National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,737 matching records.
Displaying matches 129321 through 129340.
Vuln ID Summary CVSS Severity
CVE-2002-1639

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

Published: April 01, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1640

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

Published: April 01, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-0078

The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.

Published: March 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0039

rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.

Published: March 28, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0040

Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.

Published: March 28, 2002; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2002-0162

LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.

Published: March 27, 2002; 12:00:00 AM -05:00
    V2: 6.2 MEDIUM
CVE-2002-0163

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.

Published: March 26, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1222

Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0094

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0095

The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0096

The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0097

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0098

Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0099

Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0100

AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0101

Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0102

Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0103

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-0104

AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0105

CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.

Published: March 25, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH