|
363101
|
7.5 |
HIGH
|
novell
|
netware
|
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
|
NVD-CWE-Other
|
CVE-2002-1413
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363102
|
5.0 |
MEDIUM
|
webeasymail
|
webeasymail
|
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in …
|
NVD-CWE-Other
|
CVE-2002-1415
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363103
|
5.0 |
MEDIUM
|
webeasymail
|
webeasymail
|
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct b…
|
NVD-CWE-Other
|
CVE-2002-1416
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363104
|
5.0 |
MEDIUM
|
novell
|
small_business_suite netware
|
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL…
|
NVD-CWE-Other
|
CVE-2002-1417
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363105
|
5.0 |
MEDIUM
|
novell
|
small_business_suite netware
|
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (A…
|
NVD-CWE-Other
|
CVE-2002-1418
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363106
|
7.5 |
HIGH
|
sgi
|
irix
|
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
|
NVD-CWE-Other
|
CVE-2002-1419
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363107
|
7.5 |
HIGH
|
ilia_alshanetsky
|
fudforum
|
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
|
NVD-CWE-Other
|
CVE-2002-1421
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363108
|
5.0 |
MEDIUM
|
ilia_alshanetsky
|
fudforum
|
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
|
NVD-CWE-Other
|
CVE-2002-1422
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363109
|
5.0 |
MEDIUM
|
ilia_alshanetsky
|
fudforum
|
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
|
NVD-CWE-Other
|
CVE-2002-1423
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363110
|
5.0 |
MEDIUM
|
john_g._myers
|
mpack
|
Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2002-1424
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363111
|
6.4 |
MEDIUM
|
john_g._myers
|
mpack
|
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
|
NVD-CWE-Other
|
CVE-2002-1425
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363112
|
7.8 |
HIGH
|
hp
|
procurve_switch_4000m
|
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
|
NVD-CWE-Other
|
CVE-2002-1426
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363113
|
7.5 |
HIGH
|
easy_scripts_archive
|
advanced_easy_homepage_creator easy_homepage_creator
|
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
|
NVD-CWE-Other
|
CVE-2002-1427
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363114
|
10.0 |
HIGH
|
dotproject
|
dotproject
|
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
|
NVD-CWE-Other
|
CVE-2002-1428
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363115
|
5.0 |
MEDIUM
|
synthetic_reality
|
sympoll
|
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.
|
NVD-CWE-Other
|
CVE-2002-1430
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363116
|
7.5 |
HIGH
|
belkin
|
f5d5230-4_4-port_cable_dsl_gateway_router
|
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host…
|
NVD-CWE-Other
|
CVE-2002-1431
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363117
|
5.0 |
MEDIUM
|
kerio
|
kerio_mailserver
|
Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.
|
NVD-CWE-Other
|
CVE-2002-1433
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363118
|
6.8 |
MEDIUM
|
kerio
|
kerio_mailserver
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
|
NVD-CWE-Other
|
CVE-2002-1434
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363119
|
7.5 |
HIGH
|
achievo
|
achievo
|
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config…
|
NVD-CWE-Other
|
CVE-2002-1435
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363120
|
7.5 |
HIGH
|
novell
|
netware
|
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
|
NVD-CWE-Other
|
CVE-2002-1436
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363121
|
5.0 |
MEDIUM
|
novell
|
netware
|
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-enc…
|
NVD-CWE-Other
|
CVE-2002-1437
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363122
|
5.0 |
MEDIUM
|
novell
|
netware
|
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
|
NVD-CWE-Other
|
CVE-2002-1438
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363123
|
4.6 |
MEDIUM
|
hp
|
virtualvault vvos
|
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
|
NVD-CWE-Other
|
CVE-2002-1439
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363124
|
10.0 |
HIGH
|
gateway
|
gs-400
|
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
|
NVD-CWE-Other
|
CVE-2002-1440
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363125
|
7.5 |
HIGH
|
tomahawk_technologies
|
steelarrow
|
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) …
|
NVD-CWE-Other
|
CVE-2002-1441
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363126
|
7.5 |
HIGH
|
google
|
toolbar
|
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a …
|
NVD-CWE-Other
|
CVE-2002-1442
|
2008-09-6 05:30 |
2003-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363127
|
4.3 |
MEDIUM
|
w3c
|
cern_httpd
|
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inser…
|
NVD-CWE-Other
|
CVE-2002-1445
|
2008-09-6 05:30 |
2002-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363128
|
5.0 |
MEDIUM
|
ncipher
|
pkcs_11_library
|
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signatur…
|
NVD-CWE-Other
|
CVE-2002-1446
|
2008-09-6 05:30 |
2002-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363129
|
7.2 |
HIGH
|
cisco
|
vpn_client
|
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
|
NVD-CWE-Other
|
CVE-2002-1447
|
2008-09-6 05:30 |
2002-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363130
|
7.5 |
HIGH
|
avaya
|
cajun_m770-atm cajun_p130 cajun_p330
|
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
|
NVD-CWE-Other
|
CVE-2002-1448
|
2008-09-6 05:30 |
2002-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363131
|
5.0 |
MEDIUM
|
ibm
|
u2_universe
|
IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow.
|
NVD-CWE-Other
|
CVE-2002-1450
|
2008-09-6 05:30 |
2002-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363132
|
5.0 |
MEDIUM
|
desiderata_software
|
blazix
|
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
|
NVD-CWE-Other
|
CVE-2002-1451
|
2008-09-6 05:30 |
2002-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363133
|
4.3 |
MEDIUM
|
omnicron
|
omnihttpd
|
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
|
NVD-CWE-Other
|
CVE-2002-1455
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363134
|
7.5 |
HIGH
|
leszek_krupinski
|
l-forum
|
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
|
NVD-CWE-Other
|
CVE-2002-1457
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363135
|
7.5 |
HIGH
|
leszek_krupinski
|
l-forum
|
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields includin…
|
NVD-CWE-Other
|
CVE-2002-1458
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363136
|
7.5 |
HIGH
|
leszek_krupinski
|
l-forum
|
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields includi…
|
NVD-CWE-Other
|
CVE-2002-1459
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363137
|
5.0 |
MEDIUM
|
leszek_krupinski
|
l-forum
|
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which…
|
NVD-CWE-Other
|
CVE-2002-1460
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363138
|
7.5 |
HIGH
|
webscriptworld
|
web_shop_manager
|
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
|
NVD-CWE-Other
|
CVE-2002-1461
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363139
|
5.0 |
MEDIUM
|
organicphp
|
php-affiliate
|
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
|
NVD-CWE-Other
|
CVE-2002-1462
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363140
|
6.8 |
MEDIUM
|
cafelog
|
b2
|
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
|
NVD-CWE-Other
|
CVE-2002-1464
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363141
|
7.5 |
HIGH
|
cafelog
|
b2
|
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
|
NVD-CWE-Other
|
CVE-2002-1465
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363142
|
10.0 |
HIGH
|
cafelog
|
b2
|
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
|
NVD-CWE-Other
|
CVE-2002-1466
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363143
|
5.0 |
MEDIUM
|
macromedia
|
flash_player shockwave
|
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3)…
|
NVD-CWE-Other
|
CVE-2002-1467
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363144
|
10.0 |
HIGH
|
ibm
|
aix
|
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
|
NVD-CWE-Other
|
CVE-2002-1468
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363145
|
7.5 |
HIGH
|
scponly
|
scponly
|
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs …
|
NVD-CWE-Other
|
CVE-2002-1469
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363146
|
2.1 |
LOW
|
nullsoft
|
shoutcast_server
|
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log…
|
NVD-CWE-Other
|
CVE-2002-1470
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363147
|
5.0 |
MEDIUM
|
ximian
|
evolution
|
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote att…
|
NVD-CWE-Other
|
CVE-2002-1471
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363148
|
7.2 |
HIGH
|
xfree86_project
|
x11r6
|
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that poi…
|
NVD-CWE-Other
|
CVE-2002-1472
|
2008-09-6 05:30 |
2003-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363149
|
4.6 |
MEDIUM
|
hp
|
hp-ux
|
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2002-1473
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363150
|
5.0 |
MEDIUM
|
hp
|
tru64
|
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
|
NVD-CWE-Other
|
CVE-2002-1474
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|