Medium
CVE-2002-1797
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hos…
Read moreUncategorized 2002
Page 4/16.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2002-12-31
Medium
CVE-2002-1799
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
Read moreHigh
CVE-2002-1781
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
Read moreHigh
CVE-2002-1779
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
Read moreMedium
CVE-2002-1762
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain s…
Read moreHigh
CVE-2002-1778
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
Read moreMedium
CVE-2002-1763
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
Read moreLow
CVE-2002-1764
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Read moreMedium
CVE-2002-1765
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.
Read moreMedium
CVE-2002-1766
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
Read moreHigh
CVE-2002-1767
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
Read moreMedium
CVE-2002-1768
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protoco…
Read moreHigh
CVE-2002-1769
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
Read moreMedium
CVE-2002-1770
Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing…
Read moreMedium
CVE-2002-1771
Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realnam…
Read moreMedium
CVE-2002-1772
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not…
Read moreHigh
CVE-2002-1773
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
Read moreHigh
CVE-2002-1774
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before…
Read moreHigh
CVE-2002-1775
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a n…
Read moreHigh
CVE-2002-1776
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is auto…
Read moreHigh
CVE-2002-1777
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded exte…
Read moreHigh
CVE-2002-1715
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to…
Read moreMedium
CVE-2002-1712
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139)…
Read moreMedium
CVE-2002-1802
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
Read moreHigh
CVE-2002-1654
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provid…
Read moreHigh
CVE-2002-1646
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for…
Read moreMedium
CVE-2002-1647
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords…
Read moreHigh
CVE-2002-1648
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject param…
Read moreMedium
CVE-2002-1649
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
Read moreHigh
CVE-2002-1650
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
Read moreHigh
CVE-2002-1652
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Read moreMedium
CVE-2002-1653
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote…
Read moreMedium
CVE-2002-1655
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
Read moreLow
CVE-2002-1711
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
Read moreHigh
CVE-2002-1656
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cook…
Read moreMedium
CVE-2002-1658
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setui…
Read moreCritical
CVE-2002-1659
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
Read moreMedium
CVE-2002-1661
The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix…
Read moreMedium
CVE-2002-1662
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field du…
Read moreMedium
CVE-2002-1664
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
Read moreHigh
CVE-2002-1665
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
Read moreMedium
CVE-2002-1636
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp…
Read moreMedium
CVE-2002-1635
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source…
Read moreMedium
CVE-2002-1634
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6…
Read moreMedium
CVE-2002-1633
Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv,…
Read moreHigh
CVE-2002-1973
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in mu…
Read moreCritical
CVE-2002-1572
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
Read moreCritical
CVE-2002-1573
Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."
Read moreHigh
CVE-2002-1617
Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customiz…
Read moreHigh
CVE-2002-1622
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
Read moreMedium
CVE-2002-1623
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may a…
Read moreMedium
CVE-2002-1624
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP…
Read moreMedium
CVE-2002-1625
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via t…
Read moreMedium
CVE-2002-1626
Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL.
Read moreMedium
CVE-2002-1627
Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter.
Read moreMedium
CVE-2002-1628
Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter.
Read moreCritical
CVE-2002-1629
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet…
Read moreHigh
CVE-2002-1630
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
Read moreHigh
CVE-2002-1631
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
Read moreMedium
CVE-2002-1632
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo…
Read moreMedium
CVE-2002-1666
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
Read moreLow
CVE-2002-1667
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of se…
Read moreLow
CVE-2002-1668
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation u…
Read moreMedium
CVE-2002-1688
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injec…
Read moreCritical
CVE-2002-1690
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
Read moreCritical
CVE-2002-1691
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
Read moreLow
CVE-2002-1692
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
Read moreMedium
CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is…
Read moreMedium
CVE-2002-1695
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security…
Read moreMedium
CVE-2002-1698
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
Read moreCritical
CVE-2002-1699
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field.
Read moreMedium
CVE-2002-1702
Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter.
Read moreMedium
CVE-2002-1703
Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter.
Read moreMedium
CVE-2002-1704
Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on…
Read moreMedium
CVE-2002-1705
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
Read moreMedium
CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir…
Read moreMedium
CVE-2002-1708
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
Read moreMedium
CVE-2002-1709
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
Read moreLow
CVE-2002-1710
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sens…
Read moreCritical
CVE-2002-1689
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possi…
Read moreLow
CVE-2002-1687
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
Read moreLow
CVE-2002-1669
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
Read moreCritical
CVE-2002-1686
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
Read moreMedium
CVE-2002-1670
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
Read moreMedium
CVE-2002-1671
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
Read moreLow
CVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials…
Read moreLow
CVE-2002-1673
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by…
Read moreLow
CVE-2002-1674
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
Read moreMedium
CVE-2002-1675
Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format s…
Read moreLow
CVE-2002-1676
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI…
Read moreMedium
CVE-2002-1677
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reve…
Read moreMedium
CVE-2002-1678
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
Read moreMedium
CVE-2002-1679
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
Read moreMedium
CVE-2002-1680
Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi…
Read moreMedium
CVE-2002-1681
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragrap…
Read moreMedium
CVE-2002-1683
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
Read moreMedium
CVE-2002-1684
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (do…
Read moreMedium
CVE-2002-1685
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into e…
Read moreMedium
CVE-2002-1801
ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.
Read moreHigh
CVE-2002-1788
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
Read moreMedium
CVE-2002-1803
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
Read moreHigh
CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
Read moreMedium
CVE-2002-1916
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filena…
Read moreMedium
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and a…
Read moreCritical
CVE-2002-1918
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details…
Read moreHigh
CVE-2002-1919
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
Read moreMedium
CVE-2002-1920
Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name.
Read moreHigh
CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
Read moreMedium
CVE-2002-1922
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url vari…
Read moreMedium
CVE-2002-1924
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
Read moreLow
CVE-2002-1890
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.
Read moreMedium
CVE-2002-1925
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Persona…
Read moreMedium
CVE-2002-1926
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
Read moreLow
CVE-2002-1927
Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.
Read moreMedium
CVE-2002-1928
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
Read moreMedium
CVE-2002-1929
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (…
Read moreHigh
CVE-2002-1930
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
Read moreMedium
CVE-2002-1931
Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.
Read moreMedium
CVE-2002-1913
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
Read moreMedium
CVE-2002-1911
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE…
Read more