Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2023 | 1 Yamaguchi | 1 Shingo Beep2 | 2008-09-05 | 2.1 LOW | N/A |
| The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors. | |||||
| CVE-2002-1988 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources. | |||||
| CVE-2002-1989 | 1 Caucho Technology | 1 Resin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp. | |||||
| CVE-2002-2022 | 1 Kaffe | 1 Kaffe Openvm | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute. | |||||
| CVE-2002-2021 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2002-2016 | 1 User-mode Linux | 1 User-mode Linux | 2008-09-05 | 7.2 HIGH | N/A |
| User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code. | |||||
| CVE-2002-2018 | 1 Sas | 2 Base, Integration Technologies | 2008-09-05 | 7.2 HIGH | N/A |
| sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | |||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2002-2027 | 1 Doow | 1 Doow | 2008-09-05 | 7.5 HIGH | N/A |
| Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities. | |||||
| CVE-2002-2015 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter. | |||||
| CVE-2002-2029 | 1 Apache | 1 Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | |||||
| CVE-2002-2063 | 1 Atguard | 1 Atguard Personal Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames. | |||||
| CVE-2002-2064 | 1 Phpwebgallery | 1 Phpwebgallery | 2008-09-05 | 7.5 HIGH | N/A |
| isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. | |||||
| CVE-2002-1976 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap. | |||||
| CVE-2002-1977 | 1 Pgp | 1 Pgp | 2008-09-05 | 2.1 LOW | N/A |
| Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase. | |||||
| CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | |||||
| CVE-2002-1996 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php. | |||||
| CVE-2002-2038 | 1 Bill Abt | 1 Next Generation Posix Threading | 2008-09-05 | 3.6 LOW | N/A |
| Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods. | |||||
| CVE-2002-2037 | 1 Cisco | 5 Bams, Pgw 2200, Sc2200 and 2 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. | |||||
| CVE-2002-2004 | 1 Compaq | 1 Tru64 | 2008-09-05 | 5.0 MEDIUM | N/A |
| portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets. | |||||