Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2008-09-10 | 2.1 LOW | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | |||||
| CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | |||||
| CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
| CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
| CVE-2002-0828 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0862. Reason: This is a duplicate of CVE-2002-0862. Notes: All CVE users should reference CVE-2002-0862 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2002-0834 | 1 Ethereal Group | 1 Ethereal | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
| CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | |||||
| CVE-2002-0009 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | |||||
| CVE-2002-0010 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
| Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. | |||||
| CVE-2002-0011 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
| Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | |||||
| CVE-2002-0029 | 2 Astaro, Isc | 2 Security Linux, Bind | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | |||||
| CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2008-09-10 | 4.6 MEDIUM | N/A |
| The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | |||||
| CVE-2002-0064 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.2 HIGH | N/A |
| Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. | |||||
| CVE-2002-0065 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.2 HIGH | N/A |
| Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. | |||||
| CVE-2002-0066 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2008-09-10 | 7.5 HIGH | N/A |
| Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. | |||||
| CVE-2002-0097 | 1 Geeklog | 1 Geeklog | 2008-09-10 | 7.5 HIGH | N/A |
| Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. | |||||
| CVE-2002-0144 | 1 Scott Parish | 1 Chuid | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. | |||||
| CVE-2002-0192 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This candidate was published with a description that identified a different vulnerability than what was identified in the original authoritative reference. Notes: Consult CVE-2002-0193 or CVE-2002-1564 to find the identifier for the proper issue. | |||||
| CVE-2002-0353 | 1 Ethereal Group | 1 Ethereal | 2008-09-10 | 5.0 MEDIUM | N/A |
| The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. | |||||
| CVE-2002-0376 | 1 Apple | 1 Quicktime | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. | |||||