|
362801
|
2.1 |
LOW
|
sgi
|
irix
|
SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2002-1786
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362802
|
4.6 |
MEDIUM
|
sgi
|
irix
|
Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2002-1787
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362803
|
7.5 |
HIGH
|
kim_storm
|
nn
|
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
|
NVD-CWE-Other
|
CVE-2002-1788
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362804
|
7.2 |
HIGH
|
newsx
|
newsx
|
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
|
NVD-CWE-Other
|
CVE-2002-1789
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362805
|
2.1 |
LOW
|
sgi
|
irix
|
SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files.
|
NVD-CWE-Other
|
CVE-2002-1791
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362806
|
5.0 |
MEDIUM
|
hp
|
virtualvault vvos
|
HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers t…
|
NVD-CWE-Other
|
CVE-2002-1793
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362807
|
4.3 |
MEDIUM
|
microsoft
|
tsac_activex_control
|
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknow…
|
NVD-CWE-Other
|
CVE-2002-1795
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362808
|
4.6 |
MEDIUM
|
hp
|
chaivm
|
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hos…
|
NVD-CWE-Other
|
CVE-2002-1797
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362809
|
4.3 |
MEDIUM
|
phprank
|
phprank
|
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
|
NVD-CWE-Other
|
CVE-2002-1799
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362810
|
5.0 |
MEDIUM
|
bizdesign
|
imagefolio
|
ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.
|
NVD-CWE-Other
|
CVE-2002-1801
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362811
|
4.3 |
MEDIUM
|
xoops
|
xoops
|
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
|
NVD-CWE-Other
|
CVE-2002-1802
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362812
|
4.3 |
MEDIUM
|
francisco_burzi
|
php-nuke
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1803
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362813
|
4.3 |
MEDIUM
|
npds
|
npds
|
Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1804
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362814
|
4.3 |
MEDIUM
|
dacode
|
dacode
|
Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1805
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362815
|
4.3 |
MEDIUM
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1806
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362816
|
4.3 |
MEDIUM
|
phpwebsite
|
phpwebsite
|
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1807
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362817
|
4.3 |
MEDIUM
|
zack_coburn
|
meunity_community_system
|
Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic.
|
NVD-CWE-Other
|
CVE-2002-1808
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362818
|
5.0 |
MEDIUM
|
belkin
|
f5d6130_wnap
|
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
|
NVD-CWE-Other
|
CVE-2002-1811
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362819
|
7.2 |
HIGH
|
gdam
|
gdam
|
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
|
NVD-CWE-Other
|
CVE-2002-1812
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362820
|
2.6 |
LOW
|
aol
|
instant_messenger
|
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.
|
NVD-CWE-Other
|
CVE-2002-1813
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362821
|
4.6 |
MEDIUM
|
gnome mandrakesoft redhat slackware
|
bonobo mandrake_linux linux slackware_linux
|
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
|
NVD-CWE-Other
|
CVE-2002-1814
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362822
|
5.0 |
MEDIUM
|
aquonics_scripting
|
aquonics_file_manager
|
Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
NVD-CWE-Other
|
CVE-2002-1815
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362823
|
7.5 |
HIGH
|
symantec_veritas
|
cluster_server
|
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack ve…
|
NVD-CWE-Other
|
CVE-2002-1817
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362824
|
5.0 |
MEDIUM
|
ez_systems
|
httpbench
|
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
|
NVD-CWE-Other
|
CVE-2002-1818
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362825
|
6.4 |
MEDIUM
|
tinyhttpd
|
tinyhttpd
|
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
|
NVD-CWE-Other
|
CVE-2002-1819
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362826
|
4.6 |
MEDIUM
|
ultimate_php_board
|
ultimate_php_board
|
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) adm…
|
NVD-CWE-Other
|
CVE-2002-1821
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362827
|
7.5 |
HIGH
|
lonerunner
|
zeroo_http_server
|
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
|
NVD-CWE-Other
|
CVE-2002-1823
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362828
|
6.4 |
MEDIUM
|
wasd
|
wasd_http_server
|
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $nam…
|
NVD-CWE-Other
|
CVE-2002-1825
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362829
|
4.6 |
MEDIUM
|
grsecurity
|
grsecurity_kernel_patch
|
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
|
NVD-CWE-Other
|
CVE-2002-1826
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362830
|
2.1 |
LOW
|
sendmail
|
sendmail
|
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
|
NVD-CWE-Other
|
CVE-2002-1827
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362831
|
5.0 |
MEDIUM
|
savant
|
savant_webserver
|
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
|
NVD-CWE-Other
|
CVE-2002-1828
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362832
|
5.0 |
MEDIUM
|
microsoft
|
msn_messenger
|
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie fiel…
|
NVD-CWE-Other
|
CVE-2002-1831
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362833
|
5.0 |
MEDIUM
|
scaramanga
|
firestorm_ids
|
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options.
|
NVD-CWE-Other
|
CVE-2002-1832
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362834
|
7.5 |
HIGH
|
xerox
|
docutech_6110 docutech_6115
|
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers t…
|
NVD-CWE-Other
|
CVE-2002-1833
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362835
|
6.4 |
MEDIUM
|
xerox
|
docutech_6110 docutech_6115
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the s…
|
NVD-CWE-Other
|
CVE-2002-1834
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362836
|
7.5 |
HIGH
|
xerox
|
docutech_6110 docutech_6115
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to…
|
NVD-CWE-Other
|
CVE-2002-1835
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362837
|
5.0 |
MEDIUM
|
xerox
|
docutech_6110 docutech_6115
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
|
NVD-CWE-Other
|
CVE-2002-1836
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362838
|
5.0 |
MEDIUM
|
ids
|
ids
|
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album paramete…
|
NVD-CWE-Other
|
CVE-2002-1837
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362839
|
5.0 |
MEDIUM
|
steve_sachs
|
charities.cron
|
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
|
NVD-CWE-Other
|
CVE-2002-1838
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362840
|
5.0 |
MEDIUM
|
trend_micro
|
interscan_viruswall_for_windows_nt
|
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attacker…
|
NVD-CWE-Other
|
CVE-2002-1839
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362841
|
10.0 |
HIGH
|
irssi
|
irssi
|
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
|
NVD-CWE-Other
|
CVE-2002-1840
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362842
|
7.5 |
HIGH
|
perlbot
|
perlbot
|
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
|
NVD-CWE-Other
|
CVE-2002-1842
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362843
|
7.5 |
HIGH
|
perlbot
|
perlbot
|
Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
|
NVD-CWE-Other
|
CVE-2002-1843
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362844
|
4.3 |
MEDIUM
|
yabb
|
yabb
|
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) para…
|
NVD-CWE-Other
|
CVE-2002-1845
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362845
|
5.0 |
MEDIUM
|
yabb
|
yabb
|
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by steal…
|
NVD-CWE-Other
|
CVE-2002-1846
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362846
|
2.1 |
LOW
|
tightvnc
|
tightvnc
|
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
|
NVD-CWE-Other
|
CVE-2002-1848
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362847
|
5.0 |
MEDIUM
|
parachat
|
parachat_server
|
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back bu…
|
NVD-CWE-Other
|
CVE-2002-1849
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362848
|
7.5 |
HIGH
|
ipswitch
|
ws_ftp_pro
|
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2002-1851
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362849
|
4.3 |
MEDIUM
|
carlos_sanchez_valle
|
mynewsgroups
|
Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handle…
|
NVD-CWE-Other
|
CVE-2002-1853
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362850
|
10.0 |
HIGH
|
rlaj
|
rlaj_whois
|
Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.
|
NVD-CWE-Other
|
CVE-2002-1854
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|