Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 7.5 HIGH | N/A |
| getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | |||||
| CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | |||||
| CVE-2002-0737 | 1 Sambar | 1 Sambar Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. | |||||
| CVE-2002-0739 | 1 Postnuke Software Foundation | 1 Postcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. | |||||
| CVE-2002-0494 | 1 Websight Directory System | 1 Websight Directory System | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. | |||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2008-09-05 | 7.5 HIGH | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||||
| CVE-2002-0610 | 1 Hp | 1 Mpe Ix | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges. | |||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | |||||
| CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2008-09-05 | 7.6 HIGH | N/A |
| Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | |||||
| CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. | |||||
| CVE-2002-0548 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php. | |||||
| CVE-2002-0637 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 7.5 HIGH | N/A |
| InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express. | |||||
| CVE-2002-0791 | 1 Novell | 1 Netware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. | |||||
| CVE-2002-0540 | 1 Nortel | 1 Cvx 1800 Multi-service Access Switch | 2008-09-05 | 7.5 HIGH | N/A |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. | |||||
| CVE-2002-0669 | 1 Pingtel | 1 Xpressa | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. | |||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
| CVE-2002-0753 | 1 Talentsoft | 1 Web\+ Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. | |||||
| CVE-2002-0738 | 1 Mhonarc | 1 Mhonarc | 2008-09-05 | 7.5 HIGH | N/A |
| MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. | |||||
| CVE-2002-0498 | 1 Etnus | 1 Totalview | 2008-09-05 | 4.6 MEDIUM | N/A |
| Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users. | |||||