Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1280 | 1 Iss | 1 Realsecure Event Collector | 2008-09-10 | 5.0 MEDIUM | N/A |
Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | |||||
CVE-2002-1285 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. | |||||
CVE-2002-1342 | 1 Smb2www | 1 Smb2www | 2008-09-10 | 7.5 HIGH | N/A |
Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands. | |||||
CVE-2002-1352 | 1 Per Magne Knutsen | 1 Cartman | 2008-09-10 | 5.0 MEDIUM | N/A |
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter. | |||||
CVE-2002-1370 | 2008-09-10 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1367. Reason: This CAN was originally assigned for the theft of root certificates in CUPS, but it was later deemed to be a legitimate result of exploiting a different vulnerability, CVE-2002-1367, so it is not a distinct vulnerability. Notes: All CVE users should reference CVE-2002-1367 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1379 | 1 Openldap | 1 Openldap | 2008-09-10 | 7.5 HIGH | N/A |
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. | |||||
CVE-2002-1395 | 1 Debian | 1 Internet Message | 2008-09-10 | 2.1 LOW | N/A |
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
CVE-2002-1404 | 2008-09-10 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1348. Reason: This candidate is a reservation duplicate of CVE-2002-1348. Notes: All CVE users should reference CVE-2002-1348 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1449 | 1 Frederic Tyndiuk | 1 Eupload | 2008-09-10 | 7.5 HIGH | N/A |
eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. | |||||
CVE-2002-1508 | 1 Openldap | 1 Openldap | 2008-09-10 | 1.2 LOW | N/A |
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | |||||
CVE-2002-1509 | 1 Redhat | 1 Linux | 2008-09-10 | 3.6 LOW | N/A |
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | |||||
CVE-2002-1511 | 2 Att, Tightvnc | 2 Vnc, Tightvnc | 2008-09-10 | 5.0 MEDIUM | N/A |
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. | |||||
CVE-2002-1516 | 1 Sgi | 1 Irix | 2008-09-10 | 4.6 MEDIUM | N/A |
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2008-09-10 | 7.2 HIGH | N/A |
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
CVE-2002-0841 | 2008-09-10 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0842. Reason: This candidate is a duplicate of CVE-2002-0842. The duplicate assignment was made before public disclosure. Notes: none. | |||||
CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | |||||
CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2008-09-10 | 5.0 MEDIUM | N/A |
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 7.5 HIGH | N/A |
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. | |||||
CVE-2002-0873 | 1 L2tpd | 1 L2tpd | 2008-09-10 | 5.0 MEDIUM | N/A |
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. |