Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1961 | 1 Finjan Software | 1 Surfingate | 2008-09-05 | 7.5 HIGH | N/A |
| Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot). | |||||
| CVE-2002-1962 | 1 Finjan Software | 1 Surfingate | 2008-09-05 | 7.5 HIGH | N/A |
| Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname. | |||||
| CVE-2002-1963 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries. | |||||
| CVE-2002-1964 | 1 Wesmo | 1 Phpeventcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2002-1965 | 1 Imatix | 1 Xitami | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. | |||||
| CVE-2002-1966 | 1 My Postcards | 1 My Postcards Platinum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2002-1967 | 1 Mark Hanson | 1 Xircon | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command. | |||||
| CVE-2002-1968 | 1 Com21 | 1 Doxport 1100 | 2008-09-05 | 2.1 LOW | N/A |
| Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server. | |||||
| CVE-2002-1969 | 1 The Magic Notebook | 1 The Magic Notebook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login. | |||||
| CVE-2002-1970 | 1 Snortcenter | 1 Snortcenter | 2008-09-05 | 2.1 LOW | N/A |
| SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers. | |||||
| CVE-2002-1971 | 1 Sourcecraft | 1 Networking Utils | 2008-09-05 | 10.0 HIGH | N/A |
| The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument. | |||||
| CVE-2002-1972 | 1 Sebastian Dehne | 1 Pp Powerswitch | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports. | |||||
| CVE-2002-1974 | 1 Sharp | 1 Zaurus | 2008-09-05 | 10.0 HIGH | N/A |
| The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root. | |||||
| CVE-2002-1975 | 1 Sharp | 1 Zaurus | 2008-09-05 | 2.1 LOW | N/A |
| Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2008-09-05 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
| CVE-2002-1224 | 1 Kde | 1 Kde | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | |||||
| CVE-2002-1227 | 1 Pam | 1 Pam | 2008-09-05 | 7.5 HIGH | N/A |
| PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | |||||
| CVE-2002-1251 | 1 Log2mail | 1 Log2mail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. | |||||
| CVE-2002-1253 | 1 Abuse | 1 Abuse | 2008-09-05 | 7.2 HIGH | N/A |
| Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. | |||||