Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1335 | 1 W3m | 1 W3m | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. | |||||
| CVE-2002-1338 | 1 Microsoft | 1 Office Web Components | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. | |||||
| CVE-2002-1341 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. | |||||
| CVE-2002-1347 | 1 Cyrus | 1 Sasl | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | |||||
| CVE-2002-1351 | 1 Melange | 1 Melange Chat System | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request. | |||||
| CVE-2002-1353 | 1 Intranet-server | 1 Localweb2000 | 2017-07-10 | 5.0 MEDIUM | N/A |
| LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst. | |||||
| CVE-2002-1354 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command. | |||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-10 | 7.5 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
| CVE-2002-1378 | 1 Openldap | 1 Openldap | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. | |||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2017-07-10 | 7.5 HIGH | N/A |
| Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | |||||
| CVE-2002-1456 | 1 Khaled Mardam-bey | 1 Mirc | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value. | |||||
| CVE-2002-1565 | 1 Immunix | 1 Immunix | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL. | |||||
| CVE-2002-1566 | 1 Netris | 1 Netris | 2017-07-10 | 5.0 MEDIUM | N/A |
| netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284. | |||||
| CVE-2002-1569 | 2 Ghostview, Gv | 2 Ghostview, Gv | 2017-07-10 | 7.5 HIGH | N/A |
| gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file. | |||||
| CVE-2002-1570 | 1 Ucd-snmp | 1 Ucd-snmp | 2017-07-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. | |||||
| CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2017-07-10 | 5.0 MEDIUM | N/A |
| cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | |||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2017-07-10 | 7.2 HIGH | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | |||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2017-07-10 | 7.5 HIGH | N/A |
| SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | |||||
| CVE-2002-1578 | 1 Sap | 1 Sap R 3 | 2017-07-10 | 7.5 HIGH | N/A |
| The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected. | |||||
| CVE-2002-1579 | 1 Sap | 1 Sapgui | 2017-07-10 | 5.0 MEDIUM | N/A |
| SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | |||||