Total
231915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0672 | 1 Pingtel | 1 Xpressa | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. | |||||
| CVE-2002-0687 | 1 Zope | 1 Zope | 2008-09-05 | 5.0 MEDIUM | N/A |
| The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | |||||
| CVE-2002-0453 | 1 Oblix | 1 Netpoint | 2008-09-05 | 7.5 HIGH | N/A |
| The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again. | |||||
| CVE-2002-0522 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 7.5 HIGH | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. | |||||
| CVE-2002-0492 | 1 Dcscripts | 1 Dcshop | 2008-09-05 | 5.0 MEDIUM | N/A |
| dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter. | |||||
| CVE-2002-0772 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. | |||||
| CVE-2002-0637 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 7.5 HIGH | N/A |
| InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express. | |||||
| CVE-2002-0613 | 1 Dnstools Software | 1 Dnstools | 2008-09-05 | 10.0 HIGH | N/A |
| dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. | |||||
| CVE-2002-0673 | 1 Pingtel | 1 Xpressa | 2008-09-05 | 4.6 MEDIUM | N/A |
| The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. | |||||
| CVE-2002-0487 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 4.6 MEDIUM | N/A |
| Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache. | |||||
| CVE-2002-0742 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in pioout on AIX 4.3.3. | |||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. | |||||
| CVE-2002-0550 | 1 Gcf | 1 Dynamic Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. | |||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | |||||
| CVE-2002-0770 | 1 Id Software | 1 Quake 2i Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | |||||
| CVE-2002-0608 | 1 Matu | 1 Matu Ftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. | |||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2008-09-05 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | |||||
| CVE-2002-0614 | 1 Php-survey | 1 Php-survey | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. | |||||
| CVE-2002-0780 | 1 Novell | 1 Bordermanager | 2008-09-05 | 5.0 MEDIUM | N/A |
| IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. | |||||
| CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | |||||