CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
5699 | CVE-2002-1315 | Candidate | Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). | Modified (20071014) | ACCEPT(1) Baker | NOOP(3) Cole, Cox, Wall | REVIEWING(1) Green | View | |
5700 | CVE-2002-1316 | Candidate | importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). | Modified (20071014) | ACCEPT(1) Baker | NOOP(4) Christey, Cole, Cox, Wall | REVIEWING(1) Green | Christey> fix typo: "paramatar" | View |
5726 | CVE-2002-1342 | Candidate | Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands. | Modified (20071014) | ACCEPT(2) Cole, Green | NOOP(1) Cox | View | |
5729 | CVE-2002-1345 | Candidate | Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. | Modified (20071014) | ACCEPT(3) Baker, Cole, Wall | MODIFY(1) Frech | NOOP(1) Cox | Frech> XF:ftp-client-filename-traversal(10821) | View |
6925 | CVE-2003-0096 | Candidate | Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | Modified (20071016) | ACCEPT(4) Baker, Cole, Frech, Wall | NOOP(2) Christey, Cox | Christey> Modify the description to omit 8.0.6, as the Oracle advisory | does not list it. (However, NGSSoftware does, perhaps as the | result of a typo or cut-and-paste error in their advisory). | | CIAC:N-046 | URL:http://www.ciac.org/ciac/bulletins/n-046.shtml | BID:6850 | URL:http://www.securityfocus.com/bid/6850 | BID:6847 | URL:http://www.securityfocus.com/bid/6847 | BID:6848 | URL:http://www.securityfocus.com/bid/6848 | MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt | MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt | MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt | View |
Page 20471 of 20943, showing 5 records out of 104715 total, starting on record 102351, ending on 102355