Full List

Search

Recent Vulnerabilities

• CVE-2002-1128 • published on September 24, 2002 Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
• CVE-2002-1129 • published on September 24, 2002 Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
• CVE-2002-1127 • published on September 24, 2002 Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
• CVE-2002-1134 • published on September 24, 2002 Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
• CVE-2002-1131 • published on September 24, 2002 Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
• CVE-2002-1133 • published on September 24, 2002 Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
• CVE-2002-1125 • published on September 17, 2002 FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
• CVE-2002-1124 • published on September 17, 2002 Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables.
• CVE-2002-1121 • published on September 14, 2002 SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
• CVE-2002-1120 • published on September 12, 2002 Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
• CVE-2002-0664 • published on September 10, 2002 The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
• CVE-2002-0837 • published on September 10, 2002 wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.
• CVE-2002-0862 • published on September 10, 2002 The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
• CVE-2002-1094 • published on September 10, 2002 Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
• CVE-2002-1103 • published on September 10, 2002 Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.
• CVE-2002-1114 • published on September 10, 2002 config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
• CVE-2002-1115 • published on September 10, 2002 Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
• CVE-2002-1090 • published on September 10, 2002 Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
• CVE-2002-1101 • published on September 10, 2002 Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name.
• CVE-2002-1110 • published on September 10, 2002 Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.