|
362851
|
5.0 |
MEDIUM
|
macromedia
|
jrun
|
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a requ…
|
NVD-CWE-Other
|
CVE-2002-1855
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362852
|
5.0 |
MEDIUM
|
hp
|
application_server
|
HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to…
|
NVD-CWE-Other
|
CVE-2002-1856
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362853
|
5.0 |
MEDIUM
|
jo
|
jo_webserver
|
jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the …
|
NVD-CWE-Other
|
CVE-2002-1857
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362854
|
5.0 |
MEDIUM
|
oracle
|
application_server
|
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files an…
|
NVD-CWE-Other
|
CVE-2002-1858
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362855
|
5.0 |
MEDIUM
|
pramati
|
pramati_server
|
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WE…
|
NVD-CWE-Other
|
CVE-2002-1860
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362856
|
5.0 |
MEDIUM
|
sybase
|
easerver
|
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, v…
|
NVD-CWE-Other
|
CVE-2002-1861
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362857
|
5.0 |
MEDIUM
|
virtualzone
|
smartmail_server
|
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.
|
NVD-CWE-Other
|
CVE-2002-1862
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362858
|
4.6 |
MEDIUM
|
iomega
|
network_attached_storage
|
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to …
|
NVD-CWE-Other
|
CVE-2002-1863
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362859
|
5.0 |
MEDIUM
|
sws
|
sws_simple_web_server
|
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
|
NVD-CWE-Other
|
CVE-2002-1864
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362860
|
5.0 |
MEDIUM
|
d-link linksys
|
di-804 dl-704 befw11s4 wap11
|
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.4…
|
NVD-CWE-Other
|
CVE-2002-1865
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362861
|
5.0 |
MEDIUM
|
sws
|
sws_simple_web_server
|
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via mu…
|
NVD-CWE-Other
|
CVE-2002-1866
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362862
|
10.0 |
HIGH
|
daniel_stenberg
|
dispair
|
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
|
NVD-CWE-Other
|
CVE-2002-1868
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362863
|
7.5 |
HIGH
|
sws
|
sws_simple_web_server
|
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitializ…
|
NVD-CWE-Other
|
CVE-2002-1870
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362864
|
10.0 |
HIGH
|
astrocam
|
astrocam
|
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected v…
|
CWE-20
Improper Input Validation
|
CVE-2002-1874
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362865
|
4.6 |
MEDIUM
|
mcafee
|
entercept_agent
|
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the en…
|
NVD-CWE-Other
|
CVE-2002-1875
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362866
|
5.0 |
MEDIUM
|
w-agora
|
w-agora
|
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
|
NVD-CWE-Other
|
CVE-2002-1878
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362867
|
7.5 |
HIGH
|
lokwa
|
lokwabb
|
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
|
NVD-CWE-Other
|
CVE-2002-1879
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362868
|
5.0 |
MEDIUM
|
lokwa
|
lokwabb
|
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php.
|
NVD-CWE-Other
|
CVE-2002-1880
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362869
|
5.0 |
MEDIUM
|
macromedia
|
flash_player
|
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by…
|
NVD-CWE-Other
|
CVE-2002-1881
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362870
|
7.5 |
HIGH
|
oracle
|
e-business_suite
|
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2002-1882
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362871
|
6.4 |
MEDIUM
|
trolltech
|
qt_assistant
|
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a…
|
NVD-CWE-Other
|
CVE-2002-1883
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362872
|
7.5 |
HIGH
|
py-membres
|
py-membres
|
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
|
NVD-CWE-Other
|
CVE-2002-1884
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362873
|
7.5 |
HIGH
|
powerphlogger
|
powerphlogger
|
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
|
NVD-CWE-Other
|
CVE-2002-1885
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362874
|
5.0 |
MEDIUM
|
tightauction
|
tightauction
|
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
|
NVD-CWE-Other
|
CVE-2002-1886
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362875
|
7.5 |
HIGH
|
gregory_kokanosky
|
phpmynewsletter
|
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
|
NVD-CWE-Other
|
CVE-2002-1887
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362876
|
2.1 |
LOW
|
commonname
|
commonname_toolbar
|
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain interna…
|
NVD-CWE-Other
|
CVE-2002-1888
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362877
|
5.0 |
MEDIUM
|
logsurfer
|
logsurfer
|
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
|
NVD-CWE-Other
|
CVE-2002-1889
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362878
|
2.1 |
LOW
|
redhat
|
rhmask
|
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.
|
NVD-CWE-Other
|
CVE-2002-1890
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362879
|
7.5 |
HIGH
|
ayman_akt
|
ircit
|
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
|
NVD-CWE-Other
|
CVE-2002-1891
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362880
|
2.1 |
LOW
|
netgear
|
fvs318
|
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2002-1892
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362881
|
4.3 |
MEDIUM
|
argosoft
|
argosoft_mail_server
|
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.
|
NVD-CWE-Other
|
CVE-2002-1893
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362882
|
4.3 |
MEDIUM
|
phpbb_group
|
phpbb
|
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
|
NVD-CWE-Other
|
CVE-2002-1894
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362883
|
7.2 |
HIGH
|
alsaplayer
|
alsaplayer
|
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
|
NVD-CWE-Other
|
CVE-2002-1896
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362884
|
4.3 |
MEDIUM
|
icewarp
|
web_mail
|
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.
|
NVD-CWE-Other
|
CVE-2002-1899
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362885
|
4.3 |
MEDIUM
|
pinboard
|
pinboard
|
Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists.
|
NVD-CWE-Other
|
CVE-2002-1900
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362886
|
4.3 |
MEDIUM
|
bodo_bauer
|
bbgallery
|
Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags.
|
NVD-CWE-Other
|
CVE-2002-1901
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362887
|
5.0 |
MEDIUM
|
markus_triska
|
cgiforum
|
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.
|
NVD-CWE-Other
|
CVE-2002-1902
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362888
|
5.0 |
MEDIUM
|
university_of_washington
|
pine
|
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2002-1903
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362889
|
7.5 |
HIGH
|
gaztek
|
ghttpd
|
Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
NVD-CWE-Other
|
CVE-2002-1904
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362890
|
5.0 |
MEDIUM
|
telcondex
|
simplewebserver
|
TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
|
NVD-CWE-Other
|
CVE-2002-1907
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362891
|
5.0 |
MEDIUM
|
click2learn
|
ingenium_learning_management_system
|
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the admi…
|
NVD-CWE-Other
|
CVE-2002-1909
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362892
|
5.0 |
MEDIUM
|
zonelabs
|
zonealarm
|
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE…
|
NVD-CWE-Other
|
CVE-2002-1911
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362893
|
5.0 |
MEDIUM
|
myphpnuke
|
myphpnuke
|
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
|
NVD-CWE-Other
|
CVE-2002-1913
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362894
|
5.0 |
MEDIUM
|
pirch
|
pirch_irc ruspirch
|
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filena…
|
NVD-CWE-Other
|
CVE-2002-1916
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362895
|
5.0 |
MEDIUM
|
geeklog
|
geeklog
|
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and a…
|
NVD-CWE-Other
|
CVE-2002-1917
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362896
|
5.0 |
MEDIUM
|
datawizard
|
ftpxq
|
Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name.
|
NVD-CWE-Other
|
CVE-2002-1920
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362897
|
4.3 |
MEDIUM
|
jelsoft
|
vbulletin
|
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url vari…
|
NVD-CWE-Other
|
CVE-2002-1922
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362898
|
5.0 |
MEDIUM
|
apc
|
powerchute
|
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
|
NVD-CWE-Other
|
CVE-2002-1924
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362899
|
5.0 |
MEDIUM
|
tiny_software
|
tiny_personal_firewall
|
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Persona…
|
NVD-CWE-Other
|
CVE-2002-1925
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362900
|
5.0 |
MEDIUM
|
aquonics_scripting
|
aquonics_file_manager
|
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
|
NVD-CWE-Other
|
CVE-2002-1926
|
2008-09-6 05:31 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|