Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0705 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-17 | 7.5 HIGH | N/A |
| The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords. | |||||
| CVE-2002-0706 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-17 | 7.5 HIGH | N/A |
| UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function. | |||||
| CVE-2002-0707 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow. | |||||
| CVE-2002-0708 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences. | |||||
| CVE-2002-0709 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs. | |||||
| CVE-2002-0710 | 1 Rod Clark | 1 Sendform.cgi | 2016-10-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. | |||||
| CVE-2002-0711 | 1 Hp | 1 Trucluster Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. | |||||
| CVE-2002-0713 | 1 Squid | 1 Squid | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated. | |||||
| CVE-2002-0714 | 1 Squid | 1 Squid | 2016-10-17 | 7.5 HIGH | N/A |
| FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. | |||||
| CVE-2002-0715 | 1 Squid | 1 Squid | 2016-10-17 | 5.0 MEDIUM | N/A |
| Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. | |||||
| CVE-2002-0716 | 1 Sco | 1 Openserver | 2016-10-17 | 7.2 HIGH | N/A |
| Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument. | |||||
| CVE-2002-0717 | 1 Php | 1 Php | 2016-10-17 | 7.5 HIGH | N/A |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. | |||||
| CVE-2002-0729 | 1 Microsoft | 1 Sql Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. | |||||
| CVE-2002-0735 | 2 C-note, Padl Software | 3 Squid Auth Ldap, Nss Ldap, Pam Ldap | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | |||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2016-10-17 | 7.5 HIGH | N/A |
| The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
| CVE-2002-0401 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 7.5 HIGH | N/A |
| SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. | |||||
| CVE-2002-0402 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. | |||||
| CVE-2002-0403 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 5.0 MEDIUM | N/A |
| DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | |||||
| CVE-2002-0404 | 1 Ethereal Group | 1 Ethereal | 2016-10-17 | 5.0 MEDIUM | N/A |
| Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2016-10-17 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||