Latest CVE Feed
-
5.5
MEDIUMCVE-2002-1914
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.... Read more
Affected Products : dump- EPSS Score: %0.05
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.... Read more
Affected Products : mysql- EPSS Score: %0.71
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1706
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity ... Read more
- EPSS Score: %0.36
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1944
Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap.... Read more
Affected Products : surfboard- EPSS Score: %0.66
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2002-1672
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the cr... Read more
Affected Products : webmin- EPSS Score: %0.06
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1941
Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request with the Host header set.... Read more
Affected Products : web_server_4_everyone- EPSS Score: %0.71
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2002-1947
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.... Read more
Affected Products : webmin- EPSS Score: %0.35
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-1974
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.... Read more
Affected Products : zaurus- EPSS Score: %1.83
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1663
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.... Read more
Affected Products : monkey- EPSS Score: %7.47
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
1.2
LOWCVE-2002-2001
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.... Read more
- EPSS Score: %0.15
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1646
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.... Read more
Affected Products : secure_shell_for_servers- EPSS Score: %1.98
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-2010
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.... Read more
Affected Products : htdig- EPSS Score: %0.40
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1635
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /pe... Read more
Affected Products : application_server- EPSS Score: %0.95
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-2011
Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more
Affected Products : faq-o-matic- EPSS Score: %0.52
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2032
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.... Read more
Affected Products : php-nuke- EPSS Score: %0.03
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1783
CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) ... Read more
Affected Products : php- EPSS Score: %0.60
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1855
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-I... Read more
Affected Products : jrun- EPSS Score: %0.76
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2002-1782
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.... Read more
Affected Products : uw-imap- EPSS Score: %0.08
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2002-2163
KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.... Read more
Affected Products : kvpoll- EPSS Score: %0.24
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1905
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.... Read more
Affected Products : viavideo- EPSS Score: %4.35
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025