Latest CVE Feed
-
4.3
MEDIUMCVE-2002-2086
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an ... Read more
Affected Products : squirrelmail- EPSS Score: %0.68
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2078
Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command.... Read more
- EPSS Score: %2.28
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2077
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.... Read more
Affected Products : windows_2000- EPSS Score: %20.51
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2002-2039
/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.... Read more
Affected Products : rtos- EPSS Score: %0.17
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-2004
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.... Read more
Affected Products : tru64- EPSS Score: %0.66
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-2002
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.... Read more
Affected Products : tru64- EPSS Score: %1.50
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1999
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.... Read more
Affected Products : praesidium_webproxy- EPSS Score: %0.46
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1992
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.... Read more
- EPSS Score: %5.67
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1979
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates ... Read more
- EPSS Score: %0.22
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1966
Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.... Read more
Affected Products : my_postcards_platinum- EPSS Score: %3.45
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1952
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.... Read more
Affected Products : phprank- EPSS Score: %1.40
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1936
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a ... Read more
Affected Products : bas_1000- EPSS Score: %1.40
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-1929
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.... Read more
Affected Products : pafiledb- EPSS Score: %0.76
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1891
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.... Read more
Affected Products : ircit- EPSS Score: %25.70
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1889
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.... Read more
Affected Products : logsurfer- EPSS Score: %1.96
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-1852
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.... Read more
Affected Products : monkey- EPSS Score: %3.02
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1880
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php.... Read more
Affected Products : lokwabb- EPSS Score: %0.41
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1877
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.... Read more
Affected Products : fm114p- EPSS Score: %0.13
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2002-1876
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.... Read more
Affected Products : exchange_server- EPSS Score: %0.82
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1866
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist.... Read more
Affected Products : sws_simple_web_server- EPSS Score: %0.72
- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025