 2008-09-05 | 2.1 LOW | N/A |
| The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. | |||||
| CVE-2002-2316 | 1 Cisco | 1 Catos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing. | |||||
| CVE-2002-2134 | 1 Peel | 1 Peel | 2008-09-05 | 5.0 MEDIUM | N/A |
| haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. | |||||
| CVE-2002-2100 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. | |||||
| CVE-2002-2337 | 1 Kaspersky Lab | 1 Kaspersky Anti-hacker | 2008-09-05 | 5.0 MEDIUM | N/A |
| Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. | |||||
| CVE-2002-2220 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 6.2 MEDIUM | N/A |
| Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2002-2205 | 1 Webresolve | 1 Webresolve | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Webresolve 0.1.0 and earlier allows remote attackers to execute arbitrary code by connecting to the server from an IP address that resolves to a long hostname. | |||||
| CVE-2002-2108 | 1 Sony | 1 Vaio Manual Cybersupport | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. | |||||
| CVE-2002-1996 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php. | |||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | |||||
| CVE-2002-2051 | 1 Modlogan | 1 Modlogan | 2008-09-05 | 2.1 LOW | N/A |
| The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file. | |||||
| CVE-2002-1990 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. | |||||
| CVE-2002-2192 | 1 Perception | 1 Liteserve | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders. | |||||