Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2344 | 1 Ensim | 1 Webppliance | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. | |||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | |||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2008-09-05 | 7.5 HIGH | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | |||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2008-09-05 | 4.0 MEDIUM | N/A |
| KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. | |||||
| CVE-2002-2080 | 1 Floosietek | 1 Ftgatepro | 2008-09-05 | 5.0 MEDIUM | N/A |
| Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session. | |||||
| CVE-2002-1989 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp. | |||||
| CVE-2002-2329 | 1 Mirabilis | 1 Icq | 2008-09-05 | 7.8 HIGH | N/A |
| ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | |||||
| CVE-2002-2350 | 1 Phpoutsourcing | 1 Zorum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. | |||||
| CVE-2002-2174 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections. | |||||
| CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2008-09-05 | 5.0 MEDIUM | N/A |
| SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | |||||
| CVE-2002-2145 | 1 Savant | 1 Savant Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename. | |||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. | |||||
| CVE-2002-2322 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2008-09-05 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | |||||
| CVE-2002-2130 | 1 Gallery Project | 1 Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-2204 | 1 Redhat | 1 Redhat Package Manager | 2008-09-05 | 7.5 HIGH | N/A |
| The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. | |||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2002-2150 | 1 Juniper | 1 Netscreen Screenos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. | |||||
| CVE-2002-2107 | 1 Veridis | 1 Openkeyserver | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2008-09-05 | 10.0 HIGH | N/A |
| The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | |||||
| CVE-2002-2348 | 1 Authoria | 1 Authoria | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||