Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2002-1709 |
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2002-1710 |
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.6 LOW |
CVE-2002-1711 |
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2002-1712 |
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1713 |
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2002-1714 |
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1715 |
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2002-1716 |
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1717 |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1718 |
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1719 |
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1720 |
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1721 |
Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2002-1722 |
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2002-1723 |
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1724 |
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2002-1725 |
phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1726 |
secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2002-1727 |
Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2002-1728 |
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path. Published: December 31, 2002; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |