Search Results (Refine Search)
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2002-1751 |
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1752 |
csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1753 |
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1754 |
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2002-1755 |
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1756 |
ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1757 |
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms". Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1758 |
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1759 |
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1760 |
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1761 |
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1762 |
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1763 |
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2002-1764 |
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2002-1765 |
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1766 |
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2002-1767 |
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2002-1768 |
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1769 |
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1770 |
Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |