Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1866 1 Sws 1 Sws Simple Web Server 2008-09-05 5.0 MEDIUM N/A
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist.
CVE-2002-1868 1 Daniel Stenberg 1 Dispair 2008-09-05 10.0 HIGH N/A
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
CVE-2002-1869 1 Heysoft 2 Eventsave, Eventsave\+ 2008-09-05 2.1 LOW N/A
Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
CVE-2002-1870 1 Sws 1 Sws Simple Web Server 2008-09-05 7.5 HIGH N/A
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
CVE-2002-1872 1 Microsoft 1 Sql Server 2008-09-05 5.0 MEDIUM N/A
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2002-1874 1 Astrocam 1 Astrocam 2008-09-05 10.0 HIGH N/A
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
CVE-2002-1875 1 Mcafee 1 Entercept Agent 2008-09-05 4.6 MEDIUM N/A
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
CVE-2002-1878 1 W-agora 1 W-agora 2008-09-05 5.0 MEDIUM N/A
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
CVE-2002-1879 1 Lokwa 1 Lokwabb 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
CVE-2002-1880 1 Lokwa 1 Lokwabb 2008-09-05 5.0 MEDIUM N/A
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php.
CVE-2002-1881 1 Macromedia 1 Flash Player 2008-09-05 5.0 MEDIUM N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-2002-1882 1 Oracle 1 E-business Suite 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
CVE-2002-1883 1 Trolltech 1 Qt Assistant 2008-09-05 6.4 MEDIUM N/A
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
CVE-2002-1884 1 Py-membres 1 Py-membres 2008-09-05 7.5 HIGH N/A
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
CVE-2002-1885 1 Powerphlogger 1 Powerphlogger 2008-09-05 7.5 HIGH N/A
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
CVE-2002-1886 1 Tightauction 1 Tightauction 2008-09-05 5.0 MEDIUM N/A
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
CVE-2002-1887 1 Gregory Kokanosky 1 Phpmynewsletter 2008-09-05 7.5 HIGH N/A
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
CVE-2002-1888 1 Commonname 1 Commonname Toolbar 2008-09-05 2.1 LOW N/A
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
CVE-2002-1889 1 Logsurfer 1 Logsurfer 2008-09-05 5.0 MEDIUM N/A
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
CVE-2002-1890 1 Redhat 1 Rhmask 2008-09-05 2.1 LOW N/A
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.