Full List

Search

Recent Vulnerabilities

• CVE-2002-0942 • published on August 31, 2002 Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.
• CVE-2002-0948 • published on August 31, 2002 Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.
• CVE-2002-0956 • published on August 31, 2002 BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions.
• CVE-2002-0959 • published on August 31, 2002 Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
• CVE-2002-0960 • published on August 31, 2002 Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users.
• CVE-2002-0963 • published on August 31, 2002 SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
• CVE-2002-0992 • published on August 31, 2002 Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
• CVE-2002-0994 • published on August 31, 2002 SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
• CVE-2002-0997 • published on August 31, 2002 Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
• CVE-2002-0998 • published on August 31, 2002 Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
• CVE-2002-0999 • published on August 31, 2002 Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.
• CVE-2002-1009 • published on August 31, 2002 Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.
• CVE-2002-0917 • published on August 31, 2002 CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
• CVE-2002-0921 • published on August 31, 2002 CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.
• CVE-2002-0925 • published on August 31, 2002 Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
• CVE-2002-0930 • published on August 31, 2002 Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command.
• CVE-2002-0931 • published on August 31, 2002 Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
• CVE-2002-0934 • published on August 31, 2002 Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.
• CVE-2002-0940 • published on August 31, 2002 domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
• CVE-2002-0943 • published on August 31, 2002 MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.