Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0552 1 Melange 1 Melange Chat System 2008-09-05 7.5 HIGH N/A
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.
CVE-2002-0553 1 Turnkey Solutions 1 Sunshop Shopping Cart 2008-09-05 7.5 HIGH N/A
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
CVE-2002-0554 1 Ibm 1 Informix Web Datablade 2008-09-05 7.5 HIGH N/A
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
CVE-2002-0555 1 Ibm 1 Informix Web Datablade 2008-09-05 7.5 HIGH N/A
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
CVE-2002-0556 1 Deep Forest Software 1 Quik-serv Webserver 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2002-0557 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
CVE-2002-0558 1 Typsoft 1 Typsoft Ftp Server 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
CVE-2002-0571 1 Oracle 1 Oracle9i 2008-09-05 7.5 HIGH N/A
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0574 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.
CVE-2002-0576 1 Allaire 1 Coldfusion Server 2008-09-05 5.0 MEDIUM N/A
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVE-2002-0578 1 Aci 1 4d Webserver 2008-09-05 7.5 HIGH N/A
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
CVE-2002-0579 1 Workforceroi 1 Xpede 2008-09-05 7.5 HIGH N/A
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVE-2002-0580 1 Workforceroi 1 Xpede 2008-09-05 7.5 HIGH N/A
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
CVE-2002-0581 1 Workforceroi 1 Xpede 2008-09-05 7.5 HIGH N/A
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
CVE-2002-0582 1 Workforceroi 1 Xpede 2008-09-05 5.0 MEDIUM N/A
WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory.
CVE-2002-0583 1 Workforceroi 1 Xpede 2008-09-05 5.0 MEDIUM N/A
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
CVE-2002-0584 1 Workforceroi 1 Xpede 2008-09-05 5.0 MEDIUM N/A
WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet.
CVE-2002-0586 1 Aol 1 Aol Server 2008-09-05 7.5 HIGH N/A
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.
CVE-2002-0587 1 Aol 1 Aol Server 2008-09-05 7.5 HIGH N/A
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.
CVE-2002-0588 1 Steve Korbett 1 Pvote 2008-09-05 5.0 MEDIUM N/A
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.