Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2057 | 1 Teekai | 1 Teekai Forum | 2016-10-17 | 5.0 MEDIUM | N/A |
| TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | |||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2016-10-17 | 5.0 MEDIUM | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | |||||
| CVE-2002-1850 | 1 Apache | 1 Http Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | |||||
| CVE-2002-1867 | 1 Bizdesign | 1 Imagefolio | 2016-10-17 | 7.5 HIGH | N/A |
| The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption). | |||||
| CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | |||||
| CVE-2002-1453 | 1 Mywebserver | 1 Mywebserver | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. | |||||
| CVE-2002-1414 | 1 Inter7 | 1 Qmailadmin | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. | |||||
| CVE-2002-1339 | 1 Microsoft | 1 Office Web Components | 2016-10-17 | 5.0 MEDIUM | N/A |
| The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files. | |||||
| CVE-2002-1386 | 1 Ehud Gavron | 1 Tracesroute | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument. | |||||
| CVE-2002-1393 | 1 Kde | 1 Kde | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. | |||||
| CVE-2002-1399 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 10.0 HIGH | N/A |
| Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). | |||||
| CVE-2002-1400 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | |||||
| CVE-2002-1348 | 1 W3m | 1 W3m | 2016-10-17 | 5.0 MEDIUM | N/A |
| w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. | |||||
| CVE-2002-1387 | 1 Ehud Gavron | 1 Tracesroute | 2016-10-17 | 4.6 MEDIUM | N/A |
| The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. | |||||
| CVE-2002-1398 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." | |||||
| CVE-2002-1383 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2016-10-17 | 10.0 HIGH | N/A |
| Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun. | |||||
| CVE-2002-1402 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1340 | 1 Microsoft | 1 Office Web Components | 2016-10-17 | 5.0 MEDIUM | N/A |
| The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. | |||||
| CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2016-10-17 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||||
| CVE-2002-1244 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. | |||||