Vulnerabilities (CVE)

Filter

120820 total CVE
CVE Vendors Products Updated CVSS
CVE-2002-0225 1 Cisco 1 Tacacs%2b 2008-09-05 4.6
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
CVE-2002-0185 1 Apache 1 Mod Python 2008-09-05 7.5
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
CVE-2002-0179 1 Xpilot 1 Xpilot 2008-09-05 7.5
Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code.
CVE-2002-0157 1 Eazel 1 Nautilus 2008-09-05 4.6
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
CVE-2002-0128 1 Sambar 1 Sambar Server 2008-09-05 7.5
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
CVE-2002-0117 1 Yabb 1 Yabb 2008-09-05 7.5
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
CVE-2002-0096 1 Geeklog 1 Geeklog 2008-09-05 7.2
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with...
CVE-2002-0095 1 Fraunhofer Fit 1 Bscw 2008-09-05 7.5
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
CVE-2002-0094 1 Fraunhofer Fit 1 Bscw 2008-09-05 7.5
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
CVE-2002-0091 1 Nswc 1 Cider Shadow 2008-09-05 7.5
Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.
CVE-2002-0080 2 Andrew Tridgell, Redhat 2 Rsync, Linux 2008-09-05 2.1
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-2002-0062 4 Redhat, Suse, Debian and 1 more 4 Debian Linux, Suse Linux, Freebsd and 1 more 2008-09-05 7.2
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
CVE-2002-0042 1 Sgi 1 Irix 2008-09-05 2.1
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.
CVE-2002-0041 1 Sgi 1 Irix 2008-09-05 5.0
Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump.
CVE-2002-0040 1 Sgi 1 Irix 2008-09-05 2.1
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.
CVE-2002-0039 1 Sgi 1 Irix 2008-09-05 5.0
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.
CVE-2002-0037 1 Ibm 1 Lotus Domino Server 2008-09-05 7.5
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.
CVE-2002-0032 1 Yahoo 1 Messenger 2008-09-05 7.5
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
CVE-2002-0031 1 Yahoo 1 Messenger 2008-09-05 4.6
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
CVE-2002-0017 1 Sgi 1 Irix 2008-09-05 7.5
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.