|
357351
|
- |
|
open_webmail
|
open_webmail
|
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify v…
|
CWE-200
Information Exposure
|
CVE-2002-2410
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357352
|
- |
|
nullsoft
|
winamp
|
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
|
CWE-255
Credentials Management
|
CVE-2002-2412
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357353
|
- |
|
deerfield
|
website_pro
|
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
|
NVD-CWE-Other
|
CVE-2002-2413
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357354
|
- |
|
alliedtelesyn
|
at-8024
rapier_24
|
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a runni…
|
CWE-20
Improper Input Validation
|
CVE-2002-2415
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357355
|
- |
|
zeroo
|
http_server
|
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
|
CWE-22
Path Traversal
|
CVE-2002-2416
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357356
|
- |
|
acftp
|
acftp
|
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and po…
|
CWE-287
Improper Authentication
|
CVE-2002-2417
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357357
|
- |
|
acfp_project
|
acfreeproxy
|
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
|
CWE-79
Cross-site Scripting
|
CVE-2002-2418
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357358
|
- |
|
dctc_project
|
dctc
|
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.
|
CWE-189
Numeric Errors
|
CVE-2002-2419
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357359
|
- |
|
independent_solution
|
simple_site_searcher
super_site_searcher
|
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
|
CWE-20
Improper Input Validation
|
CVE-2002-2420
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357360
|
- |
|
andrey_cherezov
|
acweb
|
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
|
CWE-20
Improper Input Validation
|
CVE-2002-2421
|
2008-09-6 05:33 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
