|
313951
|
7.5 |
HIGH
|
oracle
|
application_server
|
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
|
CWE-255
証明書・パスワード管理
|
CVE-2002-2345
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313952
|
5.0 |
MEDIUM
|
phpbb
|
phpbb
|
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
|
CWE-200
情報漏えい
|
CVE-2002-2346
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313953
|
4.3 |
MEDIUM
|
oracle
|
application_server
|
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2002-2347
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313954
|
4.3 |
MEDIUM
|
authoria
|
authoria
|
Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2002-2348
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313955
|
5.0 |
MEDIUM
|
phpbb
|
phpbbmod
|
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
|
CWE-200
情報漏えい
|
CVE-2002-2349
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313956
|
4.3 |
MEDIUM
|
phpoutsourcing
|
zorum
|
Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2002-2350
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313957
|
6.4 |
MEDIUM
|
qualcomm
|
eudora
|
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
|
CWE-22
パス・トラバーサル
|
CVE-2002-2351
|
2008-09-6 05:32 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313958
|
7.5 |
HIGH
|
aol
|
instant_messenger
|
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restric…
|
NVD-CWE-Other
|
CVE-2002-1591
|
2008-09-6 05:31 |
2002-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313959
|
10.0 |
HIGH
|
ibm
|
aix
|
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2002-1621
|
2008-09-6 05:31 |
2002-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313960
|
7.5 |
HIGH
|
oracle
|
application_server
|
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
|
NVD-CWE-Other
|
CVE-2002-1631
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313961
|
10.0 |
HIGH
|
oracle
|
application_server_web_cache
|
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-Other
|
CVE-2002-1641
|
2008-09-6 05:31 |
2002-05-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313962
|
10.0 |
HIGH
|
ibm
|
aix
|
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
|
NVD-CWE-Other
|
CVE-2002-1686
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313963
|
2.1 |
LOW
|
ibm
|
aix
|
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
|
NVD-CWE-Other
|
CVE-2002-1687
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313964
|
10.0 |
HIGH
|
ibm
|
aix
|
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possi…
|
NVD-CWE-Other
|
CVE-2002-1689
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313965
|
10.0 |
HIGH
|
ibm
|
aix
|
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
|
NVD-CWE-Other
|
CVE-2002-1690
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313966
|
5.0 |
MEDIUM
|
phprojekt
|
phprojekt
|
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
|
NVD-CWE-Other
|
CVE-2002-1761
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313967
|
7.5 |
HIGH
|
symantec
|
norton_personal_firewall
|
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
|
NVD-CWE-Other
|
CVE-2002-1779
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313968
|
5.0 |
MEDIUM
|
hp
|
tru64
|
Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2002-1784
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313969
|
1.9 |
LOW
|
zeus_technologies
|
zeus_web_server
|
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section pa…
|
NVD-CWE-Other
|
CVE-2002-1785
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313970
|
2.1 |
LOW
|
sgi
|
irix
|
SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2002-1786
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313971
|
4.6 |
MEDIUM
|
sgi
|
irix
|
Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2002-1787
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313972
|
7.5 |
HIGH
|
kim_storm
|
nn
|
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
|
NVD-CWE-Other
|
CVE-2002-1788
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313973
|
7.2 |
HIGH
|
newsx
|
newsx
|
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
|
NVD-CWE-Other
|
CVE-2002-1789
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313974
|
2.1 |
LOW
|
sgi
|
irix
|
SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files.
|
NVD-CWE-Other
|
CVE-2002-1791
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313975
|
5.0 |
MEDIUM
|
hp
|
virtualvault
vvos
|
HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers t…
|
NVD-CWE-Other
|
CVE-2002-1793
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313976
|
4.3 |
MEDIUM
|
microsoft
|
tsac_activex_control
|
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknow…
|
NVD-CWE-Other
|
CVE-2002-1795
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313977
|
4.6 |
MEDIUM
|
hp
|
chaivm
|
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hos…
|
NVD-CWE-Other
|
CVE-2002-1797
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313978
|
4.3 |
MEDIUM
|
phprank
|
phprank
|
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
|
NVD-CWE-Other
|
CVE-2002-1799
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313979
|
5.0 |
MEDIUM
|
bizdesign
|
imagefolio
|
ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.
|
NVD-CWE-Other
|
CVE-2002-1801
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313980
|
4.3 |
MEDIUM
|
xoops
|
xoops
|
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
|
NVD-CWE-Other
|
CVE-2002-1802
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313981
|
4.3 |
MEDIUM
|
francisco_burzi
|
php-nuke
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1803
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313982
|
4.3 |
MEDIUM
|
npds
|
npds
|
Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1804
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313983
|
4.3 |
MEDIUM
|
dacode
|
dacode
|
Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1805
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313984
|
4.3 |
MEDIUM
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1806
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313985
|
4.3 |
MEDIUM
|
phpwebsite
|
phpwebsite
|
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
NVD-CWE-Other
|
CVE-2002-1807
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313986
|
4.3 |
MEDIUM
|
zack_coburn
|
meunity_community_system
|
Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic.
|
NVD-CWE-Other
|
CVE-2002-1808
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313987
|
5.0 |
MEDIUM
|
belkin
|
f5d6130_wnap
|
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
|
NVD-CWE-Other
|
CVE-2002-1811
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313988
|
7.2 |
HIGH
|
gdam
|
gdam
|
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
|
NVD-CWE-Other
|
CVE-2002-1812
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313989
|
2.6 |
LOW
|
aol
|
instant_messenger
|
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.
|
NVD-CWE-Other
|
CVE-2002-1813
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313990
|
4.6 |
MEDIUM
|
gnome
mandrakesoft
redhat
slackware
|
bonobo
mandrake_linux
linux
slackware_linux
|
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
|
NVD-CWE-Other
|
CVE-2002-1814
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313991
|
5.0 |
MEDIUM
|
aquonics_scripting
|
aquonics_file_manager
|
Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
NVD-CWE-Other
|
CVE-2002-1815
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313992
|
7.5 |
HIGH
|
symantec_veritas
|
cluster_server
|
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack ve…
|
NVD-CWE-Other
|
CVE-2002-1817
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313993
|
5.0 |
MEDIUM
|
ez_systems
|
httpbench
|
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
|
NVD-CWE-Other
|
CVE-2002-1818
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313994
|
6.4 |
MEDIUM
|
tinyhttpd
|
tinyhttpd
|
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
|
NVD-CWE-Other
|
CVE-2002-1819
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313995
|
4.6 |
MEDIUM
|
ultimate_php_board
|
ultimate_php_board
|
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) adm…
|
NVD-CWE-Other
|
CVE-2002-1821
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313996
|
7.5 |
HIGH
|
lonerunner
|
zeroo_http_server
|
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
|
NVD-CWE-Other
|
CVE-2002-1823
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313997
|
6.4 |
MEDIUM
|
wasd
|
wasd_http_server
|
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $nam…
|
NVD-CWE-Other
|
CVE-2002-1825
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313998
|
4.6 |
MEDIUM
|
grsecurity
|
grsecurity_kernel_patch
|
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
|
NVD-CWE-Other
|
CVE-2002-1826
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313999
|
2.1 |
LOW
|
sendmail
|
sendmail
|
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
|
NVD-CWE-Other
|
CVE-2002-1827
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314000
|
5.0 |
MEDIUM
|
savant
|
savant_webserver
|
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
|
NVD-CWE-Other
|
CVE-2002-1828
|
2008-09-6 05:31 |
2002-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
