|
362551
|
10.0 |
HIGH
|
symantec
|
sygate_personal_firewall
|
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
|
CWE-287
Improper Authentication
|
CVE-2002-2397
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362552
|
5.0 |
MEDIUM
|
app
|
apboard
|
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.
|
NVD-CWE-Other
|
CVE-2002-2398
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362553
|
6.4 |
MEDIUM
|
cascadesoft
|
w3mail
|
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2002-2399
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362554
|
5.0 |
MEDIUM
|
key_focus
|
kf_web_server
|
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequen…
|
CWE-22
Path Traversal
|
CVE-2002-2403
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362555
|
4.9 |
MEDIUM
|
checkpoint
|
firewall-1
|
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2002-2405
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362556
|
5.0 |
MEDIUM
|
perception
|
liteserve
|
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
|
CWE-20
Improper Input Validation
|
CVE-2002-2406
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362557
|
6.9 |
MEDIUM
|
qnx
|
rtos
|
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) ph…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2002-2407
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362558
|
7.5 |
HIGH
|
gordano
|
ntmail
|
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one u…
|
NVD-CWE-Other
|
CVE-2002-2408
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362559
|
3.5 |
LOW
|
qnx
|
neutrino_rtos photon_microgui
|
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name …
|
CWE-200
Information Exposure
|
CVE-2002-2409
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362560
|
5.0 |
MEDIUM
|
open_webmail
|
open_webmail
|
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify v…
|
CWE-200
Information Exposure
|
CVE-2002-2410
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362561
|
2.1 |
LOW
|
nullsoft
|
winamp
|
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
|
CWE-255
Credentials Management
|
CVE-2002-2412
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362562
|
5.0 |
MEDIUM
|
deerfield
|
website_pro
|
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
|
NVD-CWE-Other
|
CVE-2002-2413
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362563
|
6.8 |
MEDIUM
|
alliedtelesyn
|
at-8024 rapier_24
|
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a runni…
|
CWE-20
Improper Input Validation
|
CVE-2002-2415
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362564
|
5.0 |
MEDIUM
|
zeroo
|
http_server
|
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
|
CWE-22
Path Traversal
|
CVE-2002-2416
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362565
|
10.0 |
HIGH
|
acftp
|
acftp
|
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and po…
|
CWE-287
Improper Authentication
|
CVE-2002-2417
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362566
|
4.3 |
MEDIUM
|
acfp_project
|
acfreeproxy
|
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
|
CWE-79
Cross-site Scripting
|
CVE-2002-2418
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362567
|
7.8 |
HIGH
|
dctc_project
|
dctc
|
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.
|
CWE-189
Numeric Errors
|
CVE-2002-2419
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362568
|
7.5 |
HIGH
|
independent_solution
|
simple_site_searcher super_site_searcher
|
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
|
CWE-20
Improper Input Validation
|
CVE-2002-2420
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362569
|
7.8 |
HIGH
|
andrey_cherezov
|
acweb
|
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
|
CWE-20
Improper Input Validation
|
CVE-2002-2421
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362570
|
4.3 |
MEDIUM
|
compaq
|
insight_management_agent
|
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the…
|
CWE-79
Cross-site Scripting
|
CVE-2002-2422
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362571
|
6.4 |
MEDIUM
|
sendmail
|
sendmail
|
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
|
CWE-20
Improper Input Validation
|
CVE-2002-2423
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362572
|
4.3 |
MEDIUM
|
ekilat_llc
|
php\(reactor\)
|
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
|
CWE-79
Cross-site Scripting
|
CVE-2002-2424
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362573
|
10.0 |
HIGH
|
sun
|
solaris_answerbook2
|
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2002-2425
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362574
|
2.1 |
LOW
|
linux
|
linux_kernel
|
ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow a…
|
NVD-CWE-Other
|
CVE-2002-1976
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362575
|
2.1 |
LOW
|
pgp
|
pgp
|
Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.
|
NVD-CWE-Other
|
CVE-2002-1977
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362576
|
5.0 |
MEDIUM
|
microsoft
|
sql_server
|
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify…
|
NVD-CWE-Other
|
CVE-2002-1981
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362577
|
5.0 |
MEDIUM
|
icecast
|
icecast
|
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns diff…
|
NVD-CWE-Other
|
CVE-2002-1982
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362578
|
5.0 |
MEDIUM
|
incognito_software_inc
|
ismtp_gateway
|
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
|
NVD-CWE-Other
|
CVE-2002-1985
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362579
|
5.0 |
MEDIUM
|
perception
|
liteserve
|
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
|
NVD-CWE-Other
|
CVE-2002-1986
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362580
|
5.0 |
MEDIUM
|
caucho_technology
|
resin
|
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).
|
NVD-CWE-Other
|
CVE-2002-1987
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362581
|
5.0 |
MEDIUM
|
caucho_technology
|
resin
|
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
|
NVD-CWE-Other
|
CVE-2002-1988
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362582
|
5.0 |
MEDIUM
|
caucho_technology
|
resin
|
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension suc…
|
NVD-CWE-Other
|
CVE-2002-1989
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362583
|
5.0 |
MEDIUM
|
caucho_technology
|
resin
|
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.
|
NVD-CWE-Other
|
CVE-2002-1990
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362584
|
5.0 |
MEDIUM
|
macromedia
|
coldfusion coldfusion_professional
|
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
|
NVD-CWE-Other
|
CVE-2002-1992
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362585
|
10.0 |
HIGH
|
affordable_web_space_design
|
affordable_web_space_design_webbbs
|
webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
|
NVD-CWE-Other
|
CVE-2002-1993
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362586
|
5.0 |
MEDIUM
|
gamecheats
|
advanced_web_server_professional
|
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (C…
|
NVD-CWE-Other
|
CVE-2002-1994
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362587
|
4.3 |
MEDIUM
|
lebios
|
phptonuke.php
|
Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
|
NVD-CWE-Other
|
CVE-2002-1995
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362588
|
2.6 |
LOW
|
postnuke_software_foundation
|
postnuke
|
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter …
|
NVD-CWE-Other
|
CVE-2002-1996
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362589
|
7.5 |
HIGH
|
sco
|
open_unix unixware
|
Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21).
|
NVD-CWE-Other
|
CVE-2002-1998
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362590
|
5.0 |
MEDIUM
|
hp
|
praesidium_webproxy
|
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.
|
NVD-CWE-Other
|
CVE-2002-1999
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362591
|
2.1 |
LOW
|
compaq
|
acms
|
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
|
NVD-CWE-Other
|
CVE-2002-2000
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362592
|
5.0 |
MEDIUM
|
compaq
|
tru64
|
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
|
NVD-CWE-Other
|
CVE-2002-2003
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362593
|
5.0 |
MEDIUM
|
compaq
|
tru64
|
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
|
NVD-CWE-Other
|
CVE-2002-2004
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362594
|
5.0 |
MEDIUM
|
apache
|
tomcat
|
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for…
|
NVD-CWE-Other
|
CVE-2002-2007
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362595
|
4.3 |
MEDIUM
|
htdig
|
htdig
|
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
|
NVD-CWE-Other
|
CVE-2002-2010
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362596
|
4.3 |
MEDIUM
|
jon_howell
|
faq-o-matic
|
Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
NVD-CWE-Other
|
CVE-2002-2011
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362597
|
5.0 |
MEDIUM
|
apache
|
http_server
|
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
|
NVD-CWE-Other
|
CVE-2002-2012
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362598
|
5.0 |
MEDIUM
|
mozilla netscape
|
mozilla communicator navigator
|
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
|
NVD-CWE-Other
|
CVE-2002-2013
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362599
|
5.0 |
MEDIUM
|
ibm
|
lotus_domino
|
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easi…
|
NVD-CWE-Other
|
CVE-2002-2014
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362600
|
7.5 |
HIGH
|
postnuke_software_foundation
|
postnuke
|
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
|
NVD-CWE-Other
|
CVE-2002-2015
|
2008-09-6 05:32 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|