Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1901 | 1 Bodo Bauer | 1 Bbgallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. | |||||
| CVE-2002-1854 | 1 Rlaj | 1 Rlaj Whois | 2008-09-05 | 10.0 HIGH | N/A |
| Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field. | |||||
| CVE-2002-1883 | 1 Trolltech | 1 Qt Assistant | 2008-09-05 | 6.4 MEDIUM | N/A |
| Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service. | |||||
| CVE-2002-1856 | 1 Hp | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | |||||
| CVE-2002-1910 | 1 Click2learn | 1 Ingenium Learning Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | |||||
| CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-1814 | 4 Gnome, Mandrakesoft, Redhat and 1 more | 4 Bonobo, Mandrake Linux, Linux and 1 more | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2002-1813 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 2.6 LOW | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link. | |||||
| CVE-2002-1812 | 1 Gdam | 1 Gdam | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter. | |||||
| CVE-2002-1937 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2008-09-05 | 5.0 MEDIUM | N/A |
| Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password. | |||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
| CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2008-09-05 | 5.0 MEDIUM | N/A |
| LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. | |||||
| CVE-2002-1878 | 1 W-agora | 1 W-agora | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. | |||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2008-09-05 | 2.1 LOW | N/A |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1868 | 1 Daniel Stenberg | 1 Dispair | 2008-09-05 | 10.0 HIGH | N/A |
| Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields. | |||||
| CVE-2002-1875 | 1 Mcafee | 1 Entercept Agent | 2008-09-05 | 4.6 MEDIUM | N/A |
| Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. | |||||
| CVE-2002-1950 | 1 Phprank | 1 Phprank | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list. | |||||