Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0874 | 1 Redhat | 1 Interchange | 2008-09-10 | 5.0 MEDIUM | N/A |
Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||||
CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2008-09-10 | 5.1 MEDIUM | N/A |
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | |||||
CVE-2002-0924 | 1 Cgiscript.net | 1 Csnews | 2008-09-10 | 7.5 HIGH | N/A |
CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. | |||||
CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2008-09-10 | 4.6 MEDIUM | N/A |
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2008-09-10 | 7.5 HIGH | N/A |
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. | |||||
CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2008-09-10 | 5.0 MEDIUM | N/A |
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. | |||||
CVE-2002-0984 | 1 Light | 1 Light | 2008-09-10 | 7.5 HIGH | N/A |
The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | |||||
CVE-2002-0987 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 7.2 HIGH | N/A |
X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | |||||
CVE-2002-0988 | 1 Caldera | 2 Openunix, Unixware | 2008-09-10 | 10.0 HIGH | N/A |
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. | |||||
CVE-2002-1122 | 1 Iss | 1 Internet Scanner | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. | |||||
CVE-2002-1128 | 1 Digital | 2 Osf 1, Ultrix | 2008-09-10 | 7.2 HIGH | N/A |
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. | |||||
CVE-2002-1146 | 1 Gnu | 1 Glibc | 2008-09-10 | 5.0 MEDIUM | N/A |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | |||||
CVE-2002-1161 | 2008-09-10 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1380. Reason: This candidate is a reservation duplicate of CVE-2002-1380. Notes: none. | |||||
CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
CVE-2002-0430 | 1 Sun | 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 | 2008-09-10 | 3.7 LOW | N/A |
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. |