Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0953 | 1 Php Address | 1 Php Address | 2008-09-05 | 7.5 HIGH | N/A |
| globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter. | |||||
| CVE-2002-1021 | 1 Working Resources Inc. | 1 Badblue | 2008-09-05 | 5.0 MEDIUM | N/A |
| BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. | |||||
| CVE-2002-1067 | 1 Seh | 1 Ic9 Pocket Print Server Firmware | 2008-09-05 | 5.0 MEDIUM | N/A |
| Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow. | |||||
| CVE-2002-0870 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2008-09-05 | 7.5 HIGH | N/A |
| The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. | |||||
| CVE-2002-0918 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 5.0 MEDIUM | N/A |
| CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error. | |||||
| CVE-2002-0959 | 1 Splatt | 1 Splatt Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. | |||||
| CVE-2002-0917 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. | |||||
| CVE-2002-1029 | 1 Worldspan | 1 Res Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. | |||||
| CVE-2002-1028 | 1 Oddsock | 1 Song Requester | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments. | |||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | |||||
| CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | |||||
| CVE-2002-0919 | 1 Cgiscript.net | 1 Cspassword | 2008-09-05 | 7.5 HIGH | N/A |
| CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page. | |||||
| CVE-2002-0966 | 1 Aci | 1 4d Webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. | |||||
| CVE-2002-0960 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users. | |||||
| CVE-2002-0962 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php. | |||||
| CVE-2002-0961 | 1 Voxel | 1 Cbms | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack. | |||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | |||||
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. | |||||
| CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. | |||||