Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1646 | 1 Ssh | 1 Secure Shell For Servers | 2017-07-10 | 7.5 HIGH | N/A |
| SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server. | |||||
| CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | |||||
| CVE-2002-1649 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. | |||||
| CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 7.5 HIGH | N/A |
| The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | |||||
| CVE-2002-1651 | 1 Verity | 1 Search97 | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. | |||||
| CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | |||||
| CVE-2002-1653 | 1 Farm9 | 1 Cryptcat | 2017-07-10 | 5.0 MEDIUM | N/A |
| Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information. | |||||
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-10 | 7.5 HIGH | N/A |
| iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2017-07-10 | 7.5 HIGH | N/A |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | |||||
| CVE-2002-1657 | 1 Postgresql | 1 Postgresql | 2017-07-10 | 5.0 MEDIUM | N/A |
| PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2017-07-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2017-07-10 | 10.0 HIGH | N/A |
| user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. | |||||
| CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 7.5 HIGH | N/A |
| calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | |||||
| CVE-2002-1661 | 1 Leafnode | 1 Leafnode | 2017-07-10 | 5.0 MEDIUM | N/A |
| The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group. | |||||
| CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||||
| CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | |||||
| CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | |||||
| CVE-2002-1668 | 1 Hp | 3 Hp-ux, Hp-ux Series 700, Hp-ux Series 800 | 2017-07-10 | 2.1 LOW | N/A |
| HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file. | |||||
| CVE-2002-1669 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | |||||