Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0477 | 1 Macromedia | 1 Flash Player | 2016-10-17 | 7.5 HIGH | N/A |
| Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. | |||||
| CVE-2002-0484 | 1 Php | 1 Php | 2016-10-17 | 5.0 MEDIUM | N/A |
| move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | |||||
| CVE-2002-0456 | 1 Qualcomm | 1 Eudora | 2016-10-17 | 5.0 MEDIUM | N/A |
| Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||||
| CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2016-10-17 | 5.0 MEDIUM | N/A |
| Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | |||||
| CVE-2002-0489 | 1 Linux Directory Penguin | 1 Nslookup | 2016-10-17 | 10.0 HIGH | N/A |
| Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters. | |||||
| CVE-2002-0542 | 1 Openbsd | 1 Openbsd | 2016-10-17 | 7.2 HIGH | N/A |
| mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. | |||||
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2016-10-17 | 10.0 HIGH | N/A |
| ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | |||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2016-10-17 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
| CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 7.5 HIGH | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 5.0 MEDIUM | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
| CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2016-10-17 | 2.1 LOW | N/A |
| Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||
| CVE-2002-0569 | 1 Oracle | 1 Application Server | 2016-10-17 | 7.5 HIGH | N/A |
| Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). | |||||
| CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 7.5 HIGH | N/A |
| The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||||
| CVE-2002-0575 | 1 Openbsd | 1 Openssh | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. | |||||
| CVE-2002-0401 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 7.5 HIGH | N/A |
| SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. | |||||
| CVE-2002-0603 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2016-10-17 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500. | |||||
| CVE-2002-0605 | 1 Macromedia | 1 Flash Player | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. | |||||
| CVE-2002-0402 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. | |||||
| CVE-2002-0604 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2016-10-17 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options. | |||||