Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1814 | 4 Gnome, Mandrakesoft, Redhat and 1 more | 4 Bonobo, Mandrake Linux, Linux and 1 more | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1878 | 1 W-agora | 1 W-agora | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. | |||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2008-09-05 | 2.1 LOW | N/A |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. | |||||
| CVE-2002-1807 | 1 Phpwebsite | 1 Phpwebsite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
| CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2008-09-05 | 2.1 LOW | N/A |
| CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
| CVE-2002-1530 | 1 Surfcontrol | 1 Superscout Email Filter | 2008-09-05 | 5.0 MEDIUM | N/A |
| The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. | |||||
| CVE-2002-1527 | 1 Emumail | 1 Emu Webmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. | |||||
| CVE-2002-1541 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 7.5 HIGH | N/A |
| BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). | |||||
| CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. | |||||
| CVE-2002-1495 | 1 Rudi Benkovic | 1 Jawmail | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver. | |||||
| CVE-2002-1438 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. | |||||
| CVE-2002-1423 | 1 Ilia Alshanetsky | 1 Fudforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | |||||
| CVE-2002-1533 | 1 Jetty | 1 Jetty | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). | |||||
| CVE-2002-1462 | 1 Organicphp | 1 Php-affiliate | 2008-09-05 | 5.0 MEDIUM | N/A |
| details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields. | |||||
| CVE-2002-1513 | 1 Compaq | 1 Tcp-ip Services | 2008-09-05 | 4.6 MEDIUM | N/A |
| The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. | |||||
| CVE-2002-1471 | 1 Ximian | 1 Evolution | 2008-09-05 | 5.0 MEDIUM | N/A |
| The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. | |||||
| CVE-2002-1487 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. | |||||
| CVE-2002-1446 | 1 Ncipher | 1 Pkcs 11 Library | 2008-09-05 | 5.0 MEDIUM | N/A |
| The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. | |||||
| CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2008-09-05 | 7.5 HIGH | N/A |
| An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||