CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16201 CVE-2003-0287 XSS 2003-06-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
16202 CVE-2003-0283 XSS 2003-06-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
16203 CVE-2003-0278 XSS 2003-06-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.
16204 CVE-2003-0273 XSS 2003-05-27 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
16205 CVE-2003-0265 +Priv 2003-05-27 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
16206 CVE-2003-0223 XSS 2003-06-09 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
16207 CVE-2003-0217 XSS Bypass 2003-06-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.
16208 CVE-2003-0198 2003-05-05 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
16209 CVE-2003-0192 2003-08-18 2018-05-02
6.4
None Remote Low Not required None Partial Partial
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
16210 CVE-2003-0154 XSS 2003-04-02 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
16211 CVE-2003-0076 2003-02-19 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
16212 CVE-2003-0070 Exec Code 2003-03-03 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
16213 CVE-2003-0044 XSS 2003-02-07 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
16214 CVE-2003-0036 2003-02-07 2018-10-19
6.2
Admin Local High Not required Complete Complete Complete
ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".
16215 CVE-2003-0009 XSS 2003-03-07 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
16216 CVE-2003-0002 XSS 2003-02-07 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
16217 CVE-2002-2423 20 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
16218 CVE-2002-2415 20 DoS 2002-12-31 2008-09-05
6.8
None Remote Low Single system None None Complete
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
16219 CVE-2002-2407 264 +Priv 2002-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
16220 CVE-2002-2399 22 Dir. Trav. 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
16221 CVE-2002-2392 Exec Code 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
16222 CVE-2002-2380 200 +Info 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
16223 CVE-2002-2366 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
16224 CVE-2002-2356 264 +Info 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
16225 CVE-2002-2353 264 2002-12-31 2009-11-24
6.4
None Remote Low Not required Partial Partial None
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
16226 CVE-2002-2351 22 Exec Code Dir. Trav. Bypass 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
16227 CVE-2002-2311 264 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
16228 CVE-2002-2302 264 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
16229 CVE-2002-2299 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
16230 CVE-2002-2298 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
16231 CVE-2002-2297 94 Exec Code File Inclusion 2002-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
16232 CVE-2002-2284 Exec Code Bypass 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
16233 CVE-2002-2282 2002-12-31 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
16234 CVE-2002-2265 264 +Priv 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
16235 CVE-2002-2263 16 2002-12-31 2017-07-28
6.6
None Local Low Not required Complete Complete None
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
16236 CVE-2002-2242 264 2002-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
The Apple Package Manager in KisMAC 0.02a and earlier modifies file permissions of sensitive files after installation, which could allow attackers to conduct unauthorized activities on those files.
16237 CVE-2002-2228 20 Bypass 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
16238 CVE-2002-2221 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
16239 CVE-2002-2220 Overflow +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
16240 CVE-2002-2210 +Priv 2002-12-31 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
16241 CVE-2002-2182 Exec Code Overflow 2002-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet.
16242 CVE-2002-2180 +Priv 2002-12-31 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
16243 CVE-2002-2139 2002-12-31 2018-10-30
6.4
None Remote Low Not required Partial Partial None
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
16244 CVE-2002-2125 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
16245 CVE-2002-2045 Exec Code 2002-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
16246 CVE-2002-1947 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
16247 CVE-2002-1883 DoS 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
16248 CVE-2002-1834 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
16249 CVE-2002-1825 Exec Code 2002-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
16250 CVE-2002-1819 Dir. Trav. 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.