Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1315 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). | |||||
| CVE-2002-1316 | 1 Iplanet | 1 Iplanet Web Server | 2016-10-17 | 6.8 MEDIUM | N/A |
| importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). | |||||
| CVE-2002-1320 | 1 University Of Washington | 1 Pine | 2016-10-17 | 5.0 MEDIUM | N/A |
| Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | |||||
| CVE-2002-1135 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-17 | 7.5 HIGH | N/A |
| modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. | |||||
| CVE-2002-1147 | 1 Hp | 1 Procurve Switch 4000m | 2016-10-17 | 7.1 HIGH | N/A |
| The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. | |||||
| CVE-2002-1149 | 1 Invision Power Services | 1 Invision Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. | |||||
| CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2016-10-17 | 4.6 MEDIUM | N/A |
| The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. | |||||
| CVE-2002-1151 | 1 Kde | 2 Kde, Konqueror | 2016-10-17 | 7.5 HIGH | N/A |
| The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. | |||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2016-10-17 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||||
| CVE-2002-1153 | 1 Ibm | 1 Websphere Application Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | |||||
| CVE-2002-1160 | 1 Redhat | 1 Linux | 2016-10-17 | 7.2 HIGH | N/A |
| The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. | |||||
| CVE-2002-1165 | 2 Netbsd, Sendmail | 2 Netbsd, Sendmail | 2016-10-17 | 4.6 MEDIUM | N/A |
| Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. | |||||
| CVE-2002-1166 | 1 John Franks | 1 Wn Server | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2002-1174 | 1 Fetchmail | 1 Fetchmail | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. | |||||
| CVE-2002-1175 | 1 Fetchmail | 1 Fetchmail | 2016-10-17 | 5.0 MEDIUM | N/A |
| The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary. | |||||
| CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. | |||||
| CVE-2002-1177 | 1 Nullsoft | 1 Winamp | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. | |||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. | |||||
| CVE-2002-1191 | 1 Sabre | 1 Desktop Reservation Software | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001. | |||||
| CVE-2002-1195 | 1 Gabriele Bartolini | 1 Ht Check | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. | |||||